Search Results Redirected

Hewlett-packard / Hp compaq dc5800 microtow...
June 23, 2010 at 15:26:48
Specs: Microsoft Windows XP Professional, 2.992 GHz / 3567 MB
Most search results are being redirected to various odd sites. Obviously, there is some malware... Help, please?

I have dds and attach available upon request.

Thanks!


See More: Search Results Redirected

Report •


#1
June 23, 2010 at 20:01:15
I will read your dds no problem, post it!!!

Malware Removal How To's


Report •

#2
June 24, 2010 at 07:14:53
Thank you for volunteering! I have tried MalWareBytes, Microsoft Security, and a couple others I forget. I now understand the importance of an experienced HUMAN to diagnose and operate on these malware nasties!

Here is my DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by jsweney at 17:21:23.22 on 06-23-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2591 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\System32\svchost.exe -k TapiSrv
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\TeleVantage\Contact Manager Assistant\TVAssist.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jsweney\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MoeMonitor.exe] "c:\documents and settings\jsweney\local settings\application data\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TVAssist] "c:\program files\televantage\contact manager assistant\TVAssist.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [nwiz] nwiz.exe /install
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\jsweney\start menu\programs\startup\Dashboard - Brookwoods Group Intranet.url
StartupFolder: c:\docume~1\jsweney\startm~1\programs\startup\filefi~1.lnk - c:\program files\dillistone\ff\ff.exe
StartupFolder: c:\docume~1\jsweney\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{90120000-0012-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\docume~1\jsweney\startm~1\programs\startup\rememb~1.lnk - c:\program files\internet explorer\iexplore.exe
StartupFolder: c:\docume~1\jsweney\startm~1\programs\startup\televa~1.lnk - c:\program files\televantage\client\TVClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231541439133
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.8/TSWeb.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\209\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
Notify: wlcrdplauncher - c:\program files\live mesh\remote desktop\wlcrdplauncher.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jsweney\applic~1\mozilla\firefox\profiles\iigz1kjd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.brookwoods.com/
FF - component: c:\documents and settings\jsweney\application data\mozilla\firefox\profiles\iigz1kjd.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-7 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-7 108392]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-8-12 801304]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-5-7 1831024]
R2 TvWksSvc;TeleVantage Workstation Service;c:\program files\common files\artisoft\televantage\TvWksSvc.exe [2004-9-1 102400]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2009-8-24 44880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-1-23 36608]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100623.002\NAVENG.SYS [2010-6-23 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100623.002\NAVEX15.SYS [2010-6-23 1347504]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-8-24 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2009-8-24 19408]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-29 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\209\g2ax_service.exe [2009-11-25 161144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================

2010-06-21 20:14:21 0 d-----w- c:\docume~1\jsweney\applic~1\Malwarebytes
2010-06-21 20:14:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-16 21:10:14 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-10 05:43:54 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 23:53:47 0 d-----w- c:\temp\Stick
2010-05-26 22:25:50 0 d-----w- c:\program files\CamStudio

==================== Find3M ====================

2010-06-23 21:49:14 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-23 21:49:09 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-21 20:26:47 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-21 20:26:47 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-05-07 23:37:28 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-07 23:37:28 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-07 23:37:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-07 23:37:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-07 23:29:00 89600 ----a-w- c:\windows\system32\atl71.dll
2010-05-07 23:29:00 87368 ----a-w- c:\windows\system32\FwsVpn.dll
2010-05-07 23:29:00 107848 ----a-w- c:\windows\system32\SymVPN.dll
2010-05-07 23:28:58 7442 ----a-w- c:\windows\system32\drivers\srtspx.cat
2010-05-07 23:28:58 7442 ----a-w- c:\windows\system32\drivers\srtspl.cat
2010-05-07 23:28:58 7438 ----a-w- c:\windows\system32\drivers\srtsp.cat
2010-05-07 23:28:58 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-05-07 23:28:58 320944 ----a-w- c:\windows\system32\drivers\srtspl.sys
2010-05-07 23:28:58 283184 ----a-w- c:\windows\system32\drivers\srtsp.sys
2010-05-07 23:28:58 1430 ----a-w- c:\windows\system32\drivers\srtspl.inf
2010-05-07 23:28:58 1421 ----a-w- c:\windows\system32\drivers\srtspx.inf
2010-05-07 23:28:58 1415 ----a-w- c:\windows\system32\drivers\srtsp.inf
2010-05-06 20:02:56 7839944 ----a-w- c:\program files\common files\lpuninstall.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-06 09:52:46 2462720 ------w- c:\windows\system32\dllcache\WMVCore.dll

============= FINISH: 17:22:49.33 ===============


Report •

#3
June 24, 2010 at 11:59:29
Download this program:

http://oldtimer.geekstogo.com/OTL.exe

Double click on the icon to run it. Make sure all other
windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5


Click the Quick Scan button. Do not change any settings.

The scan will not take long.

When the scan completes, it will open two notepad windows.
OTL.Txt and Extras.Txt.

These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of
these files, one at a time, and post them back here!

Malware Removal How To's


Report •

Related Solutions

#4
June 24, 2010 at 15:11:36
OTL Extras logfile created on: 06-24-2010 4:44:06 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\jsweney\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM-dd-yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 36.97 Gb Free Space | 26.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.07 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 48.30 Gb Total Space | 16.00 Gb Free Space | 33.14% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DC5800-002
Current User Name: jsweney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:LocalSubNet:Enabled:DCOM resolver

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:LocalSubNet:Enabled:DCOM resolver

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\jsweney\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\jsweney\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Macromedia\Dreamweaver 2\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 2\Dreamweaver.exe:*:Enabled:Dreamweaver -- (Macromedia, Inc.)
"C:\Program Files\TeleVantage\Administrator\TVAdmin.exe" = C:\Program Files\TeleVantage\Administrator\TVAdmin.exe:LocalSubNet:Enabled:TeleVantage Administrator -- (Artisoft Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Macromedia\Contribute 3\Contribute.exe" = C:\Program Files\Macromedia\Contribute 3\Contribute.exe:*:Enabled:Contribute -- (Macromedia, Inc.)
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe" = C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop -- (Microsoft Corporation)
"C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe" = C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh -- (Microsoft Corporation)
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- File not found
"C:\Program Files\Common Files\Artisoft\TeleVantage\TvSecBrg.exe" = C:\Program Files\Common Files\Artisoft\TeleVantage\TvSecBrg.exe:LocalSubNet:Enabled:TeleVantage SecBridge -- (Artisoft Inc.)
"C:\Program Files\TeleVantage\Client\TVClient.exe" = C:\Program Files\TeleVantage\Client\TVClient.exe:LocalSubNet:Enabled:Artisoft TeleVantage ViewPoint -- (Artisoft Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"Q:\140062.enu\OFFICE14\OUTLOOK.EXE" = Q:\140062.enu\OFFICE14\OUTLOOK.EXE:*:Enabled:Microsoft Outlook 2010 (Beta) 2014006204090000 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\TeleVantage\Administrator\TVAdmin.exe" = C:\Program Files\TeleVantage\Administrator\TVAdmin.exe:LocalSubNet:Enabled:TeleVantage Administrator -- (Artisoft Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe" = C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop -- (Microsoft Corporation)
"C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe" = C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh -- (Microsoft Corporation)
"C:\Program Files\Common Files\Artisoft\TeleVantage\TvSecBrg.exe" = C:\Program Files\Common Files\Artisoft\TeleVantage\TvSecBrg.exe:LocalSubNet:Enabled:TeleVantage SecBridge -- (Artisoft Inc.)
"C:\Program Files\TeleVantage\Client\TVClient.exe" = C:\Program Files\TeleVantage\Client\TVClient.exe:LocalSubNet:Enabled:Artisoft TeleVantage ViewPoint -- (Artisoft Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0E44A82F-5102-436D-8C26-D05ADEA74245}" = FILEFINDER 9.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18E4AF9D-44AF-4CF9-B373-35187A404678}" = FFImport 9.6
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.14.1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD16D5D3-EE44-4D48-A0E3-3A612F8B6C90}" = TeleVantage workstation applications
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DCB4E1D9-B187-4B54-971E-1478485C9A53}" = Live Mesh
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Applian Director2.0" = Applian Director
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CamStudio" = CamStudio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"Google Desktop" = Google Desktop
"GoToAssist Express Customer" = GoToAssist Express Customer 1.3.0.209
"HECI" = Intel® Management Engine Interface
"Hire Success 2.5" = Hire Success 2.5
"Hire Success Form Resubmission Tool 1.2" = Hire Success Form Resubmission Tool 1.2
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kobeman_is1" = Alleycode HTML Editor 2.2.1
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Macromedia Dreamweaver 2" = Macromedia Dreamweaver 2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"PDF Complete" = PDF Complete Corporate Edition
"Replay Media Catcher 3.11" = Replay Media Catcher
"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.7.1004
"Scribe Personal" = Scribe Personal
"STANDARD" = Microsoft Office Standard 2007
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"LastPass" = LastPass (uninstall only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Windows System Scanner" = Windows System Scanner

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 06-23-2010 4:05:09 AM | Computer Name = DC5800-002 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503.
The SQL Server service failed to start. For more information, see the SQL Server
Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting
SQL Server Manually." The error is (3417) .

Error - 06-23-2010 1:43:47 PM | Computer Name = DC5800-002 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 06-23-2010 2:03:37 PM | Computer Name = DC5800-002 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 06-23-2010 3:13:14 PM | Computer Name = DC5800-002 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06-23-2010 3:18:18 PM | Computer Name = DC5800-002 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06-23-2010 6:20:14 PM | Computer Name = DC5800-002 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06-24-2010 10:36:20 AM | Computer Name = DC5800-002 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 06-24-2010 10:51:56 AM | Computer Name = DC5800-002 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06-24-2010 11:38:43 AM | Computer Name = DC5800-002 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 06-24-2010 11:39:53 AM | Computer Name = DC5800-002 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for BW\jsweney failed to contact
the active directory (0x8007054b). The specified domain either does not exist or
could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 02-26-2010 5:42:49 PM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21280
seconds with 960 seconds of active time. This session ended with a crash.

Error - 03-11-2010 11:11:40 AM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 73049
seconds with 60 seconds of active time. This session ended with a crash.

Error - 03-15-2010 6:11:24 PM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25807
seconds with 120 seconds of active time. This session ended with a crash.

Error - 04-04-2010 5:27:54 PM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8620
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 05-21-2010 5:46:41 PM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05-26-2010 9:45:47 AM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 64561
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 06-07-2010 4:58:19 PM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error - 06-07-2010 4:58:29 PM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error - 06-07-2010 4:58:43 PM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error - 06-07-2010 4:59:24 PM | Computer Name = DC5800-002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06-23-2010 6:03:23 PM | Computer Name = DC5800-002 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 06-23-2010 7:37:50 PM | Computer Name = DC5800-002 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 06-23-2010 7:37:50 PM | Computer Name = DC5800-002 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06-24-2010 12:04:57 AM | Computer Name = DC5800-002 | Source = TermServDevices | ID = 1111
Description = Driver HP Officejet Pro L7600 Series required for printer HP Officejet
Pro L7600 Series is unknown. Contact the administrator to install the driver before
you log in again.

Error - 06-24-2010 12:05:12 AM | Computer Name = DC5800-002 | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Office Document Image Writer Driver required for
printer Microsoft Office Document Image Writer is unknown. Contact the administrator
to install the driver before you log in again.

Error - 06-24-2010 12:05:47 AM | Computer Name = DC5800-002 | Source = TermServDevices | ID = 1111
Description = Driver Send To Microsoft OneNote Driver required for printer Send
To OneNote 2007 is unknown. Contact the administrator to install the driver before
you log in again.

Error - 06-24-2010 10:31:38 AM | Computer Name = DC5800-002 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain BW due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 06-24-2010 10:31:38 AM | Computer Name = DC5800-002 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client voicemail in realm BW.LOCAL had a PAC which
failed to verify or was modified. Contact your system administrator.

Error - 06-24-2010 5:03:43 PM | Computer Name = DC5800-002 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 06-24-2010 5:03:43 PM | Computer Name = DC5800-002 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

Report •

#5
June 24, 2010 at 15:14:42
Having trouble uploading OTL.txt... Will try spiltting it...

Report •

#6
June 24, 2010 at 15:16:05
OTL logfile created on: 06-24-2010 4:44:06 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\jsweney\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM-dd-yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 36.97 Gb Free Space | 26.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.07 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 48.30 Gb Total Space | 16.00 Gb Free Space | 33.14% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DC5800-002
Current User Name: jsweney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-06-24 16:43:39 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jsweney\My Documents\Downloads\OTL.exe
PRC - [2010-05-22 14:05:54 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010-05-07 18:28:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010-05-07 18:28:56 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010-05-07 18:28:54 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010-05-07 18:28:54 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010-05-07 18:28:54 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010-03-17 19:48:35 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009-09-26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009-09-23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009-09-23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009-09-22 13:09:02 | 000,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Replay Media Catcher\FLVSrvc.exe
PRC - [2009-08-24 11:17:52 | 000,044,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
PRC - [2009-08-24 11:17:48 | 000,216,912 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe
PRC - [2009-08-24 11:16:50 | 001,315,152 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe
PRC - [2009-05-06 05:44:06 | 000,801,304 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009-03-20 17:25:50 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-03-20 09:16:29 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008-08-14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008-08-14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008-08-14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008-07-26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008-07-26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008-05-26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008-04-13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-01-11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007-08-08 12:13:24 | 000,831,488 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2007-07-09 23:39:32 | 001,036,288 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007-01-04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006-07-10 12:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2004-09-01 02:20:28 | 000,217,088 | ---- | M] (Artisoft, Inc.) -- C:\Program Files\TeleVantage\Contact Manager Assistant\TVAssist.exe
PRC - [2004-09-01 01:45:16 | 000,102,400 | ---- | M] (Artisoft Inc.) -- C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
PRC - [2004-09-01 01:45:08 | 000,110,592 | ---- | M] (Artisoft Inc.) -- C:\Program Files\Common Files\Artisoft\TeleVantage\TvSecBrg.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-06-24 16:43:39 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jsweney\My Documents\Downloads\OTL.exe
MOD - [2010-06-24 16:09:29 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\jsweney\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2008-07-26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2008-04-13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-05-22 14:05:54 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010-05-07 18:28:56 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010-05-07 18:28:56 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010-05-07 18:28:56 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010-05-07 18:28:54 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010-05-07 18:28:54 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010-02-17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009-11-25 16:49:05 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2009-09-26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009-09-26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009-09-23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009-09-23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009-08-24 11:17:52 | 000,044,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009-05-06 05:44:06 | 000,801,304 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008-07-26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008-07-26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008-01-11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-02-10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007-02-10 07:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007-01-04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005-10-14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004-09-01 01:45:16 | 000,102,400 | ---- | M] (Artisoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe -- (TvWksSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-06-23 18:42:04 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100624.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-06-23 18:42:04 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100624.002\NAVENG.SYS -- (NAVENG)
DRV - [2010-05-27 01:55:30 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-05-27 01:55:29 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-05-07 18:37:28 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010-05-07 18:28:58 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010-05-07 18:28:58 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010-05-07 18:28:58 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010-05-07 18:28:50 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009-09-23 15:05:06 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2009-09-23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys -- (sftvol)
DRV - [2009-09-23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys -- (sftplay)
DRV - [2009-09-23 15:04:52 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys -- (sftfs)
DRV - [2009-08-24 11:18:35 | 000,019,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpvmp.sys -- (RDPVDD)
DRV - [2009-08-24 11:18:35 | 000,009,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2008-07-26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008-07-26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2008-07-26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008-07-26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008-07-26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008-04-13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-04-13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-08-27 18:59:00 | 006,811,168 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007-07-10 06:08:24 | 000,307,712 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007-05-11 14:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007-04-13 08:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007-01-23 15:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2004-08-03 12:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004-08-03 12:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004-08-03 12:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004-08-03 12:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004-08-03 12:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004-08-03 12:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004-08-03 12:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004-08-03 12:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004-08-03 12:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004-08-03 12:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004-08-03 12:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004-08-03 12:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004-08-03 12:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004-08-03 12:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004-08-03 12:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002-05-08 12:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002-04-04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001-08-17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 02:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.brookwoods.com/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.073

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010-03-05 21:48:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-24 09:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-24 09:12:19 | 000,000,000 | ---D | M]

[2010-05-06 09:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Mozilla\Extensions
[2010-06-23 17:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Mozilla\Firefox\Profiles\iigz1kjd.default\extensions
[2010-05-06 09:41:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jsweney\Application Data\Mozilla\Firefox\Profiles\iigz1kjd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-05-06 15:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jsweney\Application Data\Mozilla\Firefox\Profiles\iigz1kjd.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010-05-06 15:08:28 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\jsweney\Application Data\Mozilla\Firefox\Profiles\iigz1kjd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010-05-06 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Mozilla\Firefox\Profiles\iigz1kjd.default\extensions\support@lastpass.com
[2008-12-18 14:06:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010-06-22 10:20:29 | 000,001,268 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TVAssist] C:\Program Files\TeleVantage\Contact Manager Assistant\TVAssist.exe (Artisoft, Inc.)
O4 - HKCU..\Run: [MoeMonitor.exe] C:\Documents and Settings\jsweney\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jsweney\Start Menu\Programs\Startup\Dashboard - Brookwoods Group Intranet.url ()
O4 - Startup: C:\Documents and Settings\jsweney\Start Menu\Programs\Startup\FILEFINDER 9.0 (2).lnk = C:\Program Files\Dillistone\FF\ff.exe ()
O4 - Startup: C:\Documents and Settings\jsweney\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Documents and Settings\jsweney\Start Menu\Programs\Startup\TeleVantage ViewPoint.lnk = C:\Program Files\TeleVantage\Client\TVClient.exe (Artisoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdn.smugmug.com/photos/activ... (Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microso... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_02)
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com/0.9.4014.8/TSWeb.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/get... (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.1.10 4.2.2.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bw.local
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll - C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlcrdplauncher: DllName - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-04-30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1a9af0b6-8e5e-11de-9ee7-00215a658fc7}\Shell\AutoRun\command - "" = F:\ShelExec.exe @EXEDRV@\mediacomp.htm -- File not found
O33 - MountPoints2\{1a9af0b7-8e5e-11de-9ee7-00215a658fc7}\Shell\AutoRun\command - "" = F:\ShelExec.exe @EXEDRV@\mediacomp.htm -- File not found
O33 - MountPoints2\{1a9af0b8-8e5e-11de-9ee7-00215a658fc7}\Shell - "" = AutoRun
O33 - MountPoints2\{1a9af0b8-8e5e-11de-9ee7-00215a658fc7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a9af0b8-8e5e-11de-9ee7-00215a658fc7}\Shell\AutoRun\command - "" = F:\OpenFiles.exe -- File not found
O33 - MountPoints2\{7bf9edb3-af7f-11de-9efa-00215a658fc7}\Shell - "" = AutoRun
O33 - MountPoints2\{7bf9edb3-af7f-11de-9efa-00215a658fc7}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-08-12 04:34:45 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ****************#
# ---------------- Updated: June-03-2010 ------------------#
# *********************************************************#
# #
# Entries with comments are all searchable via Google. #
# #
# Disclaimer: this file is free to use for personal use #
# only. Furthermore it - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)


Report •

#7
June 24, 2010 at 15:16:40

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16057628589293568)

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010-06-24 16:03:22 | 000,118,784 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2010-06-23 18:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-06-23 18:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010-06-21 15:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Application Data\Malwarebytes
[2010-06-21 15:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-06-18 14:41:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jsweney\My Documents\My Data Sources
[2010-06-18 01:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010-06-18 01:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010-06-16 16:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010-06-16 16:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010-06-04 07:59:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jsweney\Desktop\3714 Brookwoods Owners Manual
[2010-05-26 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010-05-21 15:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\My Documents\AVS4YOU
[2010-05-21 15:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010-05-21 15:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Application Data\AVS4YOU
[2010-05-21 15:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010-05-21 15:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010-05-21 11:29:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Splitter
[2010-05-21 11:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Media Splitter
[2010-05-21 11:06:07 | 000,156,672 | ---- | C] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010-05-21 11:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\My Documents\My Recordings
[2010-05-21 11:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Local Settings\Application Data\mdnslib
[2010-05-21 11:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Applian Director
[2010-05-21 11:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Director
[2010-05-21 11:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\My Documents\Ask and Record Toolbar
[2010-05-21 11:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Local Settings\Application Data\FLVService
[2010-05-21 11:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2010-05-21 11:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[2010-05-13 12:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010-05-13 10:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Local Settings\Application Data\NVD
[2010-05-13 10:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Application Data\NVD
[2010-05-13 10:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Local Settings\Application Data\SoftGrid Client
[2010-05-13 10:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Application Data\SoftGrid Client
[2010-05-13 10:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2010-05-13 10:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010-05-13 10:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010-05-13 10:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Application Data\TP
[2010-05-07 18:37:18 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010-05-07 18:37:17 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-05-07 18:29:00 | 000,107,848 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2010-05-07 18:29:00 | 000,087,368 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2010-05-07 18:28:58 | 000,320,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
[2010-05-07 18:28:58 | 000,283,184 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
[2010-05-07 18:28:58 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010-05-06 09:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\My Documents\Downloads
[2010-05-06 09:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Local Settings\Application Data\Mozilla
[2010-05-06 09:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jsweney\Application Data\Mozilla
[2010-03-30 16:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010-06-24 16:22:48 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ADE0B522-3E6E-4ADB-BAD8-7880BF886DA6}.job
[2010-06-24 16:10:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\jsweney\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
[2010-06-24 16:10:37 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\jsweney\Local Settings\Application Data\Account.atomsvc
[2010-06-24 16:09:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-24 16:09:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-24 16:03:22 | 000,118,784 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2010-06-24 16:03:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-24 16:03:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-24 16:03:03 | 3740,581,888 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-24 16:02:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-06-24 16:02:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010-06-24 16:02:27 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\jsweney\ntuser.dat
[2010-06-24 16:01:58 | 002,670,292 | -H-- | M] () -- C:\Documents and Settings\jsweney\Local Settings\Application Data\IconCache.db
[2010-06-24 15:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-24 15:05:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\jsweney\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010-06-24 12:49:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-23 13:49:51 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\jsweney\Desktop\dds.scr
[2010-06-23 12:53:54 | 000,621,058 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-23 12:53:54 | 000,512,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-23 12:53:54 | 000,096,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-22 17:13:03 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\jsweney\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010-06-22 10:29:02 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\jsweney\Start Menu\Programs\Startup\Dashboard - Brookwoods Group Intranet.url
[2010-06-22 10:20:29 | 000,001,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010-06-18 14:11:07 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\jsweney\Application Data\Microsoft\Internet Explorer\Quick Launch\Dashboard - Brookwoods Group Intranet.url
[2010-06-18 09:00:44 | 000,009,310 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-06-11 03:04:08 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-11 03:01:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-10 03:14:45 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010-06-04 09:19:54 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\jsweney\Desktop\Tickets.url
[2010-05-27 14:51:37 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\jsweney\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-26 17:25:56 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2010-05-22 14:46:39 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010-05-21 15:42:15 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\jsweney\Desktop\AVS4YOU Software Navigator.lnk
[2010-05-21 15:26:47 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010-05-21 15:26:47 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010-05-21 11:29:46 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Splitter.lnk
[2010-05-21 11:05:38 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\jsweney\Application Data\Microsoft\Internet Explorer\Quick Launch\Applian Director.lnk
[2010-05-21 11:05:38 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Applian Director.lnk
[2010-05-21 11:05:13 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher.lnk
[2010-05-07 18:37:28 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-05-07 18:37:28 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010-05-07 18:37:28 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-05-07 18:37:28 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-05-07 18:29:00 | 000,107,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2010-05-07 18:29:00 | 000,087,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2010-05-07 18:28:58 | 000,320,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
[2010-05-07 18:28:58 | 000,283,184 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
[2010-05-07 18:28:58 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010-05-07 18:28:58 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.cat
[2010-05-07 18:28:58 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.cat
[2010-05-07 18:28:58 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.cat
[2010-05-07 18:28:58 | 000,001,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.inf
[2010-05-07 18:28:58 | 000,001,421 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.inf
[2010-05-07 18:28:58 | 000,001,415 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.inf
[2010-05-06 15:02:56 | 007,839,944 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2010-05-06 15:02:56 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\jsweney\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2010-05-06 15:02:53 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2010-05-06 09:35:33 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\jsweney\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-05-06 09:35:33 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-04-29 15:50:08 | 000,039,826 | ---- | M] () -- C:\Documents and Settings\jsweney\My Documents\kristoff, michelle 2.jpg
[2010-04-29 15:49:57 | 000,039,826 | ---- | M] () -- C:\Documents and Settings\jsweney\My Documents\kristoff, michelle 2
[2010-04-28 17:18:06 | 000,040,085 | ---- | M] () -- C:\Documents and Settings\jsweney\My Documents\marks, harvey.jpg
[2010-04-28 17:17:39 | 000,041,435 | ---- | M] () -- C:\Documents and Settings\jsweney\My Documents\kristoff, michelle.jpg
[2010-04-27 18:37:41 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\jsweney\My Documents\Default.rdp
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-06-24 16:10:37 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\jsweney\Local Settings\Application Data\Account.atomsvc
[2010-06-23 13:49:49 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\jsweney\Desktop\dds.scr
[2010-06-16 16:11:28 | 3740,581,888 | -HS- | C] () -- C:\hiberfil.sys
[2010-06-14 08:09:37 | 008,388,608 | ---- | C] () -- C:\Documents and Settings\jsweney\ntuser.dat
[2010-06-04 09:19:54 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\jsweney\Desktop\Tickets.url
[2010-05-26 17:25:56 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2010-05-21 15:42:06 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\jsweney\Desktop\AVS4YOU Software Navigator.lnk
[2010-05-21 11:29:46 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Splitter.lnk
[2010-05-21 11:06:07 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010-05-21 11:05:38 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\jsweney\Application Data\Microsoft\Internet Explorer\Quick Launch\Applian Director.lnk
[2010-05-21 11:05:38 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Applian Director.lnk
[2010-05-21 11:05:13 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher.lnk
[2010-05-07 18:37:17 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-05-07 18:37:17 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-05-07 18:28:58 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.cat
[2010-05-07 18:28:58 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.cat
[2010-05-07 18:28:58 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.cat
[2010-05-07 18:28:58 | 000,001,430 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.inf
[2010-05-07 18:28:58 | 000,001,421 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.inf
[2010-05-07 18:28:58 | 000,001,415 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.inf
[2010-05-06 09:35:33 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\jsweney\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-05-06 09:35:33 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-04-29 15:50:08 | 000,039,826 | ---- | C] () -- C:\Documents and Settings\jsweney\My Documents\kristoff, michelle 2.jpg
[2010-04-29 15:49:57 | 000,039,826 | ---- | C] () -- C:\Documents and Settings\jsweney\My Documents\kristoff, michelle 2
[2010-04-29 15:37:53 | 000,041,435 | ---- | C] () -- C:\Documents and Settings\jsweney\My Documents\kristoff, michelle.jpg
[2010-04-29 15:37:53 | 000,040,085 | ---- | C] () -- C:\Documents and Settings\jsweney\My Documents\marks, harvey.jpg
[2009-09-15 17:42:13 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009-09-15 17:42:06 | 000,000,157 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009-09-15 17:32:57 | 000,001,092 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009-06-24 15:27:47 | 000,000,338 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2009-06-24 15:27:36 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009-03-20 09:18:05 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-02-11 18:16:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009-02-11 18:16:41 | 000,000,123 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009-01-23 19:58:10 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-12-18 12:22:57 | 001,703,936 | R--- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-12-18 12:22:57 | 001,019,904 | R--- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-12-18 12:22:56 | 001,478,656 | R--- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-12-18 12:22:56 | 000,466,944 | R--- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-08-12 05:05:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-08-12 04:51:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008-08-12 04:51:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008-08-12 04:51:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008-08-12 04:51:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008-08-12 04:51:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008-08-12 04:51:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008-07-26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007-09-27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006-02-27 21:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006-02-27 21:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006-02-27 21:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006-02-27 21:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006-02-27 21:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005-06-11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2002-05-08 05:12:22 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001-07-07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001-05-30 12:43:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LGen32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-06-23 00:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2010-05-13 12:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2008-08-12 04:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009-01-02 18:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Blackberry Desktop
[2010-06-24 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Delicious IE Extension
[2009-05-15 08:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Dillistone
[2009-01-23 19:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\GetRightToGo
[2009-03-20 09:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Leadertech
[2010-05-13 10:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\NVD
[2009-01-23 19:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\OpenOffice.org
[2009-01-02 18:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Research In Motion
[2008-08-12 05:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\SampleView
[2010-06-03 14:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\SoftGrid Client
[2010-05-13 10:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\TP
[2009-01-21 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Windows Desktop Search
[2009-01-21 16:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jsweney\Application Data\Windows Search
[2010-06-24 16:22:48 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ADE0B522-3E6E-4ADB-BAD8-7880BF886DA6}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2010-05-27 14:37:21 | 000,000,000 | ---- | M] () -- C:\asoutput.log
[2008-12-17 06:11:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009-08-05 17:31:48 | 000,000,060 | ---- | M] () -- C:\export.txt
[2010-06-24 16:03:03 | 3740,581,888 | -HS- | M] () -- C:\hiberfil.sys
[2009-01-06 14:04:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-05-05 14:48:32 | 006,935,624 | ---- | M] () -- C:\lastpass_prof.txt
[2009-01-06 14:04:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-02-27 21:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-12-17 15:04:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-06-24 16:03:02 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color]
[2008-07-06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006-07-03 11:54:12 | 000,091,648 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4sa.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010-05-07 18:29:00 | 000,087,368 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\FwsVpn.dll
[2008-04-13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\msvbvm60.dll
[2010-05-07 18:29:00 | 000,107,848 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\SymVPN.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006-04-25 05:17:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006-04-25 05:17:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006-04-25 05:17:50 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2008-04-13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2008-04-13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Report •

#8
June 24, 2010 at 16:43:32
Ok tall john,
I am going to go over these tonight and I will get back to you in
the morning!!
cheers

Malware Removal How To's


Report •

#9
June 25, 2010 at 07:23:03
Thanks!

Report •

#10
June 25, 2010 at 15:13:16
going fishing!!!! dont fret though i will get back to you soon!!!

Malware Removal How To's


Report •

#11
June 28, 2010 at 12:58:00
I understand the need for time off, especially from volunteer efforts!

I finally realized I must have left my anti virus "on" while running ComboFix (even though I thought I shut it off), so I started over and re-ran ComboFix again. This time it worked and appears to have cleared the problem.

A kind thanks to you and all who volunteer their time on boards like this.


Report •


Ask Question