Solved System Check virus

trisail86 · Apr 1, 2012

OTL Part 1:

OTL logfile created on: 4/1/2012 10:12:33 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Doug\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 596.12 Mb Available Physical Memory | 58.32% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.36% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 14.89 Gb Free Space | 10.32% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 10:05:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/06/16 18:53:22 | 002,510,848 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/12/17 13:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/11/08 12:26:58 | 001,393,304 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\Secure Access Client\nsload.exe
PRC - [2009/11/08 12:24:50 | 000,143,360 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
PRC - [2005/09/30 17:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/27 13:08:35 | 000,169,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\2060c6851428e508f673a0dfd819e5fb\Inkjet.Automation.ni.dll
MOD - [2012/03/27 13:08:22 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\ad3980c979042cbcf8963a0e82fad500\Inkjet.DeviceSettings.ni.dll
MOD - [2012/03/27 13:07:54 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/03/27 13:07:37 | 000,237,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\56696b3880309021b174d271ea96ff95\Inkjet.Localization.ni.dll
MOD - [2012/03/27 13:07:37 | 000,105,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\313de9c18ccddcf244989ca8f29b1f97\Inkjet.Diagnostics.ni.dll
MOD - [2012/03/27 13:07:33 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\df0efdea1a90f47a74bdef0e44b03ca1\Inkjet.Utilities.ni.dll
MOD - [2012/03/27 13:07:29 | 000,824,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\8c7d08dd02d37cb7fab7a4d0c047d17b\Inkjet.Hardware.ni.dll
MOD - [2012/03/27 13:07:27 | 000,080,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\0664ade269ba04a1c292766bf6bdbfda\Inkjet.Configuration.ni.dll
MOD - [2012/03/27 13:07:26 | 000,180,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\1e8aad9950f2993546a3be08455d86f0\Inkjet.Statistics.ni.dll
MOD - [2012/03/27 13:07:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/03/27 13:05:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/03/27 13:05:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/03/27 13:04:28 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/03/27 13:01:08 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/03/27 13:00:55 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 17:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/04/14 14:12:12 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WlanDll.dll
MOD - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
MOD - [2005/08/05 13:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 12:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax

========== Win32 Services (SafeList) ==========

SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/08 12:24:50 | 000,143,360 | ---- | M] (Citrix Systems, Inc) [Auto | Running] -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/28 19:23:07 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/07 12:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/09/30 17:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Doug\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2009/11/08 12:26:56 | 000,073,880 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2008/05/14 21:25:22 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/04/13 11:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/02/25 09:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 13:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/06 12:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/08/04 03:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 21:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/04 23:06:50 | 000,135,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavxx.sys -- (ATIAVPCI)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/08 10:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/09/24 09:08:20 | 000,030,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
IE - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\SearchScopes\{F5153370-4DB0-4980-A62B-F6535FF2E5E7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Doug\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Doug\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/02/01 11:49:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/02/01 11:49:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Doug\Application Data\Move Networks [2009/09/18 23:30:41 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/03/29 17:28:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk = C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Megan\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\Stephanie\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..Trusted Domains: atk.com ([myvpn] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/15.13/uploader2.cab (UploadListView Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158951511156 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} http://www.evite.com/html/imageUpload/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} http://web.vcstar.com/traffic/cameras/NVSViewer.CAB (NvsViewer Class)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://wegmansphoto.lifepics.com/net/Uploader/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} http://web.vcstar.com/traffic/cameras/NVSProtocol.CAB (PG Class)
O16 - DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} https://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab (CCAOControl Object)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E49CEC-4431-4899-977D-C14EA566FC69}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Doug/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Doug\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Doug\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/25 10:41:34 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DVSD - pdvcodec.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 10:05:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe
[2012/03/29 22:39:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/26 22:43:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/26 22:38:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/26 22:38:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/26 22:38:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/26 22:38:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/26 22:38:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/26 22:38:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/26 22:27:30 | 004,446,680 | R--- | C] (Swearware) -- C:\Documents and Settings\Doug\Desktop\ComboFix.exe
[2012/03/26 21:20:01 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Doug\Desktop\TDSSKiller.exe
[2012/03/26 06:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug\Desktop\bootkit_remover
[2012/03/25 20:07:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Doug\Desktop\aswMBR.exe
[2012/03/25 20:03:18 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Doug\Desktop\unhide.exe
[2012/03/25 15:25:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Doug\Desktop\dds.scr
[2012/03/25 15:06:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Doug\Recent
[2012/03/25 14:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug\Application Data\Malwarebytes
[2012/03/25 14:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/25 14:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/25 14:28:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/25 14:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/25 14:25:02 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doug\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/03 20:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug\Application Data\ElevatedDiagnostics
[2012/01/14 18:44:42 | 010,809,376 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2 C:\Documents and Settings\Doug\Desktop\*.tmp files -> C:\Documents and Settings\Doug\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Doug\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Doug\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/01 10:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/01 10:05:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe
[2012/03/31 20:41:44 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/30 22:15:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 10:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/30 10:26:42 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/03/29 17:28:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/29 17:28:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/29 17:26:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/29 17:20:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/29 17:20:52 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/29 09:07:19 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/03/27 18:37:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/27 12:59:51 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/27 12:57:56 | 000,446,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/27 12:57:56 | 000,073,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/27 12:48:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/27 12:38:09 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/27 12:35:47 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/26 22:43:53 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/03/26 22:27:30 | 004,446,680 | R--- | M] (Swearware) -- C:\Documents and Settings\Doug\Desktop\ComboFix.exe
[2012/03/26 21:19:09 | 002,048,299 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\tdsskiller.zip
[2012/03/26 20:07:27 | 000,304,845 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\ListParts.exe
[2012/03/26 13:41:00 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Doug\Desktop\TDSSKiller.exe
[2012/03/25 20:08:21 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\bootkit_remover.zip
[2012/03/25 20:07:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Doug\Desktop\aswMBR.exe
[2012/03/25 20:03:23 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Doug\Desktop\unhide.exe
[2012/03/25 15:26:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Doug\Desktop\dds.scr
[2012/03/25 14:38:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\j7zmgweu.exe
[2012/03/25 14:28:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/25 14:22:00 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doug\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/25 08:23:13 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/12 11:11:41 | 001,773,868 | ---- | M] () -- C:\Documents and Settings\Doug\My Documents\Mystery Bags.jpg
[2012/03/06 01:10:24 | 001,204,224 | ---- | M] () -- C:\Documents and Settings\Doug\My Documents\Poster.pub
[2012/03/06 00:53:24 | 001,741,314 | ---- | M] () -- C:\Documents and Settings\Doug\My Documents\Poster.jpg
[2 C:\Documents and Settings\Doug\Desktop\*.tmp files -> C:\Documents and Settings\Doug\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Doug\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Doug\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/27 12:40:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/26 23:46:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/26 23:46:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/03/26 22:43:53 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/03/26 22:43:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/26 22:38:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/26 22:38:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/26 22:38:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/26 22:38:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/26 22:38:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/26 21:19:00 | 002,048,299 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\tdsskiller.zip
[2012/03/26 20:07:27 | 000,304,845 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\ListParts.exe
[2012/03/25 20:28:11 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/25 20:28:11 | 000,001,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2012/03/25 20:28:11 | 000,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2012/03/25 20:28:11 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/03/25 20:28:11 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Memorex exPressit.lnk
[2012/03/25 20:28:11 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/03/25 20:28:10 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk
[2012/03/25 20:28:10 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012/03/25 20:28:10 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/03/25 20:28:09 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/03/25 20:28:09 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/03/25 20:28:09 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/25 20:28:09 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/03/25 20:28:09 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/25 20:28:09 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/25 20:28:09 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/25 20:28:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/25 20:28:08 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\34th Annual Toronto Film Festival(136).url
[2012/03/25 20:28:07 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2012/03/25 20:28:07 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk
[2012/03/25 20:28:07 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/03/25 20:28:07 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/25 20:28:06 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2012/03/25 20:28:05 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
[2012/03/25 20:28:04 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk
[2012/03/25 20:28:04 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Polar Precision Performance SW.lnk
[2012/03/25 20:28:01 | 000,002,427 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2012/03/25 20:28:01 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk
[2012/03/25 20:28:01 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/03/25 20:28:01 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/25 20:27:59 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2012/03/25 20:27:57 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/03/25 20:27:48 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012/03/25 20:27:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/25 20:27:47 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2012/03/25 20:08:26 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\bootkit_remover.zip
[2012/03/25 15:14:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\j7zmgweu.exe
[2012/03/25 14:28:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/25 08:35:55 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/12 10:42:10 | 001,773,868 | ---- | C] () -- C:\Documents and Settings\Doug\My Documents\Mystery Bags.jpg
[2012/03/06 00:03:34 | 001,741,314 | ---- | C] () -- C:\Documents and Settings\Doug\My Documents\Poster.jpg
[2012/03/06 00:03:09 | 001,204,224 | ---- | C] () -- C:\Documents and Settings\Doug\My Documents\Poster.pub
[2011/04/30 22:04:58 | 000,011,678 | -HS- | C] () -- C:\Documents and Settings\Doug\Local Settings\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/04/30 22:04:58 | 000,011,678 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2010/05/11 19:03:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

trisail86 · Apr 1, 2012

OTL Part 2:

========== LOP Check ==========

[2010/03/09 22:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2007/01/11 10:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/03/07 10:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/12/22 07:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/07/31 17:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/09/22 20:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/10/31 22:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2005/11/28 12:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 15:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/05/21 12:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/04 15:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/01 09:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/01 22:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernadette\Application Data\ElevatedDiagnostics
[2006/12/15 20:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernadette\Application Data\Panasonic
[2011/09/07 18:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp
[2011/09/12 18:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Amazon
[2010/03/09 22:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Citrix
[2006/09/22 11:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Downloaded Installations
[2012/03/03 20:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\ElevatedDiagnostics
[2011/07/30 11:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\GARMIN
[2010/04/17 20:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\ICAClient
[2006/03/07 08:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\InterTrust
[2006/02/03 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Leadertech
[2006/03/02 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Panasonic
[2006/02/27 10:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Snapfish
[2012/02/28 14:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Temp
[2007/02/11 07:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Viewpoint
[2006/09/22 11:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Kinko's
[2011/05/18 23:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2008/01/01 11:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Megan\Application Data\Panasonic
[2007/06/22 08:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Panasonic
[2012/03/29 17:26:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/01/25 10:41:34 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/02 21:37:13 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/03/26 22:43:53 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/03/29 17:34:41 | 000,013,170 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/11/28 11:43:30 | 000,006,649 | R--- | M] () -- C:\dell.sdr
[2011/09/11 21:10:24 | 000,003,184 | ---- | M] () -- C:\dlcc.log
[2011/09/11 21:10:29 | 000,130,967 | ---- | M] () -- C:\dlccscan.log
[2006/02/28 09:00:39 | 000,000,000 | ---- | M] () -- C:\fdsa.exe
[2012/03/29 17:20:52 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2005/12/04 18:06:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2005/11/28 12:10:35 | 000,000,841 | ---- | M] () -- C:\IPH.PH
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/18 23:53:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/10/18 19:24:57 | 000,417,633 | ---- | M] () -- C:\output.mp3
[2012/03/29 17:20:50 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2005/11/28 12:10:43 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2012/03/26 21:36:40 | 000,100,656 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_21.22.04_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 03:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2011/06/16 18:53:22 | 000,196,608 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/06/06 21:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp692.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/09/11 19:56:14 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/19 00:02:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/28 13:58:07 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\34th Annual Toronto Film Festival(136).url
[2005/12/04 14:29:06 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 03:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/03/25 20:07:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Doug\Desktop\aswMBR.exe
[2011/06/08 17:50:53 | 000,538,363 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\BlackBaudFont.exe
[2012/03/26 22:27:30 | 004,446,680 | R--- | M] (Swearware) -- C:\Documents and Settings\Doug\Desktop\ComboFix.exe
[2012/03/25 14:38:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\j7zmgweu.exe
[2012/03/26 20:07:27 | 000,304,845 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\ListParts.exe
[2012/03/25 14:22:00 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doug\Desktop\mbam-setup-1.60.1.1000.exe
[2012/04/01 10:05:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe
[2012/03/26 13:41:00 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Doug\Desktop\TDSSKiller.exe
[2012/03/25 20:03:23 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Doug\Desktop\unhide.exe
[2 C:\Documents and Settings\Doug\Desktop\*.tmp files -> C:\Documents and Settings\Doug\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >
[2012/01/28 08:32:01 | 010,809,376 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/30 10:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2004/08/10 04:00:00 | 000,000,065 | R--- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/03/30 22:15:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/01 10:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/29 17:26:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/29 17:21:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/12/04 14:29:05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Doug\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/05/05 14:01:56 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Doug\Cookies\desktop.ini
[2012/04/01 10:11:38 | 001,212,416 | ---- | M] () -- C:\Documents and Settings\Doug\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 04:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

trisail86 · Apr 1, 2012

OTL Extras logfile created on: 4/1/2012 10:12:33 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Doug\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 596.12 Mb Available Physical Memory | 58.32% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.36% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 14.89 Gb Free Space | 10.32% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"" =
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"" =
"9090:TCP" = 9090:TCP:*:Enabled:TINYPROXY
"53:TCP" = 53:TCP:*:Enabled:TINYPROXY
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"H:\setup\HPZnui01.exe" = H:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Citrix\Secure Access Client\nsload.exe" = C:\Program Files\Citrix\Secure Access Client\nsload.exe:*:Enabled:Citrix AGEE Client -- (Citrix Systems, Inc)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43C0C354-A185-4D2D-A057-67C9160460E1}" = PS_AIO_04_C4580_Software_Min
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = Quick Movie Magic 1.0E
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7641710F-A4AD-4EAE-889C-4958BE3F169C}" = C4580
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C7D6EC8-F8CC-4B13-AF27-0A9D51EE4E40}" = MSN Toolbar
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F30EEFF-F967-47CF-9643-ADF172AFED71}" = Avery Wizard 3.1
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6A195F5-BCAB-4F38-8459-DF693303CD8D}" = PS_AIO_04_C4580_ProductContext
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B116E95E-01B1-420A-AECB-B2B330B9BD97}" = Polar Precision Performance SW
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}" = HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A0E975-EBED-4A9C-B884-1286909EF619}" = Citrix Access Gateway Plug-in
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CDF64407-E968-4AC8-8323-A1DDBE5A8D72}" = Quicken Home Inventory Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D23E2520-0EAA-4AC3-A47E-A551C70D4FED}" = C4580_Help
"{D4278897-1541-493E-9D39-59CC6AB0FC09}" = PS_AIO_04_C4580_Software
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Aqualink RS System Simulator Rev MM" = Aqualink RS System Simulator Rev MM
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"Avery Wizard 2.1 MSW11" = Avery® Wizard 2.1 for Microsoft® Office Word 2003
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DPP" = Canon Utilities Digital Photo Professional 2.1
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver
"InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"InstallShield_{7F30EEFF-F967-47CF-9643-ADF172AFED71}" = Avery Wizard 3.1
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"LastPass" = LastPass (uninstall only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MVApplication1" = Memorex exPressit Label Design Studio
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 2.1
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ST6UNST #1" = NavFit98A
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2880772187-2278431250-1309071380-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2012 1:47:48 PM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1786156

Error - 4/1/2012 12:00:02 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/1/2012 12:00:02 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/1/2012 2:34:06 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/1/2012 2:34:06 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6795031

Error - 4/1/2012 2:34:06 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6795031

Error - 4/1/2012 9:58:37 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 4.1.168.192.in-addr.arpa.
PTR Office-2.local.

Error - 4/1/2012 9:58:37 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 14 4.1.168.192.in-addr.arpa.
PTR Office.local.

Error - 4/1/2012 11:46:41 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 4.1.168.192.in-addr.arpa.
PTR Office-2.local.

Error - 4/1/2012 11:46:41 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 14 4.1.168.192.in-addr.arpa.
PTR Office.local.

[ System Events ]
Error - 3/27/2012 10:00:51 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/27/2012 4:02:07 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/27/2012 7:21:21 PM | Computer Name = OFFICE | Source = PSched | ID = 14103
Description = QoS [Adapter {23E49CEC-4431-4899-977D-C14EA566FC69}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/28/2012 1:04:25 PM | Computer Name = OFFICE | Source = PSched | ID = 14103
Description = QoS [Adapter {23E49CEC-4431-4899-977D-C14EA566FC69}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/28/2012 3:16:13 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/29/2012 5:50:32 AM | Computer Name = OFFICE | Source = PSched | ID = 14103
Description = QoS [Adapter {23E49CEC-4431-4899-977D-C14EA566FC69}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/29/2012 8:22:47 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/29/2012 9:38:46 PM | Computer Name = OFFICE | Source = PSched | ID = 14103
Description = QoS [Adapter {23E49CEC-4431-4899-977D-C14EA566FC69}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/30/2012 10:52:31 PM | Computer Name = OFFICE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MEGSPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{23E49CEC-4431-4899-97.
The
master browser is stopping or an election is being forced.

Error - 3/31/2012 11:43:18 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

< End of report >

Broni · Apr 1, 2012

I can't proceed.
You didn't say:

How is computer doing?

trisail86 · Apr 1, 2012

Dooh!
Sorry. Computer appears to be working efficiently and reliably. No signs of the virus. One observation: There is still a shortcut "System Check" in the desktop toolbar at bottom of screen. The shortcut is just to the right of the Start menu. Should I simply right click and delete this?

Thanks!
trisail86

Broni · Apr 1, 2012

We'll take care of it with OTL fix.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O15 - HKU\S-1-5-21-2880772187-2278431250-1309071380-1006\..Trusted Domains: atk.com ([myvpn] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_se...zTCPConfig.CAB (Reg Error: Key error.)
[2012/03/25 08:23:13 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/04/30 22:04:58 | 000,011,678 | -HS- | C] () -- C:\Documents and Settings\Doug\Local Settings\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/04/30 22:04:58 | 000,011,678 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2005/11/28 12:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/11 07:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=====================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

trisail86 · Apr 2, 2012

OTL run complete. Report pasted below. Am proceeding with the next steps and will report in subsequent reply.

User: Doug
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Megan
->Flash cache emptied: 0 bytes

User: NetworkService

User: Stephanie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04012012_205337

Files\Folders moved on Reboot...
C:\Documents and Settings\Doug\Local Settings\Temp\~DF3A25.tmp moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temp\~DF8681.tmp moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\WSZ105XH\like[4].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\WSZ105XH\site=si&si_pos=300x250_rgt&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\iframe[2].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\site=si&si_pos=310x70_spon1&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\site=si&si_pos=310x70_spon3&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\site=si&si_pos=310x70_spon4&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\site=si&si_pos=310x70_spon5&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\sportsillustrated_cnn_com[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TD9LJW3Q\follow_button.1333103182[2].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\LKGHVL0C\dpsync[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\LKGHVL0C\dpsync[2].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\LKGHVL0C\dpsync[3].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\LKGHVL0C\up[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\D2XJNWLQ\site=si&si_pos=238x90_spon&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\D2XJNWLQ\site=si&si_pos=310x70_spon2&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\D2XJNWLQ\site=si&si_pos=728x90_top&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\D2XJNWLQ\topic179134-2[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\ads[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\PugTracker[2].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\site=si&si_pos=310x70_spon6&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\site=si&si_pos=970x66_spon&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\Type=click&FlightID=446757&AdID=619830&TargetID=112908&Redirect=;ord=cgmqKed,bhxsimloKtbqj[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\WINDOWS\temp\HPSLPS001.log moved successfully.

Registry entries deleted on Reboot...

trisail86 · Apr 2, 2012

Broni-
My apologies, I did not capture the full OTL report in my previous post, here is re-attempt. I am still proceeding with the follow-on steps and will report completion.

All processes killed
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2880772187-2278431250-1309071380-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2880772187-2278431250-1309071380-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2880772187-2278431250-1309071380-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2880772187-2278431250-1309071380-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\atk.com\myvpn\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
C:\Documents and Settings\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Documents and Settings\Doug\Local Settings\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu moved successfully.
C:\Documents and Settings\All Users\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Doug\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Doug\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Doug\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Doug\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Doug\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\Doug\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\Doug\Application Data\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bernadette
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4095276 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 18303 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 63340 bytes

User: Doug
->Temp folder emptied: 830334 bytes
->Temporary Internet Files folder emptied: 378820986 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 1133568 bytes
->Flash cache emptied: 2765478 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1389778 bytes
->Flash cache emptied: 405 bytes

User: Megan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4167154 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 44475 bytes

User: NetworkService
->Temp folder emptied: 8654 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Stephanie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 904383 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 20165 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 654348 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 6247 bytes

Total Files Cleaned = 377.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Bernadette
->Java cache emptied: 0 bytes

User: Default User

User: Doug
->Java cache emptied: 0 bytes

User: LocalService

User: Megan
->Java cache emptied: 0 bytes

User: NetworkService

User: Stephanie
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Bernadette
->Flash cache emptied: 0 bytes

User: Default User

User: Doug
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Megan
->Flash cache emptied: 0 bytes

User: NetworkService

User: Stephanie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04012012_205337

Files\Folders moved on Reboot...
C:\Documents and Settings\Doug\Local Settings\Temp\~DF3A25.tmp moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temp\~DF8681.tmp moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\WSZ105XH\like[4].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\WSZ105XH\site=si&si_pos=300x250_rgt&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\iframe[2].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\site=si&si_pos=310x70_spon1&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\site=si&si_pos=310x70_spon3&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\site=si&si_pos=310x70_spon4&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\site=si&si_pos=310x70_spon5&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TH2ILE7H\sportsillustrated_cnn_com[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\TD9LJW3Q\follow_button.1333103182[2].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\LKGHVL0C\dpsync[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\LKGHVL0C\dpsync[2].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\LKGHVL0C\dpsync[3].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\LKGHVL0C\up[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\D2XJNWLQ\site=si&si_pos=238x90_spon&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\D2XJNWLQ\site=si&si_pos=310x70_spon2&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\D2XJNWLQ\site=si&si_pos=728x90_top&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\D2XJNWLQ\topic179134-2[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\ads[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\PugTracker[2].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\site=si&si_pos=310x70_spon6&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\site=si&si_pos=970x66_spon&si_rollup=homepage&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\93Q7SYFS\Type=click&FlightID=446757&AdID=619830&TargetID=112908&Redirect=;ord=cgmqKed,bhxsimloKtbqj[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\WINDOWS\temp\HPSLPS001.log moved successfully.

Registry entries deleted on Reboot...

trisail86 · Apr 2, 2012

Security Check Log:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

trisail86 · Apr 2, 2012

FSS Log:

Farbar Service Scanner Version: 01-03-2012
Ran by Doug (administrator) on 01-04-2012 at 21:44:25
Running from "C:\Documents and Settings\Doug\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) irda(9) Net6IM(10) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000B0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000

**** End of log ****

trisail86 · Apr 2, 2012

Broni-
TFC and ESET steps complete. TFC did ask for a restart of the computer which was done. ESET report pasted below.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\_CzJzkQK78iE2Hm_.exe.zip Win32/Adware.HDDRescue.AB application deleted - quarantined

Broni · Apr 2, 2012

Windows Firewall Disabled!

Any particular reason for it?

trisail86 · Apr 2, 2012

Broni-
This is an oversight. I was under the impression that the MSE program provided the firewall and antivirus protections necessary to keep the computer safe.
Trisail86

Broni · Apr 2, 2012

Turn Windows firewall on.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

trisail86 · Apr 4, 2012

Step 1 OTL Log (other steps still in work):

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bernadette
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Doug
->Temp folder emptied: 368590 bytes
->Temporary Internet Files folder emptied: 40253565 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3115 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Megan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 8246 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Stephanie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97302 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Bernadette
->Flash cache emptied: 0 bytes

User: Default User

User: Doug
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Megan
->Flash cache emptied: 0 bytes

User: NetworkService

User: Stephanie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Bernadette
->Java cache emptied: 0 bytes

User: Default User

User: Doug
->Java cache emptied: 0 bytes

User: LocalService

User: Megan
->Java cache emptied: 0 bytes

User: NetworkService

User: Stephanie
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 04032012_211525

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Doug\Local Settings\Temp\0A793700 not found!
File\Folder C:\Documents and Settings\Doug\Local Settings\Temp\D5C3F700 not found!
File\Folder C:\Documents and Settings\Doug\Local Settings\Temp\~DF2A.tmp not found!
C:\Documents and Settings\Doug\Local Settings\Temp\~DF9FEB.tmp moved successfully.
File\Folder C:\Documents and Settings\Doug\Local Settings\Temp\~DFBB0A.tmp not found!
File\Folder C:\Documents and Settings\Doug\Local Settings\Temp\~DFBF77.tmp not found!
File\Folder C:\Documents and Settings\Doug\Local Settings\Temp\~DFF26D.tmp not found!
File\Folder C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!
File\Folder C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.MSO\53C5A987.emf not found!
File\Folder C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.MSO\90C465DC.emf not found!
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\VM3O47I4\dpsync[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\VM3O47I4\dpsync[2].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\NW854OJ3\PugTracker[1].htm moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\FI6TENGY\up[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\0GSOGVKP\dpsync[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\0GSOGVKP\topic179134-2[1].html moved successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

trisail86 · Apr 9, 2012

Broni-
I've completed the other listed steps. The computer is working great with no indications of the system check virus. I've learned a lot along the way and greatly appreciate the help.

There were about 10 items needing updates found with the PSI SW, am up from 89% to 100%. Filehippo has identified some other programs which I'm in process of updating.

A huge thank your for the help.
Trisail

Broni · Apr 9, 2012

Yes!!

Good luck and stay safe

Solved System Check virus

trisail86

Posts: 29 +0

trisail86

Posts: 29 +0

trisail86

Posts: 29 +0

Broni

Posts: 56,041 +516

trisail86

Posts: 29 +0

Broni

Posts: 56,041 +516

trisail86

Posts: 29 +0

trisail86

Posts: 29 +0

trisail86

Posts: 29 +0

trisail86

Posts: 29 +0

trisail86

Posts: 29 +0

Broni

Posts: 56,041 +516

trisail86

Posts: 29 +0

Broni

Posts: 56,041 +516

trisail86

Posts: 29 +0

trisail86

Posts: 29 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts