Solved Just-In-Time Debugging popups/windows update failure

rumrunner · 2010/07/19

[Resolved] Just-In-Time Debugging popups/windows update failure

Hi,

I had a run in with rogue antispyware (Antimalware doctor.) Used HJT, Malwarebytes, OTM.exe, and manual deletion of remaining registry keys, with (apparent) success. The problem:
1. "Just-In-Time debugging" popup windows began occurring within minutes of the Antimalware doctor infection. Antimalware doctor appears to be gone, but the popups remain. I have tried the advice at http://social.msdn.microsoft.com/For...1-d5fc3aa5167c
(internet explorer settings and modifying registry keys) without success.

2. Unable to update windows. Taskbar icon lists status as "downloading 0%" Trying the microsoft update website gives the message "Internet explorer cannot display the webpage" [via IE7] or "This webpage is not available" [via Chrome.] Any google search with "update.microsoft.com" in the search yields the same message.

3. More of a symptom than a direct problem: no luck with windows system restore. Restore points are listed, but I am unable to restore successfully.

I have to admit, I'm stuck. Any help would be greatly appreciated.

DDS.txt log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dad at 23:03:53.42 on Sun 07/18/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1826 [GMT -6:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://maps.google.com/maps?hl=en&tab=wl
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Dit] Dit.exe
mRun: [SetIcon] c:\program files\icons\Seticon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: <NO NAME> =
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279510475015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-27 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100716.001\IDSXpx86.sys [2010-7-16 331640]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-6-1 21048]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-27 117640]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2008-6-4 13440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-5 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100718.003\NAVENG.SYS [2010-7-18 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100718.003\NAVEX15.SYS [2010-7-18 1362608]
S3 ALLOW-IO;ALLOW-IO;\??\m:\allow-io.sys --> m:\ALLOW-IO.sys [?]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [2010-6-10 99968]

=============== Created Last 30 ================

2010-07-19 04:44:48 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-19 04:44:42 0 d-----w- c:\program files\Panda Security
2010-07-19 03:03:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 00:56:07 0 d-----w- C:\_OTM
2010-07-18 23:50:37 0 d-----w- c:\docume~1\dad\applic~1\Malwarebytes
2010-07-18 23:50:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 23:50:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-18 23:50:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

==================== Find3M ====================

2010-07-19 03:12:57 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-07-18 02:30:05 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-21 20:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 04:22:34 104760 ----a-w- c:\windows\fonts\AdobeFnt07.lst

============= FINISH: 23:04:35.82 ===============

Attach.txt log
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/28/2008 1:28:40 AM
System Uptime: 7/18/2010 9:31:30 PM (2 hours ago)

Motherboard: http://www.abit.com.tw/ | | IP35 PRO(P35+ICH9R)
Processor: Intel Pentium III Xeon processor | Socket 775 | 3006/334mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 12.987 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 25.029 GiB free.
E: is FIXED (NTFS) - 40 GiB total, 33.449 GiB free.
F: is FIXED (NTFS) - 40 GiB total, 18.529 GiB free.
G: is FIXED (NTFS) - 100 GiB total, 12.539 GiB free.
H: is FIXED (NTFS) - 80 GiB total, 47.866 GiB free.
I: is FIXED (NTFS) - 80 GiB total, 25.015 GiB free.
J: is FIXED (NTFS) - 200 GiB total, 120.805 GiB free.
K: is CDROM ()
Q: is Removable
R: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP779: 6/5/2010 10:58:09 AM - Software Distribution Service 3.0
RP780: 6/6/2010 3:10:57 PM - Installed Microsoft Works 6-9 Converter
RP781: 6/7/2010 5:15:30 PM - System Checkpoint
RP782: 6/8/2010 1:54:10 AM - Software Distribution Service 3.0
RP783: 6/9/2010 2:44:37 AM - System Checkpoint
RP784: 6/10/2010 6:43:41 AM - System Checkpoint
RP785: 6/11/2010 1:54:11 AM - Software Distribution Service 3.0
RP786: 6/12/2010 2:24:11 AM - System Checkpoint
RP787: 6/13/2010 3:55:38 AM - System Checkpoint
RP788: 6/14/2010 8:37:44 AM - System Checkpoint
RP789: 6/15/2010 8:33:48 AM - Software Distribution Service 3.0
RP790: 6/16/2010 9:46:32 AM - System Checkpoint
RP791: 6/17/2010 3:05:37 PM - System Checkpoint
RP792: 6/18/2010 1:56:11 AM - Software Distribution Service 3.0
RP793: 6/19/2010 9:56:14 AM - System Checkpoint
RP794: 6/20/2010 6:48:21 PM - System Checkpoint
RP795: 6/21/2010 7:42:06 PM - System Checkpoint
RP796: 6/23/2010 9:27:16 AM - Software Distribution Service 3.0
RP797: 6/24/2010 4:07:02 PM - System Checkpoint
RP798: 6/25/2010 2:08:10 AM - Software Distribution Service 3.0
RP799: 6/26/2010 8:59:55 AM - System Checkpoint
RP800: 6/27/2010 9:18:27 AM - System Checkpoint
RP801: 6/28/2010 10:22:12 AM - System Checkpoint
RP802: 6/29/2010 2:07:11 AM - Software Distribution Service 3.0
RP803: 6/30/2010 10:06:16 AM - System Checkpoint
RP804: 7/5/2010 9:58:23 PM - Software Distribution Service 3.0
RP805: 7/7/2010 1:15:59 AM - System Checkpoint
RP806: 7/8/2010 1:17:27 AM - System Checkpoint
RP807: 7/9/2010 8:36:12 AM - System Checkpoint
RP808: 7/10/2010 2:27:10 AM - Software Distribution Service 3.0
RP809: 7/11/2010 9:43:12 AM - System Checkpoint
RP810: 7/12/2010 11:16:13 AM - System Checkpoint
RP811: 7/13/2010 1:42:14 AM - Software Distribution Service 3.0
RP812: 7/14/2010 1:49:33 AM - System Checkpoint
RP813: 7/15/2010 12:09:21 PM - System Checkpoint
RP814: 7/16/2010 1:42:09 AM - Software Distribution Service 3.0
RP815: 7/17/2010 2:13:13 AM - System Checkpoint
RP816: 7/18/2010 8:56:41 AM - System Checkpoint
RP817: 7/18/2010 9:03:38 PM - Installed Java(TM) 6 Update 20
RP818: 7/18/2010 9:23:45 PM - Restore Operation
RP819: 7/18/2010 9:26:52 PM - Restore Operation
RP820: 7/18/2010 9:29:34 PM - Restore Operation
RP821: 7/18/2010 9:32:13 PM - Restore Operation

==== Installed Programs ======================

A.F.5 Rename your files 1.1
ACE Mega CoDecS Pack
Acrobat.com
Acronis*True*Image*Home
Acronis*TrueImage
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
AllToAVI v4 r5394
Amazon MP3 Downloader 1.0.5
Apple Software Update
ASUS Gamer OSD
ASUS nVidia Driver
Auto Gordian Knot 2.45
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
Avira NTFS4DOS 1.9
AviSynth 2.5
Better Homes and Gardens Landscaping and Deck Designer 7.0
Better Homes and Gardens Landscaping and Deck Designer 7.0 Training Videos
Canon iP5200
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
Civilization III
Civilization III v1.29f
Compatibility Pack for the 2007 Office system
Convert
Creative Jukebox Driver
Creative NOMAD II Driver
Creative PlayCenter 2
Creative System Information
Creative ZEN
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Diagnostic for Windows
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EViews 6
Finale 2010
Finale NotePad 2010
foobar2000
Google Chrome
Google Talk (remove only)
HandBrake 0.9.3
Hercules Dualpix Exchange
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
ID3-TagIT 3
Intel® Matrix Storage Manager
IsoBuster 2.3
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JBidwatcher 2
JMB36X Raid Configurer
LiveUpdate 2.0 (Symantec Corporation)
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Monkey's Audio
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multi-Card Reader & Flash Disk
Nero 8
neroxml
NOMAD II Manual
Norton Internet Security
Norton PartitionMagic
Norton PartitionMagic 8.0
NVIDIA Drivers
Oracle Crystal Ball
Panda ActiveScan 2.0
PHStat2 2.8.1
Picasa 3
PixiePack Codec Pack
PowerDVD
PSP Video 9 4.04
QuickTime
R-Studio 4.2
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Remote Control USB Driver
SDFormatter
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SiSoftware Sandra Lite XII.SP1
Skypeâ„¢ 4.2
Snood for Windows version 3.52-W
Spelling Dictionaries Support For Adobe Reader 9
Steam
SureThing CD Labeler LightScribe 5.0.581.0
TimeLeft
UISDMC64W Device Driver
Unlocker 1.8.7
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Mass Storage Reader
USB97C210 Driver and Icon
VCRedistSetup
VideoCam Suite 2.0
Virtual Garden
VLC media player 0.9.8a
VobSub v2.23 (Remove Only)
Webcam Station Evolution SE
WebFldrs XP
Winamp
Windows Defender
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Service Pack 3
WinImage
WinRAR archiver
XviD MPEG-4 Video Codec
XviD MPEG4 Video Codec (remove only)
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

7/18/2010 7:44:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
7/18/2010 7:44:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/18/2010 6:56:09 PM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 6:56:08 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 6:56:08 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 6:56:08 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 6:56:08 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 6:56:08 PM, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 6:56:08 PM, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 6:56:08 PM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
7/18/2010 5:50:53 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2010 5:38:36 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuweb.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
7/18/2010 4:32:38 PM, error: Print [6161] - The document Microsoft Word - Document1 owned by Dad failed to print on printer Canon iP5200. Data type: NT EMF 1.008. Size of the spool file in bytes: 12159988. Number of bytes printed: 2393332. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\DEEPBLUE. Win32 error code returned by the print processor: 6 (0x6).
7/11/2010 7:58:16 AM, error: Print [23] - Printer Quicken PDF Printer failed to initialize because a suitable Amyuni Document Converter 2.50 driver could not be found.
7/11/2010 7:58:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CAILI service to connect.
7/11/2010 7:58:12 AM, error: Service Control Manager [7000] - The CAILI service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

broni · 2010/07/19

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

rumrunner · 2010/07/19

no trouble with GMER, although my system did BSOD about 30 seconds after I exited GMER.

Malwarebytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4325

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/19/2010 12:12:53 AM
mbam-log-2010-07-19 (00-12-53).txt

Scan type: Quick scan
Objects scanned: 131738
Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-19 17:46:12
Windows 5.1.2600 Service Pack 3
Running: 59jtpm6n.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\kxryapoc.sys

---- System - GMER 1.0.15 ----

SSDT 8A127538 ZwAlertResumeThread
SSDT 8AE110B8 ZwAlertThread
SSDT 8A0F7078 ZwAllocateVirtualMemory
SSDT 89FFE0C8 ZwAssignProcessToJobObject
SSDT 8A047FB0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xACE02130]
SSDT 8A106CC0 ZwCreateMutant
SSDT 8A0304F8 ZwCreateSymbolicLinkObject
SSDT 8A11FF18 ZwCreateThread
SSDT 8A0787E0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xACE023B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xACE02910]
SSDT 8A0F1938 ZwDuplicateObject
SSDT 8A0CD1D0 ZwFreeVirtualMemory
SSDT 8959B148 ZwImpersonateAnonymousToken
SSDT 8A03B270 ZwImpersonateThread
SSDT 897BC8C0 ZwLoadDriver
SSDT 8A0CD070 ZwMapViewOfSection
SSDT 8A11FDA0 ZwOpenEvent
SSDT 89FCDB08 ZwOpenProcess
SSDT 8A02C0C8 ZwOpenProcessToken
SSDT 89FB2E20 ZwOpenSection
SSDT 8A0F1AC8 ZwOpenThread
SSDT 8A02F808 ZwProtectVirtualMemory
SSDT 8A032878 ZwResumeThread
SSDT 8A0A7380 ZwSetContextThread
SSDT 8A033638 ZwSetInformationProcess
SSDT 88E14058 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xACE02B60]
SSDT 895420E0 ZwSuspendProcess
SSDT 8A0001E0 ZwSuspendThread
SSDT \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA5F28620]
SSDT 8A151C50 ZwTerminateThread
SSDT 8A02D840 ZwUnmapViewOfSection
SSDT 8955D110 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DAD 80504649 7 Bytes [DB, FC, 89, C8, C0, 02, 8A]
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D50360, 0x372FAD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[876] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\System32\svchost.exe[876] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\wuauclt.exe[3264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\wuauclt.exe[3264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[3264] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\system32\wuauclt.exe[3448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\wuauclt.exe[3448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\wuauclt.exe[3448] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C0000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume10 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume10 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A4AC7D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

broni · 2010/07/19

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

rumrunner · 2010/07/19

Things are looking up...No problems with ComboFix. After ComboFix completed, the Windows updates icon indicated updates were downloading. I can also access updates.microsoft.com.

I appreciate the help.

ComboFix 10-07-19.01 - Dad 07/19/2010 20:38:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2855 [GMT -6:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dad\My Documents\temp.reg

Infected copy of c:\windows\system32\drivers\snapman.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-20 02:34 . 2010-07-20 02:34 -------- d-----w- c:\windows\LastGood
2010-07-19 05:41 . 2010-07-19 05:41 63488 ----a-w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-19 05:41 . 2010-07-19 05:41 52224 ----a-w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-19 05:41 . 2010-07-19 05:41 117760 ----a-w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-19 05:41 . 2010-07-19 05:41 -------- d-----w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
2010-07-19 05:41 . 2010-07-19 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-19 04:44 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-19 04:44 . 2010-07-19 04:44 -------- d-----w- c:\program files\Panda Security
2010-07-19 03:04 . 2010-07-19 03:04 503808 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-675e4b6a-n\msvcp71.dll
2010-07-19 03:04 . 2010-07-19 03:04 499712 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-675e4b6a-n\jmc.dll
2010-07-19 03:04 . 2010-07-19 03:04 348160 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-675e4b6a-n\msvcr71.dll
2010-07-19 03:04 . 2010-07-19 03:04 61440 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-433742be-n\decora-sse.dll
2010-07-19 03:04 . 2010-07-19 03:04 12800 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-433742be-n\decora-d3d.dll
2010-07-19 03:03 . 2010-04-12 23:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 00:56 . 2010-07-19 00:56 -------- d-----w- C:\_OTM
2010-07-18 23:50 . 2010-07-18 23:50 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2010-07-18 23:50 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 23:50 . 2010-07-18 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 23:50 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 02:53 . 2010-07-16 02:54 26641904 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-07-16 02:53 . 2010-07-16 02:53 220272 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-07-16 02:53 . 2010-07-16 02:53 149000 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-07-16 02:53 . 2010-07-16 02:53 13407072 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-07-16 02:53 . 2010-07-16 02:53 79368 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-07-16 02:53 . 2010-07-16 02:53 73344 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-07-16 02:53 . 2010-07-16 02:53 64000 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-07-16 02:53 . 2010-07-16 02:53 52288 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-07-16 02:53 . 2010-07-16 02:53 122880 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-07-15 18:53 . 2010-07-15 18:53 452104 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.12\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 23:50 . 2008-06-04 06:37 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-07-19 03:04 . 2008-05-17 07:01 -------- d-----w- c:\program files\Common Files\Java
2010-07-18 23:58 . 2009-10-31 23:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-18 02:30 . 2008-02-29 09:46 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-07-17 18:32 . 2010-06-11 05:03 -------- d-----w- c:\documents and settings\Dad\Application Data\Skype
2010-07-06 18:53 . 2010-06-14 16:45 439816 ----a-w- c:\documents and settings\Dad\Application Data\Real\Update\setup3.10\setup.exe
2010-06-11 05:34 . 2008-02-29 09:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-11 05:03 . 2010-06-11 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15285\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15285\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15285\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\15285\AcrobatUpdater.exe
2010-06-06 21:11 . 2010-06-06 21:10 -------- d-----w- c:\program files\Microsoft Works
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-21 20:14 . 2009-10-03 08:09 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-26 01:18 . 2010-04-26 01:18 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-04-26 01:18 . 2010-03-31 18:43 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RTHDCPL "= "RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel "= "SkyTel.EXE" [2006-05-16 2879488]
"36X Raid Configurer "= "c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz "= "nwiz.exe" [2008-05-03 1630208]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Dit "= "Dit.exe" [2003-12-30 94208]
"SetIcon "= "c:\program files\Icons\Seticon.exe" [2002-10-04 39936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk
backup=c:\windows\pss\VideoCam Suite 2.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 08:55 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 09:02 905056 ----a-w- e:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2007-07-12 17:03 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-04 05:01 133104 ----atw- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 23:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 22:29 2221352 ----a-w- e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 15:59 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 05:37 413696 ----a-w- e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 01:42 32768 ----a-w- e:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 08:52 2595480 ----a-w- e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- e:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService "=2 (0x2)
"SandraTheSrv "=3 (0x3)
"SandraDataSrv "=3 (0x3)
"Nero BackItUp Scheduler 3 "=2 (0x2)
"ATKKeyboardService "=2 (0x2)
"PLFlash DeviceIoControl Service "=2 (0x2)
"NMIndexingService "=3 (0x3)
"Creative Service for CDROM Access "=2 (0x2)
"CAILI "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"e:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe "=
"e:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"d:\\Program Files\\Steam\\Steam.exe "=
"e:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5222:TCP "= 5222:TCP:westminster-tcp
"5222:UDP "= 5222:UDP:westminster-udp

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/18/2010 10:44 PM 28552]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [1/27/2010 9:27 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [1/27/2010 9:27 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [1/27/2010 9:27 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100719.001\IDSXpx86.sys [7/19/2010 6:01 PM 331640]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [6/1/2008 7:24 PM 21048]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [1/27/2010 9:27 PM 117640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [6/4/2008 12:37 AM 13440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/5/2010 2:34 AM 102448]
S3 ALLOW-IO;ALLOW-IO;\??\m:\allow-io.sys --> m:\ALLOW-IO.sys [?]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [6/10/2010 11:27 PM 99968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/18/2010 5:50 PM 38224]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 22:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1177238915-839522115-1003Core.job
- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 05:01]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1177238915-839522115-1003UA.job
- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 05:01]

2010-07-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://maps.google.com/maps?hl=en&tab=wl
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-lauchsrv - c:\windows\lauchsrv.exe
AddRemove-TrueImage - e:\program files\Acronis\TrueImage\MediaBuilder.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 20:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1796)
e:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1856)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-07-19 20:42:39
ComboFix-quarantined-files.txt 2010-07-20 02:42

Pre-Run: 13,793,939,456 bytes free
Post-Run: 13,896,355,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 40CA7553889EFFC058CA25078FA1EAD1

broni · 2010/07/19

Wonderful

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===========================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

rumrunner · 2010/07/19

OTL.txt [extras.txt in next post]

OTL logfile created on: 7/19/2010 9:40:21 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 14.25 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 25.04 Gb Free Space | 62.60% Space Free | Partition Type: NTFS
Drive E: | 40.00 Gb Total Space | 33.45 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
Drive F: | 40.00 Gb Total Space | 18.53 Gb Free Space | 46.32% Space Free | Partition Type: NTFS
Drive G: | 100.00 Gb Total Space | 12.54 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive H: | 80.00 Gb Total Space | 47.86 Gb Free Space | 59.83% Space Free | Partition Type: NTFS
Drive I: | 80.00 Gb Total Space | 25.01 Gb Free Space | 31.27% Space Free | Partition Type: NTFS
Drive J: | 200.00 Gb Total Space | 120.81 Gb Free Space | 60.40% Space Free | Partition Type: NTFS

Computer Name: DEEPBLUE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/19 21:37:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
PRC - [2010/06/29 11:48:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/08/22 01:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/29 03:12:36 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/07/07 17:14:38 | 000,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2003/12/29 23:33:16 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2002/10/04 09:39:00 | 000,039,936 | ---- | M] (Standard Microsystems Corp.) -- C:\Program Files\Icons\SetIcon.exe

========== Modules (SafeList) ==========

MOD - [2010/07/19 21:37:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
MOD - [2009/08/22 01:21:16 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2009/08/22 01:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/12/12 18:32:20 | 001,253,568 | ---- | M] (SiSoftware) [Disabled | Stopped] -- e:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/12/12 18:31:58 | 000,213,176 | ---- | M] (SiSoftware) [Disabled | Stopped] -- e:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/11/30 05:18:51 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/07/12 17:30:42 | 000,257,024 | ---- | M] (ASUSTeK COMPUTER INC.) [Disabled | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/02/25 18:29:36 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\caili.exe -- (CAILI)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dad\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- M:\ALLOW-IO.sys -- (ALLOW-IO)
DRV - [2010/07/19 21:36:14 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/07/13 02:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100719.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 02:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100719.020\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/05 02:34:46 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/05 02:34:46 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 13:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100719.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 21:27:45 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/09/08 16:53:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/22 01:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 01:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 01:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 01:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 01:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 01:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 01:21:19 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 01:21:19 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/22 01:21:06 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 01:21:06 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/22 15:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/02/09 00:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2008/11/04 11:37:28 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/07/21 21:45:37 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/07/21 21:45:37 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/07/21 21:45:33 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/07/21 21:45:29 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/05/07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/05/02 22:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/12 11:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007/07/12 11:03:40 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2007/07/12 11:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007/07/12 11:03:38 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/05/24 04:30:10 | 000,049,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/01/30 04:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/14 16:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/10/01 14:10:42 | 000,021,048 | ---- | M] (ABIT) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uGuru.sys -- (UGURU)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/05/05 22:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://maps.google.com/maps?hl=en&tab=wl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/19 09:47:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 14:29:46 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/07/19 20:41:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279595238500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279510475015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/28 01:58:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/19 21:38:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/19 21:37:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2010/07/19 21:13:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/07/19 20:27:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/19 20:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 23:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\SUPERAntiSpyware.com
[2010/07/18 23:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/18 22:44:48 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/07/18 22:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/07/18 21:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/18 18:56:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/18 17:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Malwarebytes
[2010/07/18 17:50:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 17:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 17:50:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 12:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/18 12:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/08 22:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\dewbury documents
[2010/07/08 22:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\shandrea writings
[2010/07/08 22:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\kid writings
[2010/06/10 23:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\Hercules webcam
[2010/06/10 23:27:16 | 000,291,328 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2uvc.dll
[2010/06/10 23:27:16 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/06/10 23:27:16 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/06/10 23:27:16 | 000,099,968 | ---- | C] (Guillemot Corporation) -- C:\WINDOWS\System32\drivers\hxctlflt.sys
[2010/06/10 23:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Skype
[2010/06/10 23:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/06/06 15:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/09 15:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\ART Inc
[2010/05/08 19:24:48 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/05/08 14:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/05/01 22:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\IMGA0592
[2010/04/28 22:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\IMGA0567
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/19 21:39:14 | 000,013,722 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 21:39:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/19 21:39:09 | 000,000,142 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/07/19 21:37:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2010/07/19 21:36:14 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/07/19 21:36:09 | 000,175,169 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/19 21:36:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 21:36:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 21:34:57 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Dad\ntuser.dat
[2010/07/19 21:34:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini
[2010/07/19 20:51:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1177238915-839522115-1003UA.job
[2010/07/19 20:41:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 20:41:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/19 20:27:34 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/19 18:08:28 | 001,293,824 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Doc1.doc
[2010/07/19 18:01:48 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/07/19 17:58:12 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2010/07/19 17:50:13 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/19 00:10:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\59jtpm6n.exe
[2010/07/18 23:51:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1177238915-839522115-1003Core.job
[2010/07/18 23:41:11 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/18 22:53:28 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\dds.scr
[2010/07/18 21:30:39 | 006,391,764 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db
[2010/07/18 17:38:43 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/18 17:38:43 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/07/18 16:59:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/17 20:30:05 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2010/07/17 20:30:04 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 17:06:20 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Dad\default.pls
[2010/07/17 17:05:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/16 02:45:52 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Zach allergy.xls
[2010/07/16 01:58:59 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/07/15 16:20:51 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\MS LifeLines Letter.doc
[2010/07/12 08:36:36 | 000,002,175 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/07/11 00:49:24 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Reasons we should get reduced price Rebif.doc
[2010/06/05 21:50:47 | 645,983,588 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\J1.scn
[2010/06/05 12:05:50 | 000,858,096 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\opr200506301012-1-16.pdf
[2010/05/20 01:35:47 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\movingnotes.doc
[2010/05/09 15:06:44 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Landscaping and Deck Designer 7.0.lnk
[2010/05/01 22:51:00 | 004,216,768 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\IMGA0592.zip
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 00:33:00 | 012,575,164 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\video4.mpg
[2010/04/29 00:23:00 | 003,925,236 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\video3.mpg
[2010/04/29 00:19:00 | 013,007,428 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\video2.mpg
[2010/04/29 00:10:00 | 005,777,464 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\video1.mpg
[2010/04/28 22:17:00 | 002,751,813 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\IMGA0567.zip
[2010/04/25 21:21:36 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Quicken 2007.lnk
[2010/04/25 19:19:02 | 000,000,165 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/04/24 23:44:30 | 000,153,174 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\I2.scn
[2010/04/24 23:17:09 | 006,536,728 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\H4.scn
[2010/04/24 22:16:38 | 148,389,334 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\G3.scn
[2010/04/24 21:49:14 | 005,278,990 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\E2.scn
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/19 21:39:09 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/07/19 20:27:33 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/07/19 20:27:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/19 00:10:41 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\59jtpm6n.exe
[2010/07/18 23:41:11 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/18 22:53:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\dds.scr
[2010/07/18 16:57:46 | 001,293,824 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Doc1.doc
[2010/07/16 02:21:22 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Zach allergy.xls
[2010/07/15 15:43:38 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\MS LifeLines Letter.doc
[2010/07/11 00:49:24 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Reasons we should get reduced price Rebif.doc
[2010/06/10 23:50:13 | 000,002,175 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/06/10 23:34:42 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2010/06/10 23:27:16 | 003,482,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/06/10 23:27:16 | 000,027,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/06/10 23:27:16 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/06/10 23:27:16 | 000,013,022 | ---- | C] () -- C:\WINDOWS\snp2uvc.src
[2010/06/05 12:05:50 | 000,858,096 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\opr200506301012-1-16.pdf
[2010/05/17 10:01:24 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\movingnotes.doc
[2010/05/09 15:06:44 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Landscaping and Deck Designer 7.0.lnk
[2010/05/01 22:51:32 | 004,216,768 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\IMGA0592.zip
[2010/04/29 00:33:39 | 012,575,164 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\video4.mpg
[2010/04/29 00:23:16 | 003,925,236 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\video3.mpg
[2010/04/29 00:19:47 | 013,007,428 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\video2.mpg
[2010/04/29 00:10:18 | 005,777,464 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\video1.mpg
[2010/04/28 22:18:24 | 002,751,813 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\IMGA0567.zip
[2010/04/24 23:44:30 | 000,153,174 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\I2.scn
[2010/04/24 23:17:09 | 006,536,728 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\H4.scn
[2010/04/24 22:16:35 | 148,389,334 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\G3.scn
[2010/04/24 21:49:14 | 005,278,990 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\E2.scn
[2010/04/24 20:42:53 | 645,983,588 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\J1.scn
[2009/01/18 21:42:17 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2008/11/17 20:24:32 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/06/18 15:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/04 00:37:53 | 000,000,260 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2008/06/01 21:38:05 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/06/01 17:52:57 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2008/06/01 17:52:57 | 000,000,023 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2008/05/18 19:54:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/17 21:48:44 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/05/16 22:28:51 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/05/15 23:14:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/15 22:52:59 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2008/05/15 22:47:43 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/02/29 03:46:59 | 000,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2008/02/29 03:46:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2008/02/29 03:46:59 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/02/29 03:46:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/29 03:46:58 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/02/29 03:46:58 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/02/29 03:46:58 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/02/29 03:46:58 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/02/29 03:46:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/02/29 03:46:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/02/29 03:46:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/02/29 03:46:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007/07/25 07:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/28 10:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 10:43:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 10:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 10:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 10:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/18 07:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2004/08/04 06:00:00 | 000,029,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/08/22 08:52:14 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\smsc.ini

========== LOP Check ==========

[2008/12/10 01:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/02/11 23:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/05/15 22:52:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/10 01:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Decisioneering
[2009/09/02 01:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
[2008/09/06 22:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/10/10 01:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2009/07/20 23:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/01/31 00:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/07/18 17:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/23 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Acronis
[2009/09/01 21:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Amazon
[2009/10/10 01:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Decisioneering
[2009/11/19 17:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\GibbHill Properties Ltd
[2009/01/22 00:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\HandBrake
[2009/09/02 01:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\ID3-TagIT 3
[2008/05/17 01:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\NesterSoft
[2009/10/10 01:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Oracle
[2009/07/20 23:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Panasonic
[2009/08/28 22:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Quantitative Micro Software
[2009/01/19 20:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\webex
[2010/07/19 21:39:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/02/28 01:58:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/18 17:38:43 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/07/19 20:27:34 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2008/05/18 01:48:08 | 000,034,674 | ---- | M] () -- C:\caavsetupLog.txt
[2009/02/11 23:09:36 | 001,698,474 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/19 20:42:39 | 000,017,778 | ---- | M] () -- C:\ComboFix.txt
[2008/02/28 01:58:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/15 23:07:39 | 000,000,188 | ---- | M] () -- C:\CtDrvIns.log
[2008/02/28 01:58:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/28 01:58:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/16 03:14:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/06/07 19:40:06 | 000,000,211 | ---- | M] () -- C:\old_boot.ini
[2010/07/19 21:35:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/12/13 15:03:07 | 000,003,016 | ---- | M] () -- C:\Rescued document.txt
[2008/02/29 03:10:52 | 000,000,526 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/05/06 23:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD79.DLL
[2005/05/06 23:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP79.DLL
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/02/27 19:20:22 | 000,229,376 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/28 02:00:32 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/02/27 19:20:22 | 008,650,752 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/27 19:20:22 | 001,490,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 18:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 18:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 18:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >

rumrunner · 2010/07/19

Extras.txt [OTL.txt in previous post]

OTL Extras logfile created on: 7/19/2010 9:40:21 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 14.25 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 25.04 Gb Free Space | 62.60% Space Free | Partition Type: NTFS
Drive E: | 40.00 Gb Total Space | 33.45 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
Drive F: | 40.00 Gb Total Space | 18.53 Gb Free Space | 46.32% Space Free | Partition Type: NTFS
Drive G: | 100.00 Gb Total Space | 12.54 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive H: | 80.00 Gb Total Space | 47.86 Gb Free Space | 59.83% Space Free | Partition Type: NTFS
Drive I: | 80.00 Gb Total Space | 25.01 Gb Free Space | 31.27% Space Free | Partition Type: NTFS
Drive J: | 200.00 Gb Total Space | 120.81 Gb Free Space | 60.40% Space Free | Partition Type: NTFS

Computer Name: DEEPBLUE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- e:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "E:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- e:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "e:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "e:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "e:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5222:TCP" = 5222:TCP:*:Enabled:westminster-tcp
"5222:UDP" = 5222:UDP:*:Enabled:westminster-udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe" = E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe" = E:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B144EDD-2F2A-4F77-9A06-247353849272}" = Oracle Crystal Ball
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{2FDDE008-7BAA-4CAC-9AC3-92C0C1111A3A}" = Hercules Dualpix Exchange
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB0D53E-1167-4A61-8661-62FB02050D02}" = EViews 6
"{51729BDF-5ED6-41ED-9CC6-5BFC7F4A4C18}" = Better Homes and Gardens Landscaping and Deck Designer 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6CB203AC-E5A7-424E-B4DC-C16564185463}" = PHStat2 2.8.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73BD5815-490E-4696-A61E-72113C52CAB5}" = UISDMC64W Device Driver
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC8}" = Multi-Card Reader & Flash Disk
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8A6CBEF0-7F31-4B83-B30E-8F2EF8AF0FA6}" = Better Homes and Gardens Landscaping and Deck Designer 7.0 Training Videos
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 2.0
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Webcam Station Evolution SE
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4EDFCA-66C5-4C01-AA33-C42A2BCA0584}" = USB97C210 Driver and Icon
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DD7B9B-4384-4131-A79C-804D6E0564BD}" = USB Mass Storage Reader
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AllToAVI" = AllToAVI v4 r5394
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AutoGK" = Auto Gordian Knot 2.45
"Avira NTFS4DOS" = Avira NTFS4DOS 1.9
"AviSynth" = AviSynth 2.5
"CANONBJ_Deinstall_CNMCP79.DLL" = Canon iP5200
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative NOMAD II Driver" = Creative NOMAD II Driver
"Creative PlayCenter 2.0" = Creative PlayCenter 2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Finale 2010" = Finale 2010
"Finale NotePad 2010" = Finale NotePad 2010
"foobar2000" = foobar2000
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"IsoBuster_is1" = IsoBuster 2.3
"JBidwatcher_0" = JBidwatcher 2
"JBidwatcher_1" = JBidwatcher 2
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOMAD II Manual" = NOMAD II Manual
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PSP Video 9" = PSP Video 9 4.04
"RealPlayer 6.0" = RealPlayer
"R-Studio 4.2NSIS" = R-Studio 4.2
"Snood_is1" = Snood for Windows version 3.52-W
"SureThing CD Labeler LightScribe_is1" = SureThing CD Labeler LightScribe 5.0.581.0
"SysInfo" = Creative System Information
"TIMELEFT3_is1" = TimeLeft
"Unlocker" = Unlocker 1.8.7
"Virtual Garden" = Virtual Garden
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinImage" = WinImage
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xvid" = XviD MPEG-4 Video Codec
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2010 10:11:33 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 455
Description = wuaueng.dll (1372) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/19/2010 10:12:08 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 489
Description = wuauclt (2628) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/19/2010 10:12:08 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 455
Description = wuaueng.dll (2628) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/19/2010 10:12:19 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 489
Description = wuauclt (2628) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/19/2010 10:12:19 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 455
Description = wuaueng.dll (2628) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/19/2010 10:13:21 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 489
Description = wuauclt (2964) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/19/2010 10:13:21 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 455
Description = wuaueng.dll (2964) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/19/2010 10:13:32 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 489
Description = wuauclt (2964) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/19/2010 10:13:32 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 455
Description = wuaueng.dll (2964) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/19/2010 10:14:09 AM | Computer Name = DEEPBLUE | Source = ESENT | ID = 455
Description = wuaueng.dll (3260) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 7/19/2010 2:01:31 AM | Computer Name = DEEPBLUE | Source = Print | ID = 23
Description = Printer Quicken PDF Printer failed to initialize because a suitable
Amyuni Document Converter 2.50 driver could not be found.

Error - 7/19/2010 2:24:46 AM | Computer Name = DEEPBLUE | Source = Print | ID = 23
Description = Printer Quicken PDF Printer failed to initialize because a suitable
Amyuni Document Converter 2.50 driver could not be found.

Error - 7/19/2010 7:50:42 PM | Computer Name = DEEPBLUE | Source = Print | ID = 23
Description = Printer Quicken PDF Printer failed to initialize because a suitable
Amyuni Document Converter 2.50 driver could not be found.

Error - 7/19/2010 10:32:56 PM | Computer Name = DEEPBLUE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 7/19/2010 10:33:02 PM | Computer Name = DEEPBLUE | Source = Print | ID = 23
Description = Printer Quicken PDF Printer failed to initialize because a suitable
Amyuni Document Converter 2.50 driver could not be found.

Error - 7/19/2010 10:41:51 PM | Computer Name = DEEPBLUE | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
without first being prepared for removal.

Error - 7/19/2010 11:36:17 PM | Computer Name = DEEPBLUE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 7/19/2010 11:36:20 PM | Computer Name = DEEPBLUE | Source = Print | ID = 23
Description = Printer Quicken PDF Printer failed to initialize because a suitable
Amyuni Document Converter 2.50 driver could not be found.

Error - 7/19/2010 11:40:36 PM | Computer Name = DEEPBLUE | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/19/2010 11:40:37 PM | Computer Name = DEEPBLUE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

broni · 2010/07/19

Update your Java version here: http://www.java.com/en/download/installed.jsp
During installation, make sure to UN-check any pre-checked extra "garbage" installation, like Yahoo toolbar, or others.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

===============================================================

Is there any reason, system restore is disabled, or you're not aware of it?

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dad\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- M:\ALLOW-IO.sys -- (ALLOW-IO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

rumrunner · 2010/07/19

1. Java - updated.
2. System Restore - wasn't aware it was disabled. I checked my computer/properties/system restore, and all drives were listed as "monitoring." I checked the "turn off system restore on all drives" box, clicked apply, then unchecked the "turn off system restore on all drives" box, and clicked apply again.
3. OTL Fix log attached- Quick Scan log to follow in next post

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Dad\LOCALS~1\Temp\catchme.sys not found.
Service ALLOW-IO stopped successfully!
Service ALLOW-IO deleted successfully!
File M:\ALLOW-IO.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\xml1.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml2.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml3.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml4.tmp deleted successfully.
C:\WINDOWS\System32\SET16.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dad
->Temp folder emptied: 10196242 bytes
->Temporary Internet Files folder emptied: 1882327 bytes
->Java cache emptied: 131432 bytes
->Google Chrome cache emptied: 34809208 bytes
->Flash cache emptied: 1914 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 1792 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1486 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

[EMPTYFLASH]

User: All Users

User: Dad
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07192010_222949

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JET9AB9.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_940.dat not found!

Registry entries deleted on Reboot...

rumrunner · 2010/07/19

Quick Scan log

OTL logfile created on: 7/19/2010 10:39:55 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 14.42 Gb Free Space | 48.06% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 25.04 Gb Free Space | 62.59% Space Free | Partition Type: NTFS
Drive E: | 40.00 Gb Total Space | 33.45 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
Drive F: | 40.00 Gb Total Space | 18.53 Gb Free Space | 46.32% Space Free | Partition Type: NTFS
Drive G: | 100.00 Gb Total Space | 12.54 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive H: | 80.00 Gb Total Space | 47.86 Gb Free Space | 59.83% Space Free | Partition Type: NTFS
Drive I: | 80.00 Gb Total Space | 25.01 Gb Free Space | 31.27% Space Free | Partition Type: NTFS
Drive J: | 200.00 Gb Total Space | 120.81 Gb Free Space | 60.40% Space Free | Partition Type: NTFS

Computer Name: DEEPBLUE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/19 21:37:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
PRC - [2010/06/29 11:48:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/08/22 01:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/29 03:12:36 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/07/07 17:14:38 | 000,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2003/12/29 23:33:16 | 000,094,208 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2002/10/04 09:39:00 | 000,039,936 | ---- | M] (Standard Microsystems Corp.) -- C:\Program Files\Icons\SetIcon.exe

========== Modules (SafeList) ==========

MOD - [2010/07/19 21:37:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
MOD - [2009/08/22 01:21:16 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2009/08/22 01:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/12/12 18:32:20 | 001,253,568 | ---- | M] (SiSoftware) [Disabled | Stopped] -- e:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/12/12 18:31:58 | 000,213,176 | ---- | M] (SiSoftware) [Disabled | Stopped] -- e:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/07/12 17:30:42 | 000,257,024 | ---- | M] (ASUSTeK COMPUTER INC.) [Disabled | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/02/25 18:29:36 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\caili.exe -- (CAILI)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS -- (SYMDNS)
DRV - [2010/07/19 22:31:59 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/07/13 02:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100719.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 02:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100719.020\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/05 02:34:46 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/05 02:34:46 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 13:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100719.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 21:27:45 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/09/08 16:53:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/22 01:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 01:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 01:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 01:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 01:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 01:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 01:21:19 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 01:21:19 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/22 01:21:06 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 01:21:06 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/22 15:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/02/09 00:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2008/11/04 11:37:28 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/07/21 21:45:37 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/07/21 21:45:37 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/07/21 21:45:33 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/07/21 21:45:29 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/05/07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/05/02 22:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/12 11:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007/07/12 11:03:40 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2007/07/12 11:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007/07/12 11:03:38 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/05/24 04:30:10 | 000,049,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/01/30 04:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/14 16:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/10/01 14:10:42 | 000,021,048 | ---- | M] (ABIT) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uGuru.sys -- (UGURU)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/05/05 22:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://maps.google.com/maps?hl=en&tab=wl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/19 09:47:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 14:29:46 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/07/19 22:29:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe (Standard Microsystems Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279595238500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279510475015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/28 01:58:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/19 22:29:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/19 22:29:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/19 21:37:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2010/07/19 20:27:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/19 20:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 23:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\SUPERAntiSpyware.com
[2010/07/18 23:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/18 22:44:48 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/07/18 22:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/07/18 21:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/18 21:03:57 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/18 18:56:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/18 17:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Malwarebytes
[2010/07/18 17:50:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 17:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 17:50:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 12:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/18 12:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/08 22:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\dewbury documents
[2010/07/08 22:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\shandrea writings
[2010/07/08 22:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\kid writings
[2010/06/10 23:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\Hercules webcam
[2010/06/10 23:27:16 | 000,291,328 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2uvc.dll
[2010/06/10 23:27:16 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/06/10 23:27:16 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/06/10 23:27:16 | 000,099,968 | ---- | C] (Guillemot Corporation) -- C:\WINDOWS\System32\drivers\hxctlflt.sys
[2010/06/10 23:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Skype
[2010/06/10 23:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/06/06 15:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/09 15:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\ART Inc
[2010/05/08 19:24:48 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/05/08 14:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/05/01 22:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\IMGA0592
[2010/04/28 22:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\IMGA0567

========== Files - Modified Within 90 Days ==========

[2010/07/19 22:34:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/19 22:31:59 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/07/19 22:31:55 | 000,175,169 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/19 22:31:21 | 000,013,722 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 22:31:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 22:31:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 22:29:58 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Dad\ntuser.dat
[2010/07/19 22:29:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini
[2010/07/19 22:29:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/19 22:04:53 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2010/07/19 21:51:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1177238915-839522115-1003UA.job
[2010/07/19 21:37:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2010/07/19 20:41:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 20:27:34 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/19 18:08:28 | 001,293,824 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Doc1.doc
[2010/07/19 18:01:48 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/07/19 17:50:13 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/19 00:10:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\59jtpm6n.exe
[2010/07/18 23:51:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1177238915-839522115-1003Core.job
[2010/07/18 23:41:11 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/18 22:53:28 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\dds.scr
[2010/07/18 21:30:39 | 006,391,764 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db
[2010/07/18 17:38:43 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/18 17:38:43 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/07/18 16:59:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/17 20:30:05 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2010/07/17 20:30:04 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 17:06:20 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Dad\default.pls
[2010/07/17 17:05:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/16 02:45:52 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Zach allergy.xls
[2010/07/16 01:58:59 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/07/15 16:20:51 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\MS LifeLines Letter.doc
[2010/07/12 08:36:36 | 000,002,175 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/07/11 00:49:24 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Reasons we should get reduced price Rebif.doc
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/05 21:50:47 | 645,983,588 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\J1.scn
[2010/06/05 12:05:50 | 000,858,096 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\opr200506301012-1-16.pdf
[2010/05/20 01:35:47 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\movingnotes.doc
[2010/05/09 15:06:44 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Landscaping and Deck Designer 7.0.lnk
[2010/05/01 22:51:00 | 004,216,768 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\IMGA0592.zip
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 00:33:00 | 012,575,164 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\video4.mpg
[2010/04/29 00:23:00 | 003,925,236 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\video3.mpg
[2010/04/29 00:19:00 | 013,007,428 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\video2.mpg
[2010/04/29 00:10:00 | 005,777,464 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\video1.mpg
[2010/04/28 22:17:00 | 002,751,813 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\IMGA0567.zip
[2010/04/25 21:21:36 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Quicken 2007.lnk
[2010/04/25 19:19:02 | 000,000,165 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/04/24 23:44:30 | 000,153,174 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\I2.scn
[2010/04/24 23:17:09 | 006,536,728 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\H4.scn
[2010/04/24 22:16:38 | 148,389,334 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\G3.scn
[2010/04/24 21:49:14 | 005,278,990 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\E2.scn

========== Files Created - No Company Name ==========

[2010/07/19 20:27:33 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/07/19 20:27:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/19 00:10:41 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\59jtpm6n.exe
[2010/07/18 23:41:11 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/18 22:53:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\dds.scr
[2010/07/18 16:57:46 | 001,293,824 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Doc1.doc
[2010/07/16 02:21:22 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Zach allergy.xls
[2010/07/15 15:43:38 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\MS LifeLines Letter.doc
[2010/07/11 00:49:24 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Reasons we should get reduced price Rebif.doc
[2010/06/10 23:50:13 | 000,002,175 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/06/10 23:34:42 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2010/06/10 23:27:16 | 003,482,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/06/10 23:27:16 | 000,027,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/06/10 23:27:16 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/06/10 23:27:16 | 000,013,022 | ---- | C] () -- C:\WINDOWS\snp2uvc.src
[2010/06/05 12:05:50 | 000,858,096 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\opr200506301012-1-16.pdf
[2010/05/17 10:01:24 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\movingnotes.doc
[2010/05/09 15:06:44 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Landscaping and Deck Designer 7.0.lnk
[2010/05/01 22:51:32 | 004,216,768 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\IMGA0592.zip
[2010/04/29 00:33:39 | 012,575,164 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\video4.mpg
[2010/04/29 00:23:16 | 003,925,236 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\video3.mpg
[2010/04/29 00:19:47 | 013,007,428 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\video2.mpg
[2010/04/29 00:10:18 | 005,777,464 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\video1.mpg
[2010/04/28 22:18:24 | 002,751,813 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\IMGA0567.zip
[2010/04/24 23:44:30 | 000,153,174 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\I2.scn
[2010/04/24 23:17:09 | 006,536,728 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\H4.scn
[2010/04/24 22:16:35 | 148,389,334 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\G3.scn
[2010/04/24 21:49:14 | 005,278,990 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\E2.scn
[2010/04/24 20:42:53 | 645,983,588 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\J1.scn
[2009/01/18 21:42:17 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2008/11/17 20:24:32 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/06/18 15:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/04 00:37:53 | 000,000,260 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2008/06/01 21:38:05 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/06/01 17:52:57 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2008/06/01 17:52:57 | 000,000,023 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2008/05/18 19:54:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/17 21:48:44 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/05/16 22:28:51 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/05/15 23:14:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/15 22:52:59 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2008/05/15 22:47:43 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/02/29 03:46:59 | 000,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2008/02/29 03:46:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2008/02/29 03:46:59 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/02/29 03:46:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/29 03:46:58 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008/02/29 03:46:58 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008/02/29 03:46:58 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008/02/29 03:46:58 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008/02/29 03:46:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008/02/29 03:46:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008/02/29 03:46:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008/02/29 03:46:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007/07/25 07:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/28 10:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 10:43:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 10:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 10:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 10:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/18 07:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2004/08/04 06:00:00 | 000,029,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/08/22 08:52:14 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\smsc.ini

========== LOP Check ==========

[2008/12/10 01:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/02/11 23:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/05/15 22:52:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/10 01:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Decisioneering
[2009/09/02 01:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
[2008/09/06 22:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/10/10 01:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2009/07/20 23:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/01/31 00:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/07/18 17:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/23 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Acronis
[2009/09/01 21:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Amazon
[2009/10/10 01:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Decisioneering
[2009/11/19 17:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\GibbHill Properties Ltd
[2009/01/22 00:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\HandBrake
[2009/09/02 01:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\ID3-TagIT 3
[2008/05/17 01:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\NesterSoft
[2009/10/10 01:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Oracle
[2009/07/20 23:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Panasonic
[2009/08/28 22:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Quantitative Micro Software
[2009/01/19 20:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\webex
[2010/07/19 22:34:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

broni · 2010/07/19

Good

Last scan....

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

rumrunner · 2010/07/20

Hooray?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, July 20, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 19, 2010 21:31:18
Records in database: 4228926
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Q:\
R:\

Scan statistics:
Objects scanned: 152080
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:04:27

No threats found. Scanned area is clean.

Selected area has been scanned.

broni · 2010/07/20

Hooray?
Click to expand...

Sure thing

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

rumrunner · 2010/07/20

Broni - you rock.

Computer is A-OK. It was left on for the past 24 hours, with no JIT debug windows; windows updates completed successfully.

Thank you for time and effort - if it were not for people like you, people like me would be reformatting and reinstalling windows (at best), or completely *******.

Thanks again.

broni · 2010/07/20

You're very welcome
Good luck and stay safe

Log in or Sign up

Solved Just-In-Time Debugging popups/windows update failure

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Just-In-Time Debugging popups/windows update failure

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

rumrunner Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches