Friend's Computer

View previous topic View next topic Go down

Friend's Computer

Post by Misteretc on 23rd August 2010, 12:16 pm

Good Morning, I have a friend whose computer is infected with a trojan Virus of some kind. I'm helping her out and turned her on to you.

I've run OTL this morning and here's what I got from the Logs...

1st log...

OTL logfile created on: 8/23/2010 8:11:13 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\westlake.louise\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 111.33 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.45 Gb Total Space | 7.19 Gb Free Space | 96.46% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 67.82 Gb Total Space | 55.59 Gb Free Space | 81.96% Space Free | Partition Type: NTFS
Drive S: | 590.84 Gb Total Space | 73.49 Gb Free Space | 12.44% Space Free | Partition Type: NTFS
Drive X: | 1512.56 Gb Total Space | 119.13 Gb Free Space | 7.88% Space Free | Partition Type: NTFS
Drive Z: | 67.82 Gb Total Space | 55.59 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

Computer Name: WESTLA-L691-XP
Current User Name: westlake.louise
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/23 08:11:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\westlake.louise\Desktop\OTL.exe
PRC - [2010/07/19 13:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/16 13:39:13 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/20 12:08:26 | 001,693,184 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/09/04 22:12:58 | 000,247,080 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\Temp\pccntupd.exe
PRC - [2009/07/09 13:21:36 | 005,732,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2009/02/09 21:33:14 | 000,104,784 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe
PRC - [2009/02/04 17:35:00 | 000,078,848 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
PRC - [2009/02/04 17:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
PRC - [2008/10/30 15:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Distillr\AcroTray.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/19 15:03:20 | 000,917,504 | ---- | M] (Sensormatic Electronics Corporation) -- C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
PRC - [2007/03/19 15:02:54 | 000,081,920 | ---- | M] () -- C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
PRC - [2007/02/06 17:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/05 18:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/01/17 00:01:46 | 000,053,248 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2005/09/19 13:31:48 | 000,352,256 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
PRC - [2004/12/17 12:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\winzip\WZQKPICK.EXE
PRC - [2004/08/09 06:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2000/04/14 12:18:12 | 000,208,896 | ---- | M] (AT&T Research Labs Cambridge) -- C:\Program Files\ORL\VNC\WinVNC.exe
PRC - [1997/06/04 00:00:00 | 000,017,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Suss.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 08:11:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\westlake.louise\Desktop\OTL.exe
MOD - [2007/02/06 17:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/02 19:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\OfficeScan NT\tmlisten.exe -- (tmlisten)
SRV - [2010/02/02 19:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\OfficeScan NT\ntrtscan.exe -- (ntrtscan)
SRV - [2010/01/07 13:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\OfficeScan NT\TmPfw.exe -- (TmPfw)
SRV - [2010/01/07 13:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\OfficeScan NT\TmProxy.exe -- (TmProxy)
SRV - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/02/09 21:33:14 | 000,104,784 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe -- (mstbsvc)
SRV - [2009/02/04 17:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2007/03/19 15:02:54 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe -- (NtlxSrvMgr)
SRV - [2000/04/14 12:18:12 | 000,208,896 | ---- | M] (AT&T Research Labs Cambridge) [Auto | Running] -- C:\Program Files\ORL\VNC\WinVNC.exe -- (winvnc)
SRV - [1997/06/04 00:00:00 | 000,017,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Suss.exe -- (SU)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/26 18:41:18 | 000,059,408 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/02/26 18:41:16 | 000,051,216 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/02/26 18:41:12 | 000,163,344 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 19:58:58 | 000,340,496 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/01/07 11:43:04 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/12/04 18:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\OfficeScan NT\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 18:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\OfficeScan NT\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 18:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\OfficeScan NT\VsapiNT.sys -- (VSApiNt)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/19 14:20:47 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007/06/28 17:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/06/07 18:53:16 | 000,201,920 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/16 13:14:58 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/07 03:00:06 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/05/07 03:00:06 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/07 03:00:06 | 000,210,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/04/23 19:31:36 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/12 16:25:54 | 000,250,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/03/01 13:45:58 | 000,289,792 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/15 07:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/14 16:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 16:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/07 07:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2007/01/23 21:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/12/20 03:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/01/10 03:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/01/10 03:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2005/11/02 12:07:32 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/09/08 17:20:52 | 003,959,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/31 14:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 18:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/04/01 12:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/10 19:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/07 20:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/07 20:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/16 14:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003/01/07 09:29:24 | 000,009,049 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2003/01/07 09:29:00 | 000,115,008 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2003/01/07 09:29:00 | 000,115,008 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2002/04/11 23:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/21 10:01:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar BHO) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (Miva)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (MapQuest Toolbar Loader) - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva)
O3 - HKLM\..\Toolbar: (MapQuest Toolbar) - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (MapQuest Toolbar) - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [lbuyfsay] C:\Documents and Settings\westlake.louise\Local Settings\Application Data\mfypmkdgy\gvmnbhfshdw.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\OfficeScan NT\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateSerialNumber] C:\WINDOWS\System32\updateserial.exe ( )
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\ORL\VNC\WinVNC.exe (AT&T Research Labs Cambridge)
O4 - HKCU..\Run: [lbuyfsay] C:\Documents and Settings\westlake.louise\Local Settings\Application Data\mfypmkdgy\gvmnbhfshdw.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intellex Event Handler.lnk = C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe (Sensormatic Electronics Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\winzip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\westlake.louise\Start Menu\Programs\Startup\outlooksetup.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: l3.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: level3.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: SoftwareSpectrum.com ([]* in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.63.255.1 10.63.255.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.global.level3.com
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\L3.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\L3.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/14 18:40:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1a3c0322-a2c4-11da-8bbb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1a3c0322-a2c4-11da-8bbb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a3c0322-a2c4-11da-8bbb-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{87b310c1-a225-11da-a301-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{87b310c1-a225-11da-a301-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87b310c1-a225-11da-a301-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{df1047fd-a26b-11da-baf6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{df1047fd-a26b-11da-baf6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{df1047fd-a26b-11da-baf6-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/23 08:11:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\westlake.louise\Desktop\OTL.exe
[2010/08/23 08:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\westlake.louise\Application Data\Malwarebytes
[2010/08/23 08:08:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/23 08:08:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/23 08:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/23 08:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/23 08:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\westlake.louise\Application Data\SUPERAntiSpyware.com
[2010/08/23 08:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/23 08:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/23 08:06:11 | 009,157,960 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\westlake.louise\Desktop\SUPERAntiSpyware.exe
[2010/08/23 08:05:57 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\westlake.louise\Desktop\mbam-setup.exe
[2010/08/22 12:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\westlake.louise\Local Settings\Application Data\mfypmkdgy
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/23 08:11:46 | 003,825,642 | ---- | M] () -- C:\Documents and Settings\westlake.louise\Desktop\ComboFix.exe
[2010/08/23 08:11:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\westlake.louise\Desktop\OTL.exe
[2010/08/23 08:10:53 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\westlake.louise\ntuser.dat
[2010/08/23 08:08:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 08:06:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\westlake.louise\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/23 08:05:07 | 000,000,475 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/08/23 08:03:45 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/23 08:03:39 | 000,000,647 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/08/23 08:03:15 | 000,016,280 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/08/23 08:03:13 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/23 08:03:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/23 08:02:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/23 08:01:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/23 08:01:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/23 07:52:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\westlake.louise\ntuser.ini
[2010/08/23 07:44:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 13:10:57 | 3577,693,184 | ---- | M] () -- C:\Documents and Settings\westlake.louise\My Documents\Mclean to Herndon.pst
[2010/08/22 13:01:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/21 20:52:41 | 001,289,216 | ---- | M] () -- C:\Documents and Settings\westlake.louise\My Documents\McLean Sales Office Workday at NVTRP Ranch.doc
[2010/08/21 19:27:44 | 004,215,808 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/08/21 19:27:44 | 002,086,912 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/08/19 19:12:54 | 000,046,592 | ---- | M] () -- C:\Template.doc
[2010/08/17 17:06:16 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\westlake.louise\Desktop\Name Plate Inserts 10-09.doc
[2010/08/12 08:44:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/08/11 20:31:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\westlake.louise\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/11 10:50:08 | 000,546,238 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 10:50:08 | 000,460,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 10:50:08 | 000,078,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 08:51:20 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/08 18:15:18 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\westlake.louise\Desktop\My Book.doc
[2010/08/07 23:14:41 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\westlake.louise\Desktop\dl list.doc
[2010/08/02 10:02:12 | 000,046,080 | ---- | M] () -- C:\Ladies getaway final check & deposit.doc
[2010/08/02 09:08:41 | 000,241,664 | ---- | M] () -- C:\The Knots Prayer.doc
[2010/07/29 17:31:49 | 000,640,032 | ---- | M] () -- C:\Jennifer and the Little Brown Bag.pdf
[2010/07/29 11:28:25 | 000,067,644 | ---- | M] () -- C:\Documents and Settings\westlake.louise\Desktop\Coastal Flats.jpg
[2010/07/29 09:01:11 | 001,377,542 | ---- | M] () -- C:\Vendor Management Request - Aaron Westlake.pdf
[2010/07/27 16:20:05 | 000,044,544 | ---- | M] () -- C:\I've Learned.doc
[2010/07/25 09:00:20 | 009,157,960 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\westlake.louise\Desktop\SUPERAntiSpyware.exe
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/23 08:11:42 | 003,825,642 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Desktop\ComboFix.exe
[2010/08/23 08:08:07 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 08:06:27 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/23 08:05:30 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Desktop\rkill.com
[2010/08/21 20:52:41 | 001,289,216 | ---- | C] () -- C:\Documents and Settings\westlake.louise\My Documents\McLean Sales Office Workday at NVTRP Ranch.doc
[2010/08/16 16:22:25 | 000,046,592 | ---- | C] () -- C:\Template.doc
[2010/08/07 23:14:41 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Desktop\dl list.doc
[2010/08/02 10:02:12 | 000,046,080 | ---- | C] () -- C:\Ladies getaway final check & deposit.doc
[2010/08/02 09:08:41 | 000,241,664 | ---- | C] () -- C:\The Knots Prayer.doc
[2010/07/29 17:31:48 | 000,640,032 | ---- | C] () -- C:\Jennifer and the Little Brown Bag.pdf
[2010/07/29 11:29:16 | 000,067,644 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Desktop\Coastal Flats.jpg
[2010/07/29 09:01:11 | 001,377,542 | ---- | C] () -- C:\Vendor Management Request - Aaron Westlake.pdf
[2010/07/27 16:20:05 | 000,044,544 | ---- | C] () -- C:\I've Learned.doc
[2010/04/12 19:53:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/12 19:53:46 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/25 07:33:11 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/02/19 16:49:33 | 000,000,710 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2009/09/03 12:42:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Local Settings\Application Data\FnF4.txt
[2009/08/19 15:50:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Local Settings\Application Data\QSwitch.txt
[2009/08/19 15:50:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Local Settings\Application Data\DSwitch.txt
[2009/08/19 15:50:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\westlake.louise\Local Settings\Application Data\AtStart.txt
[2009/07/15 20:48:25 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/02/04 14:02:51 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\IGTSNMP.DLL
[2009/01/31 16:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIVMGR.INI
[2008/12/16 09:55:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2008/10/27 15:38:23 | 000,000,134 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008/10/21 17:49:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\omnithread_rt.dll
[2008/10/21 17:05:48 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/10/21 10:10:37 | 000,000,236 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/13 13:13:13 | 000,104,820 | ---- | C] () -- C:\Program Files\outlooksetup.EXE
[2008/10/13 13:11:03 | 000,016,280 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2007/11/26 13:17:08 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/11/26 13:17:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/10/11 16:35:01 | 000,439,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/02/06 17:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 16:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/03/02 18:24:59 | 000,002,332 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2006/01/31 12:48:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/12/14 19:33:35 | 000,000,475 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/14 19:00:23 | 000,149,504 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2005/12/14 19:00:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/12 17:53:10 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/03/28 18:14:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1979/12/31 20:00:00 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
< End of report >



Misteretc
Intermediate
Intermediate

Posts Posts : 113
Joined Joined : 2010-03-14
Gender Gender : Male
OS OS : Microsoft Windows XP
Points Points : 26372
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Friend's Computer

Post by Misteretc on 23rd August 2010, 12:22 pm

and Log #2...

OTL Extras logfile created on: 8/23/2010 8:16:53 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\westlake.louise\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 111.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.45 Gb Total Space | 7.19 Gb Free Space | 96.46% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 67.82 Gb Total Space | 55.59 Gb Free Space | 81.96% Space Free | Partition Type: NTFS
Drive S: | 590.84 Gb Total Space | 73.49 Gb Free Space | 12.44% Space Free | Partition Type: NTFS
Drive X: | 1512.56 Gb Total Space | 119.13 Gb Free Space | 7.88% Space Free | Partition Type: NTFS
Drive Z: | 67.82 Gb Total Space | 55.59 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

Computer Name: WESTLA-L691-XP
Current User Name: westlake.louise
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntivirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service
"12345:TCP" = 12345:TCP:*:Enabled:Trend Micro OfficeScan Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"12345:TCP" = 12345:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- File not found
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{063CC377-E480-4867-AB6E-818244CA586A}" = HP Scanjet G3110 11.5
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A73DE1-A06F-479D-A5C9-1270EC7BD785}" = HP ProtectTools Security Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 A3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5783F2D7-0209-0409-0000-0060B0CE6BBA}" = AutoCAD LT 2004
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63BEF36D-1782-4506-ABA6-6672B54641E0}" = Microsoft Office Live Meeting 2007
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{688EB508-36BF-4402-BB21-1FDF2854EE37}" = DocMgr
"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{7B7E2EB3-2212-4A4F-B838-352C1FC54863}" = hpg3110QFolder
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{813B302C-2014-4166-B5D2-8C211AE4F22E}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B69B6CD-A933-4313-BA46-A314158B2D38}" = NetworkClient
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F931595-5561-4E26-AC78-7E9B1E3E9C98}" = WeatherBug
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A433AE09-2126-4dad-9CBD-C1B05DC42787}" = Windows Messenger 5.1
"{A4526249-944F-4108-B686-A435B4A62BA5}" = TI_Inst
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC60C8C1-855E-45AB-8D95-1D16F8A38E78}" = UGuide
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BA7A3288-228D-4031-A93A-B5F6B3415E15}" = Misc
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB311402-80EC-449C-BF85-2A66E655984D}" = hpg3110
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}" = RssReader
"{DA9E949F-3C63-476C-9248-FF64D95A0031}" = LEGATO EmailXtender® 4.81 Client
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E3C6D145-8549-4C73-A4D8-48B4C0AB7B18}" = eRAS
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB5142E6-7759-4A61-B52E-136686FF19FE}" = MSN Toolbar Setup
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CD25A0-5401-40B2-BAA9-E267408B16DF}" = Toolbox
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDAF94DB-9BF7-4871-B457-5D7F14D27905}" = Scan
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_Acrobat_7_0_Professional" = Adobe_Acrobat_7_0_Professional
"Adobe_PhotoShop_7_0" = Adobe_PhotoShop_7_0
"alotToolbar" = ALOT Toolbar
"AutoCadLT_2004" = AutoCadLT_2004
"Autodesk Express Viewer" = Autodesk Express Viewer
"CentraOne" = CentraOne
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DST_Client_Update" = DST_Client_Update
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"GoldERas" = GoldERas
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Document Manager" = HP Document Manager 1.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.5
"hp instant support" = hp instant support
"HP Officejet Pro K550 Series" = HP Officejet Pro K550 Series
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InfoCenterDisable" = InfoCenterDisable
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallShield_{A4526249-944F-4108-B686-A435B4A62BA5}" = Texas Instruments PCIxx21/x515 drivers.
"Java_JRE_1_4_2_06" = Java_JRE_1_4_2_06
"l3c_screen_saver03Wd" = l3c_screen_saver03Wd
"LiveMeetingConsole" = LiveMeetingConsole
"Loki ActiveX Control" = Loki ActiveX Control
"Loki Browser Plugin" = Loki Browser Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapQuest Toolbar" = MapQuest Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft_Messenger_5_1" = Microsoft_Messenger_5_1
"Microsoft_Net_FrameWork_1_1" = Microsoft_Net_FrameWork_1_1
"Microsoft_Office_Communicator_2007" = Microsoft_Office_Communicator_2007
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NetMeeting_3.01_B5_(Win_NT)-1" = NetMeeting_3.01_B5_(Win_NT)-1
"Nortel Networks" = Nortel Networks
"OfficeScanNT" = Trend Micro OfficeScan Client
"Outlook_Calendar" = Outlook_Calendar
"RDC" = RDC
"RMV_VPN_ENTRIES" = RMV_VPN_ENTRIES
"SCCM_MIGRATION" = SCCM_MIGRATION
"SDF_Security_Controls_V2" = SDF_Security_Controls_V2
"SDF_Security_Controls_V3" = SDF_Security_Controls_V3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Visio2003" = Visio2003
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinVNC_3.3.3_B1_(Win_NT)-1" = WinVNC_3.3.3_B1_(Win_NT)-1
"Winzip_9_0" = Winzip_9_0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WSUSFix" = WSUSFix
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/22/2010 12:19:36 PM | Computer Name = WESTLA-L691-XP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/22/2010 12:20:32 PM | Computer Name = WESTLA-L691-XP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/22/2010 5:00:02 PM | Computer Name = WESTLA-L691-XP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/22/2010 5:00:03 PM | Computer Name = WESTLA-L691-XP | Source = UserInit | ID = 1000
Description = Could not execute the following script addadmin.vbs. The system cannot
find the file specified. .

Error - 8/22/2010 5:00:10 PM | Computer Name = WESTLA-L691-XP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/22/2010 5:01:04 PM | Computer Name = WESTLA-L691-XP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/22/2010 5:01:29 PM | Computer Name = WESTLA-L691-XP | Source = MsiInstaller | ID = 11719
Description = Product: MSN Toolbar -- Error 1719. The Windows Installer Service
could not be accessed. This can occur if you are running Windows in safe mode, or
if the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 8/23/2010 7:39:00 AM | Computer Name = WESTLA-L691-XP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/23/2010 7:39:01 AM | Computer Name = WESTLA-L691-XP | Source = UserInit | ID = 1000
Description = Could not execute the following script addadmin.vbs. The system cannot
find the file specified. .

Error - 8/23/2010 7:39:01 AM | Computer Name = WESTLA-L691-XP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 8/23/2010 7:39:00 AM | Computer Name = WESTLA-L691-XP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain LEVEL3 due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/23/2010 7:39:01 AM | Computer Name = WESTLA-L691-XP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/23/2010 7:39:01 AM | Computer Name = WESTLA-L691-XP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/23/2010 7:39:01 AM | Computer Name = WESTLA-L691-XP | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/23/2010 7:39:04 AM | Computer Name = WESTLA-L691-XP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/23/2010 7:40:02 AM | Computer Name = WESTLA-L691-XP | Source = DCOM | ID = 10010
Description = The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register
with DCOM within the required timeout.

Error - 8/23/2010 7:40:39 AM | Computer Name = WESTLA-L691-XP | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Program Files\Sensormatic\NetworkClient\Bin\NetworkClient.exe"
on line 0.

Error - 8/23/2010 7:40:39 AM | Computer Name = WESTLA-L691-XP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Sensormatic\NetworkClient\Bin\NetworkClient.exe.
Reference
error message: The operation completed successfully. .

Error - 8/23/2010 8:03:09 AM | Computer Name = WESTLA-L691-XP | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/23/2010 8:04:29 AM | Computer Name = WESTLA-L691-XP | Source = DCOM | ID = 10010
Description = The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register
with DCOM within the required timeout.


< End of report >

Misteretc
Intermediate
Intermediate

Posts Posts : 113
Joined Joined : 2010-03-14
Gender Gender : Male
OS OS : Microsoft Windows XP
Points Points : 26372
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Friend's Computer

Post by Misteretc on 23rd August 2010, 1:21 pm

I ran Super Anti-Spyware and the Trojan was identified as a Trojan Dropper/SYS-N. I quarantined and removed everything it found and am now running MBAM.

Misteretc
Intermediate
Intermediate

Posts Posts : 113
Joined Joined : 2010-03-14
Gender Gender : Male
OS OS : Microsoft Windows XP
Points Points : 26372
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Friend's Computer

Post by Misteretc on 23rd August 2010, 5:00 pm

Is there anything else that looks fishy from the OTM logs?

Misteretc
Intermediate
Intermediate

Posts Posts : 113
Joined Joined : 2010-03-14
Gender Gender : Male
OS OS : Microsoft Windows XP
Points Points : 26372
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum