Solved Security Tool - Cannot Remove

[Resolved] Security Tool - Cannot Remove

I've been infected with Security Tool. I ran a portable version of SUPERAntiSpyware in Safe Mode which found Security Tool and deleted it. But when I rebooted normal it came right back. I then ran MalwareBytes in Safe Mode which also found Security Tool and quarantined it only to come right back when I rebooted.

Thank you in advance for the help.

Here are the DDS logs:



DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Tamara at 21:01:37.98 on Mon 08/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1684 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Tamara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tamara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {37281d54-e2d4-4ec3-b38c-24a02787ca09} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\documents and settings\tamara\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRunOnce: [73988] "c:\docume~1\tamara\locals~1\applic~1\73988.exe" 0 28
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [ControlCenter] "c:\program files\ibm fingerprint software\ctlcntr.exe" /startup
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe "
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
StartupFolder: c:\docume~1\tamara\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\quickcam\eReg.exe
StartupFolder: c:\docume~1\tamara\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} - hxxp://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.55.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/NCS.cab
DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} - hxxps://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/ct.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: psfus - c:\program files\ibm fingerprint software\psfus.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: vamydl.dll,c:\windows\system32\gosijado.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli pwdmon c:\windows\system32\gosijado.dll

============= SERVICES / DRIVERS ===============

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2006-8-11 14208]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2006-8-11 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-1-1 14336]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
S1 SASDIFSV;SASDIFSV;c:\docume~1\tamara\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\docume~1\tamara\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
S2 gupdate1c98eb9199caec4;Google Update Service (gupdate1c98eb9199caec4);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-5-19 103744]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-10-6 144704]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-10-6 54608]
S2 SmiHlp;SMI helper driver;c:\program files\ibm fingerprint software\smihlp.sys [2005-4-12 3328]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-29 24652]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-5-19 72904]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-5-19 34344]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-5-19 177672]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-8-8 50704]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2006-8-11 12288]

=============== Created Last 30 ================

2010-08-09 22:11:16 0 d-----w- c:\docume~1\tamara\applic~1\Malwarebytes
2010-08-09 22:11:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 22:11:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 22:11:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 22:11:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-09 00:19:22 0 d-----w- c:\docume~1\tamara\applic~1\SUPERAntiSpyware.com
2010-08-09 00:19:22 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-08 23:52:02 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-08-08 23:52:02 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-08-08 23:52:02 100880 ----a-w- c:\windows\system32\Packet.dll
2010-08-03 00:42:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-03 00:41:00 0 d-----r- c:\program files\Skype
2010-08-03 00:29:58 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-03 00:29:47 432664 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-08-03 00:29:46 494104 ----a-r- c:\windows\system32\LVUI2.dll
2010-08-03 00:29:46 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-08-03 00:29:45 6364440 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-08-03 00:28:46 29562 ----a-r- c:\windows\system32\Repository.reg
2010-08-03 00:28:45 81110 ----a-r- c:\windows\system32\lvcoinst.ini
2010-08-03 00:28:45 768024 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-08-03 00:28:45 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2010-08-03 00:28:45 195096 ----a-r- c:\windows\system32\lvci11901262.dll
2010-08-03 00:28:03 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-03 00:28:01 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-08-03 00:25:25 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-08-03 00:25:25 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-03 00:25:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-08-03 00:25:16 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-08-03 00:25:13 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-08-03 00:25:13 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-08-03 00:25:12 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-08-03 00:25:12 16384 ----a-w- c:\windows\system32\dllcache\ipsink.ax
2010-08-03 00:25:08 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-08-03 00:25:08 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-08-03 00:25:04 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-08-03 00:25:04 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-07-13 23:29:59 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-03 22:56:48 1063320 ----a-w- c:\documents and settings\tamara\gotomypc_533.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-01-12 21:01:01 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011220090113\index.dat
2009-01-17 00:04:50 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011620090117\index.dat

============= FINISH: 21:02:36.68 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/19/2006 12:56:19 AM
System Uptime: 8/9/2010 8:57:31 PM (1 hours ago)

Motherboard: IBM | | 187124U
Processor: Intel(R) Pentium(R) M processor 1.60GHz | None | 798/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 33 GiB total, 3.471 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP671: 6/25/2010 9:53:16 PM - Software Distribution Service 3.0
RP672: 6/27/2010 2:26:49 PM - System Checkpoint
RP673: 6/30/2010 7:19:01 AM - System Checkpoint
RP674: 7/2/2010 7:44:41 PM - System Checkpoint
RP675: 7/5/2010 7:52:42 AM - Software Distribution Service 3.0
RP676: 7/11/2010 8:45:18 PM - System Checkpoint
RP677: 7/13/2010 8:00:18 PM - Software Distribution Service 3.0
RP678: 7/28/2010 8:23:47 PM - System Checkpoint
RP679: 8/1/2010 11:51:19 AM - System Checkpoint
RP680: 8/2/2010 8:27:25 PM - Logitech QuickCam v11.90.1262
RP681: 8/7/2010 9:25:18 AM - System Checkpoint
RP682: 8/8/2010 4:23:00 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
Access IBM
Access IBM Message Center
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
BUM
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
FrostWire 4.18.5
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM fingerprint software 4.5.5
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM SATA Power Management Driver
IBM Themes
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Power Manager
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
Image Web Server 8.1 IE Plugins (Build:3,4,0,242)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterVideo WinDVD
iTunes
Java(TM) 6 Update 3
KODAK EASYSHARE Gallery Easy Upload, v2.1
KODAK EASYSHARE Gallery Upload ActiveX Control
KODAK Gallery Upload Software
LaserJet 1020 series
Lenovo Battery Program
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Converter Pack
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
mMHouse
Move Media Player
mPfMgr
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
Octoshape add-in for Adobe Flash Player
Ofoto Print@Home ActiveX Control
OrderReminder HP LaserJet 1020
QuickTime
RAW Image Task 2.1
RealPlayer
Safari
Scrabble Deluxe
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype Toolbars
Skypeâ„¢ 4.2
Software Installer
Sonic Update Manager
SoundMAX
ThinkPad FullScreen Magnifier
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
WeatherBug
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 14.5

==== Event Viewer Messages From Past Week ========

8/9/2010 8:03:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm Lbd SASDIFSV SASKUTIL ShockMgr Smapint TDSMAPI TPHKDRV TPPWRIF TSMAPIP
8/9/2010 7:57:39 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/9/2010 6:10:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC Fips IBMTPCHK intelppm IPSec Lbd mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ShockMgr Smapint Tcpip TDSMAPI TPHKDRV TPPWRIF TSMAPIP
8/8/2010 8:18:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/8/2010 8:17:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/8/2010 8:17:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC Fips IBMTPCHK intelppm IPSec Lbd mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss ShockMgr Smapint Tcpip TDSMAPI TPHKDRV TPPWRIF TSMAPIP
8/8/2010 8:17:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2010 8:17:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2010 8:17:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2010 8:17:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2010 8:17:51 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2010 8:17:51 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2010 8:17:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/7/2010 6:36:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
8/3/2010 6:54:07 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================

 

exeHelper by Raktor
Build 20100414
Run at 07:07:58 on 08/11/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\Documents and Settings\Tamara\Start Menu\Programs\Security Tool.lnk
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--






ComboFix 10-08-10.06 - Tamara 08/11/2010 7:19.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1749 [GMT -4:00]
Running from: c:\documents and settings\Tamara\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tamara\Local Settings\Application Data\{72A53C52-4A30-498B-BFA9-5EAE52E88767}
c:\documents and settings\Tamara\Local Settings\Application Data\{72A53C52-4A30-498B-BFA9-5EAE52E88767}\chrome.manifest
c:\documents and settings\Tamara\Local Settings\Application Data\{72A53C52-4A30-498B-BFA9-5EAE52E88767}\chrome\content\_cfg.js
c:\documents and settings\Tamara\Local Settings\Application Data\{72A53C52-4A30-498B-BFA9-5EAE52E88767}\chrome\content\c.js
c:\documents and settings\Tamara\Local Settings\Application Data\{72A53C52-4A30-498B-BFA9-5EAE52E88767}\chrome\content\overlay.xul
c:\documents and settings\Tamara\Local Settings\Application Data\{72A53C52-4A30-498B-BFA9-5EAE52E88767}\install.rdf
c:\documents and settings\Tamara\Local Settings\Application Data\73988.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pwdmon.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-09 22:11 . 2010-08-09 22:11 -------- d-----w- c:\documents and settings\Tamara\Application Data\Malwarebytes
2010-08-09 22:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 22:11 . 2010-08-09 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 22:11 . 2010-08-09 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-09 22:11 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 00:19 . 2010-08-09 00:19 -------- d-----w- c:\documents and settings\Tamara\Application Data\SUPERAntiSpyware.com
2010-08-09 00:19 . 2010-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-03 00:42 . 2010-08-03 00:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-03 00:42 . 2010-08-03 00:42 -------- d-----w- c:\documents and settings\Tamara\Application Data\skypePM
2010-08-03 00:41 . 2010-08-07 10:33 -------- d-----w- c:\documents and settings\Tamara\Application Data\Skype
2010-08-03 00:41 . 2010-08-03 00:41 -------- d-----w- c:\program files\Common Files\Skype
2010-08-03 00:41 . 2010-08-03 00:41 -------- d-----r- c:\program files\Skype
2010-08-03 00:40 . 2010-08-03 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-03 00:29 . 2008-12-17 06:01 432664 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-08-03 00:29 . 2008-12-17 06:00 494104 ----a-r- c:\windows\system32\LVUI2.dll
2010-08-03 00:29 . 2008-12-17 05:55 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-08-03 00:29 . 2008-12-17 06:01 6364440 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-08-03 00:28 . 2008-12-17 05:37 29562 ----a-r- c:\windows\system32\Repository.reg
2010-08-03 00:28 . 2008-12-17 06:01 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2010-08-03 00:28 . 2008-12-17 06:00 768024 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-08-03 00:28 . 2008-12-17 05:55 195096 ----a-r- c:\windows\system32\lvci11901262.dll
2010-08-03 00:28 . 2008-12-17 06:02 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-08-03 00:26 . 2010-08-09 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-08-03 00:26 . 2010-08-03 00:29 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-08-03 00:26 . 2010-08-03 01:17 -------- d-----w- c:\program files\Logitech
2010-08-03 00:25 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-08-03 00:25 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-03 00:25 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-08-03 00:25 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-08-03 00:25 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-08-03 00:25 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-08-03 00:25 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-08-03 00:25 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-08-03 00:25 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-08-03 00:25 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-03 00:24 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-08-03 00:24 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-08-03 00:24 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-08-03 00:24 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-08-03 00:24 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-08-03 00:24 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-08-03 00:24 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-08-03 00:24 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-13 23:29 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 11:02 . 2008-03-31 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-03 01:07 . 2010-08-03 00:29 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-03 01:07 . 2010-08-03 00:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-28 23:31 . 2008-11-23 20:59 -------- d-----w- c:\documents and settings\Tamara\Application Data\ZoomBrowser EX
2010-07-28 23:26 . 2008-11-23 20:55 -------- d-----w- c:\documents and settings\Tamara\Application Data\CameraWindowDC
2010-07-28 23:21 . 2009-06-17 11:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-03 22:56 . 2010-07-03 22:56 1063320 ----a-w- c:\documents and settings\Tamara\gotomypc_533.exe
2010-07-03 02:22 . 2010-07-03 02:20 -------- d-----w- c:\program files\iTunes
2010-07-03 02:20 . 2010-07-03 02:20 -------- d-----w- c:\program files\iPod
2010-07-03 02:20 . 2007-07-02 01:52 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 02:13 . 2008-10-27 01:44 -------- d-----w- c:\documents and settings\Tamara\Application Data\FrostWire
2010-07-03 02:12 . 2010-07-03 02:12 -------- d-----w- c:\program files\Bonjour
2010-07-03 02:03 . 2010-07-03 02:03 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-20 23:27 . 2010-06-20 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-14 14:31 . 2004-08-09 17:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-04-25 02:25 . 2008-01-12 21:55 61475 -c--a-w- c:\program files\mozilla firefox\plugins\NCScnet.dll
2007-04-25 02:32 . 2008-01-12 21:55 1384482 -c--a-w- c:\program files\mozilla firefox\plugins\NCSEcw.dll
2007-04-25 02:24 . 2008-01-12 21:55 147491 -c--a-w- c:\program files\mozilla firefox\plugins\NCSUtil.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\documents and settings\Tamara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-21 133104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-05-04 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-05-04 126976]
"TPKMAPHELPER "= "c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks "= "TpShocks.exe" [2005-04-05 106496]
"TPHOTKEY "= "c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"ControlCenter "= "c:\program files\IBM fingerprint software\ctlcntr.exe" [2005-04-12 286821]
"TP4EX "= "tp4ex.exe" [2004-11-12 40960]
"EZEJMNAP "= "c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"IBMPRC "= "c:\ibmtools\UTILS\ibmprc.exe" [2005-04-27 90112]
"QCWLICON "= "c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR "= "c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"BLOG "= "c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896]
"OrderReminder "= "c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"ShStatEXE "= "c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

c:\documents and settings\Tamara\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-11 24576]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-04-12 23:39 110179 ----a-w- c:\program files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 10:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 05:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-21 20:58 133104 ----atw- c:\documents and settings\Tamara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-05 20:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59057:TCP "= 59057:TCPORT_59057
"12004:TCP "= 12004:TCPORT_12004
"51805:TCP "= 51805:TCPORT_51805
"52731:TCP "= 52731:TCPORT_52731
"60074:TCP "= 60074:TCPORT_60074
"36801:TCP "= 36801:TCPORT_36801
"45430:TCP "= 45430:TCPORT_45430
"36917:TCP "= 36917:TCPORT_36917
"27938:TCP "= 27938:TCPORT_27938
"5750:TCP "= 5750:TCPORT_5750
"19075:TCP "= 19075:TCP:BitComet 19075 TCP
"19075:UDP "= 19075:UDP:BitComet 19075 UDP

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [8/11/2006 11:41 AM 14208]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [8/11/2006 11:41 AM 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1/1/1980 3:00 AM 14336]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate1c98eb9199caec4;Google Update Service (gupdate1c98eb9199caec4);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2009 11:29 AM 133104]
S2 SmiHlp;SMI helper driver;c:\program files\IBM fingerprint software\smihlp.sys [4/12/2005 7:31 PM 3328]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/29/2009 4:32 PM 24652]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [8/11/2006 12:05 PM 12288]
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

2010-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 17:34]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 15:29]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 15:29]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027340500-3215107844-791897460-1005Core.job
- c:\documents and settings\Tamara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-21 20:58]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027340500-3215107844-791897460-1005UA.job
- c:\documents and settings\Tamara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-21 20:58]

2010-08-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-08-11 08:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/NCS.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{37281d54-e2d4-4ec3-b38c-24a02787ca09} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-RunOnce-73988 - c:\docume~1\Tamara\LOCALS~1\APPLIC~1\73988.exe
MSConfigStartUp-Ndesip - c:\windows\Wdeco.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Syidovitogoloput - c:\windows\ikesufolifasu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 07:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\IBM fingerprint software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-11 07:35:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-11 11:35
ComboFix2.txt 2009-01-19 14:12

Pre-Run: 3,652,538,368 bytes free
Post-Run: 7,056,461,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 3FFA7423BD42A10A5D2ADED3141B7651

 

I removed Viewpoint Media Player.

When Combofix started, after dragging the text into it, it updated itself and restarted. I hope this didn't mess up the scan. Also, I tried disabling the McAfee scanners and in the McAfee console it says they are off but Combofix said they were still running so I let it fly.

Thanks again.


ComboFix 10-08-12.02 - Tamara 08/12/2010 19:10:29.3.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1720 [GMT -4:00]
Running from: c:\documents and settings\Tamara\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tamara\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-09 22:11 . 2010-08-09 22:11 -------- d-----w- c:\documents and settings\Tamara\Application Data\Malwarebytes
2010-08-09 22:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 22:11 . 2010-08-09 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 22:11 . 2010-08-09 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-09 22:11 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 00:19 . 2010-08-09 00:19 -------- d-----w- c:\documents and settings\Tamara\Application Data\SUPERAntiSpyware.com
2010-08-09 00:19 . 2010-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-03 00:42 . 2010-08-03 00:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-03 00:42 . 2010-08-03 00:42 -------- d-----w- c:\documents and settings\Tamara\Application Data\skypePM
2010-08-03 00:41 . 2010-08-07 10:33 -------- d-----w- c:\documents and settings\Tamara\Application Data\Skype
2010-08-03 00:41 . 2010-08-03 00:41 -------- d-----w- c:\program files\Common Files\Skype
2010-08-03 00:41 . 2010-08-03 00:41 -------- d-----r- c:\program files\Skype
2010-08-03 00:40 . 2010-08-03 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-03 00:29 . 2008-12-17 06:01 432664 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-08-03 00:29 . 2008-12-17 06:00 494104 ----a-r- c:\windows\system32\LVUI2.dll
2010-08-03 00:29 . 2008-12-17 05:55 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-08-03 00:29 . 2008-12-17 06:01 6364440 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-08-03 00:28 . 2008-12-17 05:37 29562 ----a-r- c:\windows\system32\Repository.reg
2010-08-03 00:28 . 2008-12-17 06:01 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2010-08-03 00:28 . 2008-12-17 06:00 768024 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-08-03 00:28 . 2008-12-17 05:55 195096 ----a-r- c:\windows\system32\lvci11901262.dll
2010-08-03 00:28 . 2008-12-17 06:02 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-08-03 00:26 . 2010-08-09 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-08-03 00:26 . 2010-08-03 00:29 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-08-03 00:26 . 2010-08-03 01:17 -------- d-----w- c:\program files\Logitech
2010-08-03 00:25 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-08-03 00:25 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-03 00:25 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-08-03 00:25 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-08-03 00:25 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-08-03 00:25 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-08-03 00:25 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-08-03 00:25 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-08-03 00:25 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-08-03 00:25 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-03 00:24 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-08-03 00:24 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-08-03 00:24 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-08-03 00:24 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-08-03 00:24 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-08-03 00:24 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-08-03 00:24 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-08-03 00:24 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-13 23:29 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 22:57 . 2006-08-19 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-05 11:02 . 2008-03-31 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-03 01:07 . 2010-08-03 00:29 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-03 01:07 . 2010-08-03 00:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-28 23:31 . 2008-11-23 20:59 -------- d-----w- c:\documents and settings\Tamara\Application Data\ZoomBrowser EX
2010-07-28 23:26 . 2008-11-23 20:55 -------- d-----w- c:\documents and settings\Tamara\Application Data\CameraWindowDC
2010-07-28 23:21 . 2009-06-17 11:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-03 22:56 . 2010-07-03 22:56 1063320 ----a-w- c:\documents and settings\Tamara\gotomypc_533.exe
2010-07-03 02:22 . 2010-07-03 02:20 -------- d-----w- c:\program files\iTunes
2010-07-03 02:20 . 2010-07-03 02:20 -------- d-----w- c:\program files\iPod
2010-07-03 02:20 . 2007-07-02 01:52 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 02:13 . 2008-10-27 01:44 -------- d-----w- c:\documents and settings\Tamara\Application Data\FrostWire
2010-07-03 02:12 . 2010-07-03 02:12 -------- d-----w- c:\program files\Bonjour
2010-07-03 02:03 . 2010-07-03 02:03 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-20 23:27 . 2010-06-20 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-14 14:31 . 2004-08-09 17:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-04-25 02:25 . 2008-01-12 21:55 61475 -c--a-w- c:\program files\mozilla firefox\plugins\NCScnet.dll
2007-04-25 02:32 . 2008-01-12 21:55 1384482 -c--a-w- c:\program files\mozilla firefox\plugins\NCSEcw.dll
2007-04-25 02:24 . 2008-01-12 21:55 147491 -c--a-w- c:\program files\mozilla firefox\plugins\NCSUtil.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\documents and settings\Tamara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-21 133104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-05-04 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-05-04 126976]
"TPKMAPHELPER "= "c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks "= "TpShocks.exe" [2005-04-05 106496]
"TPHOTKEY "= "c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"ControlCenter "= "c:\program files\IBM fingerprint software\ctlcntr.exe" [2005-04-12 286821]
"TP4EX "= "tp4ex.exe" [2004-11-12 40960]
"EZEJMNAP "= "c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"IBMPRC "= "c:\ibmtools\UTILS\ibmprc.exe" [2005-04-27 90112]
"QCWLICON "= "c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR "= "c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"BLOG "= "c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896]
"OrderReminder "= "c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"ShStatEXE "= "c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

c:\documents and settings\Tamara\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-11 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-04-12 23:39 110179 ----a-w- c:\program files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 10:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 05:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-21 20:58 133104 ----atw- c:\documents and settings\Tamara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-05 20:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59057:TCP "= 59057:TCPORT_59057
"12004:TCP "= 12004:TCPORT_12004
"51805:TCP "= 51805:TCPORT_51805
"52731:TCP "= 52731:TCPORT_52731
"60074:TCP "= 60074:TCPORT_60074
"36801:TCP "= 36801:TCPORT_36801
"45430:TCP "= 45430:TCPORT_45430
"36917:TCP "= 36917:TCPORT_36917
"27938:TCP "= 27938:TCPORT_27938
"5750:TCP "= 5750:TCPORT_5750
"19075:TCP "= 19075:TCP:BitComet 19075 TCP
"19075:UDP "= 19075:UDP:BitComet 19075 UDP

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [8/11/2006 11:41 AM 14208]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [8/11/2006 11:41 AM 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1/1/1980 3:00 AM 14336]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate1c98eb9199caec4;Google Update Service (gupdate1c98eb9199caec4);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2009 11:29 AM 133104]
S2 SmiHlp;SMI helper driver;c:\program files\IBM fingerprint software\smihlp.sys [4/12/2005 7:31 PM 3328]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [8/11/2006 12:05 PM 12288]
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

2010-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 17:34]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 15:29]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 15:29]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027340500-3215107844-791897460-1005Core.job
- c:\documents and settings\Tamara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-21 20:58]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027340500-3215107844-791897460-1005UA.job
- c:\documents and settings\Tamara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-21 20:58]

2010-08-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-08-11 08:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/NCS.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 19:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\IBM fingerprint software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-12 19:18:50
ComboFix-quarantined-files.txt 2010-08-12 23:18
ComboFix2.txt 2010-08-11 11:35
ComboFix3.txt 2009-01-19 14:12

Pre-Run: 7,062,040,576 bytes free
Post-Run: 7,041,249,280 bytes free

- - End Of File - - 30701D41F15D6DD0D3DE865284EA1A06

 

Everything seems to be working again. I can run the computer in normal mode again. Here are the logs. Thanks again.



OTL logfile created on: 8/12/2010 9:50:51 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tamara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.18 Gb Total Space | 6.13 Gb Free Space | 18.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAMARA
Current User Name: Tamara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/12 21:50:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamara\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/21 09:54:36 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/29 18:11:14 | 000,801,544 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/10/29 18:11:06 | 000,300,296 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2008/10/06 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/10/06 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/10/06 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/10/25 10:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 10:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/25 02:11:35 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
PRC - [2007/09/25 02:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007/08/05 16:26:45 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/04/27 14:09:46 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2005/04/27 12:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2005/04/12 19:34:36 | 000,040,554 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
PRC - [2005/04/05 18:14:34 | 000,106,496 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/04/04 15:43:32 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/03/24 19:20:34 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/03/23 05:11:00 | 000,217,088 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2005/03/18 06:07:00 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2005/03/18 06:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005/02/18 10:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/02/18 10:03:38 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/02/18 10:02:24 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/11/08 14:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/05 04:30:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2004/10/14 12:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/06 19:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/05/24 13:25:04 | 000,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2003/10/29 06:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/07/11 21:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/08/12 21:50:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamara\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/11/08 14:17:50 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/27 18:14:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/10/06 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/10/06 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/04/27 14:09:46 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2005/04/12 19:34:36 | 000,040,554 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2005/03/18 06:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005/02/18 10:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/02/18 10:03:38 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/02/18 10:02:24 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/11/05 04:30:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2004/05/24 13:25:04 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2003/07/11 21:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Tamara\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EntDrv51.sys -- (EntDrv51)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2008/12/17 02:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 02:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/12/17 02:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/10/06 20:50:00 | 000,177,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/10/06 20:50:00 | 000,072,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/10/06 20:50:00 | 000,064,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/10/06 20:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/10/06 20:50:00 | 000,034,344 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/10/06 20:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/08/11 12:02:48 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/05/17 05:34:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/04/27 13:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/04/27 12:16:46 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2005/04/21 19:44:54 | 000,014,336 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nsctpm11.sys -- (TPM11)
DRV - [2005/04/14 04:01:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/04/12 19:41:04 | 000,026,240 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/04/12 19:31:28 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\IBM fingerprint software\smihlp.sys -- (SmiHlp)
DRV - [2005/03/18 06:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/03/18 06:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/03/18 06:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/03/17 19:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/14 11:00:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/01/21 04:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/01/21 04:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/01/14 15:20:26 | 000,059,776 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2004/12/02 19:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/02 18:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/11/10 19:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/10 19:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 19:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/08 14:12:48 | 000,177,504 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/11/05 04:30:00 | 000,012,944 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2004/10/15 13:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/06 19:03:46 | 000,016,370 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/09/02 04:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/09/02 04:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/09/02 04:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/09/02 04:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/09/02 04:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/09/02 04:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/09/02 04:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/09/02 04:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/09/02 04:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/17 06:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 14:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 14:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/07/14 05:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/05/14 15:59:00 | 000,004,608 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2003/09/26 03:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/05/31 23:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "http://home.bellsouth.net/ "


[2009/09/28 19:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\ixdumi2z.default\extensions
[2007/11/21 14:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tamara\Application Data\Mozilla\Firefox\Profiles\ixdumi2z.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/09/04 13:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/24 22:25:00 | 000,061,475 | ---- | M] (Earth Resource Mapping) -- C:\Program Files\Mozilla Firefox\plugins\NCScnet.dll
[2007/04/24 22:32:00 | 001,384,482 | ---- | M] (Earth Resource Mapping) -- C:\Program Files\Mozilla Firefox\plugins\NCSEcw.dll
[2007/04/24 22:24:00 | 000,147,491 | ---- | M] (Earth Resource Mapping) -- C:\Program Files\Mozilla Firefox\plugins\NCSUtil.dll
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007/09/10 12:10:04 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
[2006/08/25 19:01:52 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/04/24 22:45:00 | 000,610,304 | ---- | M] (Earth Resource Mapping) -- C:\Program Files\Mozilla Firefox\plugins\NP_NCS6.dll
[2007/04/24 22:45:00 | 000,069,632 | ---- | M] (Earth Resource Mapping) -- C:\Program Files\Mozilla Firefox\plugins\NP_NCSPB6.dll
[2007/04/24 22:46:00 | 000,094,208 | ---- | M] (Earth Resource Mapping) -- C:\Program Files\Mozilla Firefox\plugins\NP_NCSTB6.dll

O1 HOSTS File: ([2010/08/11 07:27:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ControlCenter] C:\Program Files\IBM fingerprint software\ctlcntr.exe (UPEK Inc.)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (IBM Corp.)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Tamara\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Documents and Settings\Tamara\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} http://plug-in.reallusion.com/crazytalk4.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} http://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab (HomePrintingCtrl Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.55.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} http://aerial.leepa.org/ecwplugins/NCS.cab (Reg Error: Key error.)
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab (IASRunner Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/ct.cab (TikGames Online Control)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Tamara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tamara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/19 00:56:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/12 21:49:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tamara\Desktop\OTL.exe
[2010/08/12 21:36:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/12 21:35:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/11 07:17:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/11 07:14:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/11 07:14:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/11 07:14:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/09 18:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Application Data\Malwarebytes
[2010/08/09 18:11:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 18:11:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 18:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 18:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/08 20:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Application Data\SUPERAntiSpyware.com
[2010/08/08 20:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/02 20:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Application Data\skypePM
[2010/08/02 20:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Application Data\Skype
[2010/08/02 20:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/02 20:41:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/02 20:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/08/02 20:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/08/02 20:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/08/02 20:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/07/03 18:56:40 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Tamara\gotomypc_533.exe
[2010/07/03 10:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Desktop\Automatically Add to iTunes
[2010/07/03 10:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Desktop\Bon Jovi
[2010/07/02 22:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/02 22:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/02 22:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/20 19:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/20 19:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/06/19 14:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Desktop\Photo Order
[2010/06/10 21:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Desktop\web images
[2010/06/10 21:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Desktop\sepia images
[2010/06/10 21:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Desktop\color images
[2010/06/10 21:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara\Desktop\black + white images
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Tamara\Desktop\*.tmp files -> C:\Documents and Settings\Tamara\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/12 21:50:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamara\Desktop\OTL.exe
[2010/08/12 21:45:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/12 21:45:24 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/12 21:44:55 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/08/12 21:44:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/12 21:44:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/12 21:44:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/12 21:43:54 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Tamara\ntuser.dat
[2010/08/12 21:43:22 | 000,506,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 21:43:22 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 21:43:22 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 21:37:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 21:36:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tamara\ntuser.ini
[2010/08/12 21:36:18 | 000,000,347 | ---- | M] () -- C:\Start_.cmd
[2010/08/12 19:22:35 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Tamara\Local Settings\Application Data\IconCache.db
[2010/08/12 19:15:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/12 19:04:04 | 003,816,785 | R--- | M] () -- C:\Documents and Settings\Tamara\Desktop\ComboFix.exe
[2010/08/11 07:27:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/11 07:17:25 | 000,000,264 | RHS- | M] () -- C:\BOOT.INI
[2010/08/11 07:06:28 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\rkill.com
[2010/08/11 07:05:49 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\exeHelper.com
[2010/08/10 20:51:15 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\resume.doc
[2010/08/09 19:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/08 20:01:24 | 011,208,872 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\SAS_020D83.COM
[2010/08/08 19:16:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3027340500-3215107844-791897460-1005UA.job
[2010/08/08 19:16:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3027340500-3215107844-791897460-1005Core.job
[2010/08/07 08:33:18 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\Jobhunt.xls
[2010/08/07 07:05:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Tamara\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/08/02 21:07:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/02 21:07:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/08/02 20:47:53 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/02 20:42:19 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/02 20:26:47 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2010/07/28 19:50:20 | 000,025,626 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\TCJ.resume.pdf
[2010/07/28 19:25:41 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\Google Chrome.lnk
[2010/07/20 21:10:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/12 19:42:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/04 09:21:49 | 008,067,429 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\Levis_PassionPit_TonightTonight.mp3
[2010/06/30 06:54:45 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\Katz.Tamara.May09Grad.Res.6.07.10.doc
[2010/06/27 12:44:35 | 000,000,305 | -H-- | M] () -- C:\Documents and Settings\Tamara\Desktop\.iTunes Preferences.plist
[2010/06/27 10:13:38 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Tamara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/20 19:27:52 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/06/13 16:40:31 | 000,289,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 06:49:24 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Tamara\Desktop\ski.xls
[2010/05/16 08:04:52 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Tamara\Desktop\*.tmp files -> C:\Documents and Settings\Tamara\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

Remaining OTL text.


========== Files Created - No Company Name ==========

[2010/08/12 21:36:18 | 000,000,347 | ---- | C] () -- C:\Start_.cmd
[2010/08/11 07:17:25 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2010/08/11 07:17:20 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/11 07:14:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/11 07:14:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/11 07:06:28 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\rkill.com
[2010/08/11 07:06:01 | 003,816,785 | R--- | C] () -- C:\Documents and Settings\Tamara\Desktop\ComboFix.exe
[2010/08/11 07:05:49 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\exeHelper.com
[2010/08/08 19:59:18 | 011,208,872 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\SAS_020D83.COM
[2010/08/07 07:05:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Tamara\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/08/07 06:50:18 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\Jobhunt.xls
[2010/08/02 20:42:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/02 20:41:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/02 20:29:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/02 20:28:46 | 000,029,562 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010/08/02 20:28:45 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/02 20:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/08/02 20:26:47 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2010/07/28 19:50:20 | 000,025,626 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\TCJ.resume.pdf
[2010/07/04 09:21:46 | 008,067,429 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\Levis_PassionPit_TonightTonight.mp3
[2010/07/02 22:22:11 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/27 12:44:35 | 000,000,305 | -H-- | C] () -- C:\Documents and Settings\Tamara\Desktop\.iTunes Preferences.plist
[2010/06/26 08:26:45 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\resume.doc
[2010/06/20 19:27:52 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/06/18 17:21:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\Katz.Tamara.May09Grad.Res.6.07.10.doc
[2010/06/10 06:49:24 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Tamara\Desktop\ski.xls
[2010/05/16 08:04:52 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/05/19 12:28:06 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/15 10:36:01 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/15 10:33:31 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/03/15 10:32:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6000.ini
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/14 17:18:57 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/10/08 19:58:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/09/20 11:57:35 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\fxtls432.dll
[2006/09/20 11:57:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ESUtil.dll
[2006/09/13 15:05:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2006/08/19 03:17:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/19 01:30:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/11 12:10:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/11 12:09:44 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/08/11 12:05:34 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/08/11 11:57:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/11 11:57:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/11 11:57:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/11 11:57:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/11 11:57:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/11 11:57:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/11 11:55:22 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/11 11:46:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/08/11 11:46:08 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/08/11 11:42:20 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/08/11 11:30:22 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/27 12:53:10 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/11/08 20:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/09 14:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/09 09:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/04/10 19:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/11/18 01:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[1980/01/01 03:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 03:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 03:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

========== LOP Check ==========

[2009/01/29 16:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/12/27 18:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/07/28 18:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2006/08/11 11:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2009/01/19 20:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/11/29 17:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/12/08 18:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/09 13:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/01/12 10:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spiralfrog
[2009/05/19 15:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/12 18:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/20 19:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/17 08:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/07 08:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 14:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/01/16 13:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\3M
[2006/08/19 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\acccore
[2009/01/19 17:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\Amazon
[2010/07/02 22:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\FrostWire
[2008/03/31 23:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\Gamelab
[2009/05/19 11:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\GetRightToGo
[2006/08/19 01:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\IBM
[2007/04/14 21:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\InterVideo
[2007/03/05 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\Leadertech
[2007/09/04 11:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\Picaboo
[2008/12/08 18:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\PlayFirst
[2007/08/13 17:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\SecondLife
[2007/03/17 20:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\Snapfish
[2008/10/18 11:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\ThomsonWest
[2009/04/16 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara\Application Data\WeatherBug
[2010/08/12 21:44:55 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/05/19 12:03:28 | 000,009,944 | ---- | M] () -- C:\aaw7boot.log
[2008/12/27 18:42:33 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/08/19 00:56:44 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2009/01/19 20:42:09 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2010/08/11 07:17:25 | 000,000,264 | RHS- | M] () -- C:\BOOT.INI
[2006/08/11 12:07:10 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2006/08/11 12:11:36 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2004/08/09 13:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006/08/11 12:03:24 | 000,000,308 | ---- | M] () -- C:\ccrrec.ver
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/12 19:18:51 | 000,017,199 | ---- | M] () -- C:\ComboFix.txt
[2006/08/19 00:56:44 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/08/11 11:54:44 | 000,000,754 | ---- | M] () -- C:\drivez.log
[2006/08/27 02:06:03 | 000,001,120 | ---- | M] () -- C:\engine.log
[2007/09/14 07:19:14 | 000,000,000 | ---- | M] () -- C:\hplog.txt
[2006/09/10 20:40:26 | 000,139,300 | ---- | M] () -- C:\IbmEgath.XML
[2006/08/19 00:56:44 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/01/29 16:32:43 | 000,001,740 | -H-- | M] () -- C:\IPH.PH
[2007/12/26 10:52:10 | 000,000,637 | ---- | M] () -- C:\logfile
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/04 13:45:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/12 21:44:43 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2006/11/26 11:41:48 | 000,046,070 | ---- | M] () -- C:\playground.log
[2010/08/11 07:06:54 | 000,000,371 | ---- | M] () -- C:\rkill.log
[2010/08/12 21:36:18 | 000,000,347 | ---- | M] () -- C:\Start_.cmd
[2006/08/11 11:30:24 | 000,001,403 | ---- | M] () -- C:\SYSLEVEL.IBM
[2006/08/11 11:29:34 | 000,000,044 | ---- | M] () -- C:\TCPACHIP.LOG

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/28 12:00:00 | 000,049,152 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2004/03/22 19:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/09 13:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 13:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 13:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP56DDC33
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPA3C6C07
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700CD00E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP0570058
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP9F6664C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP66B5EAE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
< End of report >


Start of Extras text


OTL Extras logfile created on: 8/12/2010 9:50:51 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Tamara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.18 Gb Total Space | 6.13 Gb Free Space | 18.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAMARA
Current User Name: Tamara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"59057:TCP" = 59057:TCP:*:EnabledORT_59057
"12004:TCP" = 12004:TCP:*:EnabledORT_12004
"51805:TCP" = 51805:TCP:*:EnabledORT_51805
"52731:TCP" = 52731:TCP:*:EnabledORT_52731
"60074:TCP" = 60074:TCP:*:EnabledORT_60074
"36801:TCP" = 36801:TCP:*:EnabledORT_36801
"45430:TCP" = 45430:TCP:*:EnabledORT_45430
"36917:TCP" = 36917:TCP:*:EnabledORT_36917
"27938:TCP" = 27938:TCP:*:EnabledORT_27938
"5750:TCP" = 5750:TCP:*:EnabledORT_5750
"19075:TCP" = 19075:TCP:*:Enabled:BitComet 19075 TCP
"19075:UDP" = 19075:UDP:*:Enabled:BitComet 19075 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Microsoft Office\OFFICE11\ONENOTE.EXE" = C:\Program Files\Microsoft Office\OFFICE11\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = IBM ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111433970}" = Scrabble Deluxe
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{DFEBA70E-F169-4016-AB27-7230BCCDBD42}" = IBM fingerprint software 4.5.5
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"CSCLIB" = Canon Camera Support Core Library
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EOS Utility" = Canon Utilities EOS Utility
"FrostWire" = FrostWire 4.18.5
"Google Updater" = Google Updater
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"OfotoPrint@Home" = Ofoto Print@Home ActiveX Control
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PhotoStitch" = Canon Utilities PhotoStitch
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"WeatherBug" = WeatherBug
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Google Chrome" = Google Chrome
"Image Web Server IE Plugin" = Image Web Server 8.1 IE Plugins (Build:3,4,0,242)
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/7/2010 6:32:04 AM | Computer Name = TAMARA | Source = Google Update | ID = 20
Description =

Error - 8/7/2010 9:40:43 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/7/2010 9:40:43 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4046

Error - 8/7/2010 9:40:43 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4046

Error - 8/7/2010 9:40:45 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/7/2010 9:40:45 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6031

Error - 8/7/2010 9:40:45 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6031

Error - 8/7/2010 9:40:47 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/7/2010 9:40:47 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8015

Error - 8/7/2010 9:40:47 AM | Computer Name = TAMARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8015

[ System Events ]
Error - 8/11/2010 7:25:12 AM | Computer Name = TAMARA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/11/2010 7:27:16 AM | Computer Name = TAMARA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/11/2010 7:27:53 AM | Computer Name = TAMARA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ANC Fips IBMTPCHK intelppm Lbd SASDIFSV SASKUTIL ShockMgr Smapint TDSMAPI TPHKDRV TPPWRIF TSMAPIP

Error - 8/12/2010 6:56:29 PM | Computer Name = TAMARA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/12/2010 6:58:52 PM | Computer Name = TAMARA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/12/2010 7:21:13 PM | Computer Name = TAMARA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/12/2010 7:22:36 PM | Computer Name = TAMARA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/12/2010 7:24:35 PM | Computer Name = TAMARA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASDIFSV SASKUTIL

Error - 8/12/2010 9:36:02 PM | Computer Name = TAMARA | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/12/2010 9:45:35 PM | Computer Name = TAMARA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASDIFSV SASKUTIL


< End of report >

 

I ran Kaspersky and it didn't find anything so I didn't post he report. Here are the others. Thanks.


All processes killed
========== OTL ==========
Starting removal of ActiveX control {13149882-F480-4F6B-8C6A-0764F75B99ED}
C:\WINDOWS\Downloaded Program Files\crazytalk.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{13149882-F480-4F6B-8C6A-0764F75B99ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13149882-F480-4F6B-8C6A-0764F75B99ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{13149882-F480-4F6B-8C6A-0764F75B99ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13149882-F480-4F6B-8C6A-0764F75B99ED}\ not found.
Starting removal of ActiveX control {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920}
C:\WINDOWS\Downloaded Program Files\NCSview.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{76A2A0AB-38B7-46DB-8E47-F10CDE4D7920}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76A2A0AB-38B7-46DB-8E47-F10CDE4D7920}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{76A2A0AB-38B7-46DB-8E47-F10CDE4D7920}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76A2A0AB-38B7-46DB-8E47-F10CDE4D7920}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E473A65C-8087-49A3-AFFD-C5BC4A10669B}
C:\WINDOWS\Downloaded Program Files\qsp2ie.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1F2.tmp deleted successfully.
C:\WINDOWS\System32\SET1FE.tmp deleted successfully.
C:\WINDOWS\System32\SET58.tmp deleted successfully.
C:\WINDOWS\System32\SET61.tmp deleted successfully.
C:\Documents and Settings\Tamara\Desktop\~WRL2108.tmp deleted successfully.
C:\Documents and Settings\Tamara\Desktop\~WRL2549.tmp deleted successfully.
C:\Documents and Settings\Tamara\Desktop\~WRL3728.tmp deleted successfully.
C:\WINDOWS\002871_.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP56DDC33 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPA3C6C07 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:700CD00E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP0570058 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP9F6664C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP66B5EAE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:74699137 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 215527 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tamara
->Temp folder emptied: 19411991 bytes
->Temporary Internet Files folder emptied: 804953 bytes
->Java cache emptied: 188367 bytes
->FireFox cache emptied: 3239618 bytes
->Google Chrome cache emptied: 250235402 bytes
->Flash cache emptied: 840239 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68097802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12799052 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 144490 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 340.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Tamara
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08132010_215016

Files\Folders moved on Reboot...
C:\WINDOWS\temp\vtclrg41.tmp moved successfully.

Registry entries deleted on Reboot...



Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee VirusScan Enterprise
McAfee AntiSpyware Enterprise Module
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java(TM) 6 Update 21
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0.9
Adobe Reader 7.0.5 Language Support
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VirusScan Enterprise mcshield.exe
McAfee VirusScan Enterprise vstskmgr.exe
McAfee VirusScan Enterprise SHSTAT.EXE
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````