Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Antispy Malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 Nickat Night

Nickat Night

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the hills of Vermont
  • Local time:11:59 AM

Posted 11 September 2008 - 05:41 PM

Hello. I keep getting pop-ups that states it is a Windows Security Alert. It also says Windows Firewall has detected activity of harmful software (each pop-up has a different Trojan identified). It also states that Windows Firewall cannot help me remove this Trojan. There is then a section to find the recommended software to remove the Trojan that takes me to : hxxp://www.antispyware-review.biz/?wmid=4663&pwebmid=9llCJ4amiU&a=

I use Windows XP Home. I have tried Malwarebytes' Anti-Malware, but the pop-ups keep coming.

Here is a copy of my HiJackThis log file. Any help would be appreciated. Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:24 PM, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ajudoxyp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sleepy\service.exe
C:\Program Files\Sleepy\slptray.exe
C:\Program Files\Sleepy\slptask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ajudoxyp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AdmTask] C:\Program Files\AdmTask\admtask.exe /m
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ActWeb] C:\WINDOWS\system32\ajudoxyp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219106024718
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sleepy - Sashazur, LLC - C:\Program Files\Sleepy\service.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9243 bytes


Edited by Orange Blossom, 11 February 2013 - 01:59 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:04:59 PM

Posted 26 September 2008 - 09:13 AM

Hello and welcome to BC


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
    Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply please post back with the following reports:
  • RSIT log.txt
  • RSIT info.txt
  • Kaspersky report
Regards
SNOWHITE
Posted Image

#3 Nickat Night

Nickat Night
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the hills of Vermont
  • Local time:11:59 AM

Posted 26 September 2008 - 07:37 PM

Snowhite .... When I did not receive a reply from BleepingComputer for a while, I actually bought Malwarebytes' Anti-Malware and ran it multiple times. Also had it run at Windows start-up (along with Norton). Not sure if it caused it or not - but (for the last 3 days) I have not seen the pop-up I had been getting.

However, just it case it is hiding somewhere - I followed your instructions - with the log files copied below.

Thanks for your help


Logfile of random's system information tool 1.02 (written by random/random)
Run by Marrier at 2008-09-26 19:01:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 49 GB (64%) free of 76 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:02 PM, on 9/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sleepy\service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sleepy\slptask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sleepy\slpmoni.exe
C:\Program Files\Sleepy\slptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marrier\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Marrier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AdmTask] C:\Program Files\AdmTask\admtask.exe /m
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ActWeb] C:\WINDOWS\system32\ajudoxyp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219106024718
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sleepy - Sashazur, LLC - C:\Program Files\Sleepy\service.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9678 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Marrier.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-08-18 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-18 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-18 2403392]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-20 282624]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-29 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-29 81920]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-18 51048]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-06 718704]
"AdmTask"=C:\Program Files\AdmTask\admtask.exe [2007-02-14 113664]
"PDUiP6600DMon"=C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe [2005-05-25 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-20 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\Mozilla Firefox\
"ActWeb"=C:\WINDOWS\system32\ajudoxyp.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-18 10536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\MSN Messenger\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-09-26 19:01:50 ----D---- C:\rsit
2008-09-23 15:58:23 ----D---- C:\Documents and Settings\Marrier\Application Data\ArcSoft
2008-09-23 15:55:40 ----D---- C:\Documents and Settings\Marrier\Application Data\AdobeUM
2008-09-23 15:55:13 ----D---- C:\Program Files\Common Files\Adobe
2008-09-23 15:45:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-23 15:45:55 ----D---- C:\Program Files\Adobe
2008-09-23 15:44:58 ----D---- C:\WINDOWS\Cache
2008-09-23 15:43:10 ----D---- C:\Program Files\SanDisk
2008-09-23 15:43:10 ----A---- C:\WINDOWS\PCDLIB32.DLL
2008-09-20 00:27:16 ----D---- C:\Program Files\Windows Journal Viewer
2008-09-16 18:41:40 ----D---- C:\Program Files\iPod
2008-09-16 18:41:38 ----D---- C:\Program Files\iTunes
2008-09-16 18:41:38 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-16 18:36:31 ----D---- C:\Program Files\Bonjour
2008-09-11 18:24:06 ----D---- C:\Program Files\Trend Micro
2008-09-10 18:29:53 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-09 17:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-08 20:15:29 ----D---- C:\WINDOWS\Sun
2008-09-08 20:15:29 ----D---- C:\Documents and Settings\Marrier\Application Data\Sun
2008-09-08 20:11:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-08 20:11:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-08 20:11:02 ----A---- C:\WINDOWS\system32\java.exe
2008-09-08 20:10:29 ----D---- C:\Program Files\Java
2008-09-08 20:10:12 ----D---- C:\Program Files\Common Files\Java
2008-09-04 18:10:38 ----D---- C:\Program Files\Apple Software Update
2008-09-02 14:21:42 ----D---- C:\Documents and Settings\Marrier\Application Data\Malwarebytes
2008-09-02 14:21:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-02 14:21:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 17:11:49 ----D---- C:\Documents and Settings\All Users\Application Data\utilinkl
2008-08-30 12:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-29 21:41:27 ----D---- C:\WINDOWS\Prefetch
2008-08-29 21:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-29 21:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-29 21:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-29 21:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-29 21:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-29 21:21:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-29 21:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-29 21:21:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-29 21:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-29 21:18:15 ----D---- C:\WINDOWS\system32\scripting
2008-08-29 21:18:15 ----D---- C:\WINDOWS\l2schemas
2008-08-29 21:18:14 ----D---- C:\WINDOWS\system32\en
2008-08-29 21:18:14 ----D---- C:\WINDOWS\system32\bits
2008-08-29 21:16:11 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-29 21:14:34 ----D---- C:\WINDOWS\network diagnostic
2008-08-29 21:12:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-29 21:12:30 ----D---- C:\WINDOWS\EHome
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-27 17:27:08 ----D---- C:\Documents and Settings\Marrier\Application Data\Apple Computer
2008-08-27 17:26:14 ----D---- C:\Program Files\QuickTime
2008-08-27 17:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-27 17:25:40 ----D---- C:\Program Files\Common Files\Apple
2008-08-27 17:25:40 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

======List of files/folders modified in the last 1 months======

2008-09-26 19:01:56 ----D---- C:\WINDOWS\Temp
2008-09-26 19:01:55 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-26 17:30:06 ----D---- C:\Program Files\Mozilla Firefox
2008-09-26 14:54:04 ----SHD---- C:\WINDOWS\Installer
2008-09-26 14:53:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-25 11:00:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-23 15:55:15 ----D---- C:\Documents and Settings\Marrier\Application Data\Adobe
2008-09-23 15:55:13 ----D---- C:\Program Files\Common Files
2008-09-23 15:46:40 ----RSD---- C:\WINDOWS\Fonts
2008-09-23 15:45:55 ----RD---- C:\Program Files
2008-09-23 15:44:58 ----D---- C:\WINDOWS
2008-09-23 15:43:13 ----D---- C:\WINDOWS\system32
2008-09-23 15:43:09 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-21 02:06:18 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 00:27:16 ----D---- C:\WINDOWS\Help
2008-09-20 00:27:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-19 16:28:00 ----HD---- C:\WINDOWS\inf
2008-09-16 18:42:01 ----D---- C:\WINDOWS\system32\drivers
2008-09-16 18:41:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-10 18:28:29 ----D---- C:\WINDOWS\Registration
2008-09-09 17:36:43 ----D---- C:\WINDOWS\WinSxS
2008-09-04 18:27:37 ----SD---- C:\WINDOWS\Tasks
2008-08-30 12:22:14 ----A---- C:\WINDOWS\imsins.BAK
2008-08-30 12:22:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-30 09:24:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-29 21:59:26 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-29 21:44:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-29 21:42:01 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-29 21:41:02 ----A---- C:\WINDOWS\setuplog.txt
2008-08-29 21:40:17 ----D---- C:\WINDOWS\system32\wbem
2008-08-29 21:40:17 ----D---- C:\WINDOWS\system32\Setup
2008-08-29 21:40:17 ----D---- C:\WINDOWS\AppPatch
2008-08-29 21:27:08 ----D---- C:\WINDOWS\security
2008-08-29 21:22:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-29 21:21:17 ----D---- C:\Program Files\Messenger
2008-08-29 21:18:37 ----D---- C:\Program Files\Windows Media Player
2008-08-29 21:18:26 ----D---- C:\WINDOWS\ime
2008-08-29 21:18:16 ----D---- C:\WINDOWS\system32\usmt
2008-08-29 21:18:16 ----D---- C:\WINDOWS\system32\en-US
2008-08-29 21:18:14 ----D---- C:\WINDOWS\PeerNet
2008-08-29 21:18:14 ----D---- C:\Program Files\Movie Maker
2008-08-29 21:16:07 ----D---- C:\WINDOWS\system32\Restore
2008-08-29 21:16:07 ----D---- C:\WINDOWS\system32\npp
2008-08-29 21:16:05 ----D---- C:\WINDOWS\msagent
2008-08-29 21:16:04 ----D---- C:\WINDOWS\srchasst
2008-08-29 21:16:04 ----D---- C:\Program Files\NetMeeting
2008-08-29 21:16:02 ----D---- C:\WINDOWS\system32\Com
2008-08-29 21:15:58 ----D---- C:\Program Files\Windows NT
2008-08-29 21:15:58 ----D---- C:\Program Files\Outlook Express
2008-08-29 21:15:56 ----D---- C:\Program Files\Common Files\System
2008-08-29 21:15:42 ----D---- C:\WINDOWS\system32\oobe
2008-08-29 21:15:40 ----D---- C:\WINDOWS\system
2008-08-29 21:13:44 ----D---- C:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 MBAMDrvService;MBAMDrvService; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080926.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080926.003\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20080923.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 96512]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2008-02-18 214888]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-10 110256]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-29 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-19 66872]
R2 Sleepy;Sleepy; C:\Program Files\Sleepy\service.exe [2007-02-14 40960]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-08-18 1245064]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-08-18 16680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-18 138168]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.02 2008-09-26 19:02:04

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bonus-->MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
Call of Duty - United Offensive Single Player Demo-->C:\PROGRA~1\MSNMES~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\MSNMES~1\UNINST~1\INSTALL.LOG
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon iP6600D Memory Card Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D28491-78AB-445C-A507-6F3FA81D7611}\setup.exe" /PDUUninstall
Canon iP6600D-->C:\WINDOWS\system32\CNMCP7D.exe "-PRINTERNAMECanon iP6600D" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP6600D Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CC_ccProxyExt-->MsiExec.exe /I{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
ccPxyCore-->MsiExec.exe /I{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}
CIB-->MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Access 2000 SR-1-->MsiExec.exe /I{00100409-78E1-11D2-B60F-006097C998E7}
Microsoft Excel 2000 SR-1-->MsiExec.exe /I{00110409-78E1-11D2-B60F-006097C998E7}
Microsoft FrontPage 2000 SR-1-->MsiExec.exe /I{00120409-78E1-11D2-B60F-006097C998E7}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Web Components-->MsiExec.exe /I{002C9999-0000-0000-C000-000000000114}
Microsoft PowerPoint 2000 SR-1-->MsiExec.exe /I{00130409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Word 2000 SR-1-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Norton Add-on Pack (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_2_1_0_55\Setup.exe" /X
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus Help-->MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
SanDisk TransferMate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe" -l0x9
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sleepy 6.2-->C:\Program Files\Sleepy\unins000.exe
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
TeamSpeak 2 RC2-->"C:\Program Files\MSN Messenger\Teamspeak2_RC2\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, September 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 26, 2008 22:02:08
Records in database: 1264151
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 64252
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:08:57

No malware has been detected. The scan area is clean.

The selected area was scanned.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:59 AM

Posted 03 October 2008 - 11:14 PM

Hello, Nickat Night.
I'm sorry for the dely. SNOWHITE ran into some issues and she has asked me to take over this topic.

Exceedingly sorry for any delay. :thumbsup:

Those logs look clean. Are you still having any problems? MbAM does good :)

We have to remove some entries in HiJack This
  • Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Nickat Night

Nickat Night
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the hills of Vermont
  • Local time:11:59 AM

Posted 04 October 2008 - 02:14 PM

Hello - I am no longer seeing the pop-up that prompted my original posting. Apparently, MbAM did the job. :thumbsup:

The delay in response is no issue at all. I understand that you folks get a LOT of requests for help.

I used HiJackthis to fix the 1 item you referenced in your post.

I then deleted the Viewpoint Media player per your recommendation.

Here are the 2 log files you wanted to see. Thank you for your help.




OTViewIt logfile created on: 10/4/2008 3:04:59 PM - Run
OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Marrier\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.46% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 47.13 Gb Free Space | 63.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARRIER-0425E80
Current User Name: Marrier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/02/18 14:37:42 | 00,214,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
[2006/03/20 16:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/02/14 10:10:30 | 00,136,704 | ---- | M] (Sashazur, LLC) -- C:\Program Files\Sleepy\slpmoni.exe
[2007/02/14 10:11:04 | 00,123,904 | ---- | M] (Sashazur, LLC) -- C:\Program Files\Sleepy\slptray.exe
[2008/08/20 19:53:14 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/02/09 16:06:32 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/09/10 00:03:58 | 00,110,256 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
[2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/08/19 23:01:19 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/02/14 10:10:54 | 00,040,960 | ---- | M] (Sashazur, LLC) -- C:\Program Files\Sleepy\service.exe
[2007/02/14 10:10:32 | 00,127,488 | ---- | M] (Sashazur, LLC) -- C:\Program Files\Sleepy\slptask.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/09/10 00:03:58 | 00,372,400 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/04 15:04:25 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marrier\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/02/09 16:06:32 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/02/18 14:37:42 | 00,214,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2008/04/13 20:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/08/22 03:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
[2008/08/18 19:41:28 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
[2008/08/18 19:42:46 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
[2008/09/10 00:03:58 | 00,110,256 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
[2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/08/19 23:01:19 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/02/14 10:10:54 | 00,040,960 | ---- | M] (Sashazur, LLC) -- C:\Program Files\Sleepy\service.exe -- (Sleepy [Auto | Running])
[2008/08/18 20:38:38 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/12/13 17:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2007/08/08 19:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
[2006/07/19 15:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2008/09/02 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/09/02 04:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2006/05/11 12:30:52 | 00,247,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor [Boot | Running])
[2008/04/13 14:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMDrvService [Auto | Running])
[2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2008/08/20 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081004.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/20 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081004.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2007/06/29 00:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/01/16 20:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/31 17:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [System | Running])
[2008/01/31 17:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 17:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2006/03/20 16:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/08/18 20:45:11 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/12 03:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080926.005\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/06/13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2008/04/13 14:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.aol.com/?src=aim

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.aol.com/?src=aim

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdmTask"=C:\Program Files\AdmTask\admtask.exe /m (LexoSoft Inc.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" (Symantec Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2008/09/27 17:37:28 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AIM Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 16:59:50 | 00,000,747 | ---- | M] ()
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&AIM Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 16:59:50 | 00,000,747 | ---- | M] ()
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{3369AF0D-62E9-4bda-8103-B4C75499B578}: Button: AIM Toolbar -- %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [2008/03/07 09:55:24 | 01,090,912 | ---- | M] (AOL LLC)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> [2008/03/07 09:55:24 | 01,090,912 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> [2008/03/07 09:55:24 | 01,090,912 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1219106024718 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{3AABA5FE-995A-4EBB-9BAB-0AE8F49BE23D} (Servers: | Description: Intel® 82562V 10/100 Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
GoToAssist: "DllName" = C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll -- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/18 19:27:57 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autoruns.chm [ITSF | ]
[2008/08/20 14:18:56 | 00,048,986 | ---- | M] () -- C:\autoruns.chm -- [ NTFS ]

autoruns.exe [MZ | ]
[2008/08/29 10:32:18 | 00,646,184 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe -- [ NTFS ]

autorunsc.exe [MZ | ]
[2008/08/29 10:32:18 | 00,540,712 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2008/10/04 15:04:25 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marrier\Desktop\OTViewIt.exe
[2008/10/04 14:42:57 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/04 14:42:41 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/04 14:42:40 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/04 14:42:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/02 07:09:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/09/29 14:58:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\My Documents\Jessica's school work
[2008/09/27 17:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\My Documents\LimeWire
[2008/09/27 17:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Application Data\LimeWire
[2008/09/27 17:25:56 | 00,048,986 | ---- | C] () -- C:\autoruns.chm
[2008/09/27 17:25:38 | 00,646,184 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2008/09/27 17:25:28 | 00,540,712 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe
[2008/09/27 17:22:26 | 03,729,520 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\AutoRuns.arn
[2008/09/27 17:22:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2008/09/27 17:19:46 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2008/09/26 23:59:18 | 02,926,916 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Me and Brooke 4.JPG
[2008/09/26 23:59:08 | 02,663,807 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Me and Brooke 3.JPG
[2008/09/26 23:58:57 | 02,870,421 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Me and Brooke 2.JPG
[2008/09/26 23:58:44 | 03,087,482 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Me and Brooke 1.JPG
[2008/09/26 19:01:50 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/26 19:01:40 | 00,305,323 | ---- | C] () -- C:\Documents and Settings\Marrier\Desktop\RSIT.exe
[2008/09/24 19:35:10 | 02,717,480 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Kitten 2.JPG
[2008/09/24 19:35:00 | 02,639,744 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Kitten 1.JPG
[2008/09/23 21:30:08 | 02,633,850 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Josh 4.JPG
[2008/09/23 21:30:08 | 02,362,808 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Josh 5.JPG
[2008/09/23 21:29:21 | 02,566,063 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Josh 3.JPG
[2008/09/23 21:28:35 | 02,783,194 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\Josh 2.JPG
[2008/09/23 19:51:58 | 01,940,141 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\DSC00354.JPG
[2008/09/23 15:58:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\My Documents\My Transferred Files
[2008/09/23 15:58:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Application Data\ArcSoft
[2008/09/23 15:55:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Application Data\AdobeUM
[2008/09/23 15:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Local Settings\Application Data\Adobe
[2008/09/23 15:55:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\My Documents\My eBooks
[2008/09/23 15:55:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/09/23 15:46:41 | 00,001,922 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album 2.0 Starter Edition.lnk
[2008/09/23 15:46:01 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2008/09/23 15:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/23 15:45:55 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/09/23 15:44:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2008/09/23 15:43:13 | 00,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SanDisk TransferMate.lnk
[2008/09/23 15:43:12 | 00,180,224 | ---- | C] (SanDisk Inc.) -- C:\WINDOWS\System32\SanDisk Screen Saver.scr
[2008/09/23 15:43:10 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2008/09/23 15:43:10 | 00,000,000 | ---D | C] -- C:\Program Files\SanDisk
[2008/09/23 09:21:35 | 01,921,300 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\meca award letter.JPG
[2008/09/21 19:48:21 | 00,000,372 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\spider.sav
[2008/09/20 00:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Journal Viewer
[2008/09/19 16:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Desktop\My Ipod
[2008/09/17 19:00:58 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\If WWII was a RTS game.doc
[2008/09/16 18:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/11 18:24:07 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Marrier\Desktop\HijackThis.lnk
[2008/09/11 18:24:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/10 18:29:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2008/09/08 20:15:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/09/08 20:15:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Application Data\Sun
[2008/09/08 20:10:29 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/09/08 20:10:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/09/04 18:10:38 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2008/10/04 15:04:25 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marrier\Desktop\OTViewIt.exe
[2008/10/04 14:46:29 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/04 14:45:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/04 14:45:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/04 14:44:17 | 06,416,666 | -H-- | M] () -- C:\Documents and Settings\Marrier\Local Settings\Application Data\IconCache.db
[2008/10/04 11:15:28 | 00,137,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/04 11:15:21 | 00,183,120 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/10/04 11:14:57 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\My Sharing Folders.lnk
[2008/10/02 18:37:37 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\MS Word.lnk
[2008/10/01 11:50:04 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/29 17:39:20 | 00,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Marrier.job
[2008/09/27 17:37:36 | 03,729,520 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\AutoRuns.arn
[2008/09/26 23:59:19 | 02,926,916 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Me and Brooke 4.JPG
[2008/09/26 23:59:09 | 02,663,807 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Me and Brooke 3.JPG
[2008/09/26 23:58:58 | 02,870,421 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Me and Brooke 2.JPG
[2008/09/26 23:58:45 | 03,087,482 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Me and Brooke 1.JPG
[2008/09/26 19:01:40 | 00,305,323 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\RSIT.exe
[2008/09/24 19:35:11 | 02,717,480 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Kitten 2.JPG
[2008/09/24 19:35:01 | 02,639,744 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Kitten 1.JPG
[2008/09/24 17:56:27 | 00,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/23 21:30:53 | 02,362,808 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Josh 5.JPG
[2008/09/23 21:30:09 | 02,633,850 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Josh 4.JPG
[2008/09/23 21:29:22 | 02,566,063 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Josh 3.JPG
[2008/09/23 21:28:36 | 02,783,194 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\Josh 2.JPG
[2008/09/23 19:53:29 | 00,018,936 | ---- | M] () -- C:\Documents and Settings\Marrier\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/23 15:46:43 | 00,001,922 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album 2.0 Starter Edition.lnk
[2008/09/23 15:46:01 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2008/09/23 15:43:13 | 00,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SanDisk TransferMate.lnk
[2008/09/23 09:21:36 | 01,921,300 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\meca award letter.JPG
[2008/09/21 19:48:21 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\spider.sav
[2008/09/20 00:26:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/17 19:00:59 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\If WWII was a RTS game.doc
[2008/09/11 18:24:07 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\HijackThis.lnk
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >


OTViewIt Extras logfile created on: 10/4/2008 3:04:59 PM - Run
OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Marrier\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.46% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 47.13 Gb Free Space | 63.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARRIER-0425E80
Current User Name: Marrier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/08/06 11:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/08/19 23:01:19 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/10/04 11:15:21 | 00,183,120 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
File not found -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\MSN Messenger\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/08/21 16:59:55 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Standard
"{00100409-78E1-11D2-B60F-006097C998E7}"=Microsoft Access 2000 SR-1
"{00110409-78E1-11D2-B60F-006097C998E7}"=Microsoft Excel 2000 SR-1
"{00120409-78E1-11D2-B60F-006097C998E7}"=Microsoft FrontPage 2000 SR-1
"{00130409-78E1-11D2-B60F-006097C998E7}"=Microsoft PowerPoint 2000 SR-1
"{00170409-78E1-11D2-B60F-006097C998E7}"=Microsoft Word 2000 SR-1
"{002C9999-0000-0000-C000-000000000114}"=Microsoft Office Web Components
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}"=Adobe Photoshop Album 2.0 Starter Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}"=Bonus
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}"=Microsoft Windows Journal Viewer
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{5677563D-0CB1-485F-9E18-C5025306BB3F}"=Norton AntiSpam
"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}"=SanDisk TransferMate
"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}"=CC_ccProxyExt
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus
"{86D28491-78AB-445C-A507-6F3FA81D7611}"=Canon iP6600D Memory Card Utility
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}"=ccPxyCore
"{AC76BA86-7AD7-1033-7B44-000000000001}"=Adobe Reader 6.0
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security
"{CF221F8F-DB9C-43A1-8DFA-091B4DD005B9}"=SymNet
"{D4BB907A-623E-4F07-8787-041ABAE088E4}"=Norton AntiVirus Help
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton AntiVirus Help
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{E8176C35-0C2D-4142-9ED4-81861ECAB403}"=CIB
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}"=Dell Resource CD
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AIM Toolbar"=AIM Toolbar 5.0
"AIM_6"=AIM 6
"Call of Duty - United Offensive Single Player Demo"=Call of Duty - United Offensive Single Player Demo
"CANONBJ_Deinstall_CNMCP7D.DLL"=Canon iP6600D
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 56K V.9x DFVc Modem
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"GoToAssist"=GoToAssist 8.0.0.514
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"KB835221WXP"=High Definition Audio Driver Package - KB835221
"LimeWire"=LimeWire 4.18.6
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel® PRO Network Connections Drivers
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"Sleepy_is1"=Sleepy 6.2
"SymSetup.{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}"=Norton Add-on Pack (Symantec Corporation)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security (Symantec Corporation)
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2008 6:42:55 PM | Computer Name = MARRIER-0425E80 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/23/2008 6:43:19 PM | Computer Name = MARRIER-0425E80 | Source = Application Hang | ID = 1001
Description = Fault bucket 829830123.

Error - 9/27/2008 7:45:43 PM | Computer Name = MARRIER-0425E80 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2008 2:29:10 AM | Computer Name = MARRIER-0425E80 | Source = Application Error | ID = 1000
Description = Faulting application call of duty 4 - modern warfare multiplayer.exe,
version 0.0.0.0, faulting module call of duty 4 - modern warfare multiplayer.exe,
version 0.0.0.0, fault address 0x00164e07.

Error - 9/28/2008 10:44:04 PM | Computer Name = MARRIER-0425E80 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module comctl32.dll, version 5.82.2900.5512, fault address 0x0001477c.

[ System Events ]
Error - 9/27/2008 5:45:54 PM | Computer Name = MARRIER-0425E80 | Source = nv | ID = 11141231
Description = Silent Running: HW clock slowdown due to missing Auxiliary Power.

Error - 9/29/2008 7:12:19 AM | Computer Name = MARRIER-0425E80 | Source = nv | ID = 11141231
Description = Silent Running: HW clock slowdown due to missing Auxiliary Power.

Error - 9/30/2008 6:52:46 AM | Computer Name = MARRIER-0425E80 | Source = nv | ID = 11141231
Description = Silent Running: HW clock slowdown due to missing Auxiliary Power.

Error - 10/1/2008 8:50:33 AM | Computer Name = MARRIER-0425E80 | Source = nv | ID = 11141231
Description = Silent Running: HW clock slowdown due to missing Auxiliary Power.

Error - 10/1/2008 10:32:27 PM | Computer Name = MARRIER-0425E80 | Source = nv | ID = 11141231
Description = Silent Running: HW clock slowdown due to missing Auxiliary Power.

Error - 10/2/2008 7:06:11 AM | Computer Name = MARRIER-0425E80 | Source = nv | ID = 11141231
Description = Silent Running: HW clock slowdown due to missing Auxiliary Power.

Error - 10/2/2008 7:29:57 PM | Computer Name = MARRIER-0425E80 | Source = Print | ID = 6161
Description = The document Microsoft Word - Jane Eyre.doc owned by Marrier failed
to print on printer Canon iP6600D. Data type: NT EMF 1.008. Size of the spool file
in bytes: 65536. Number of bytes printed: 17412. Total number of pages in the document:
3. Number of pages printed: 0. Client machine: \\MARRIER-0425E80. Win32 error code
returned by the print processor: 5 (0x5).

Error - 10/3/2008 6:22:18 AM | Computer Name = MARRIER-0425E80 | Source = nv | ID = 11141231
Description = Silent Running: HW clock slowdown due to missing Auxiliary Power.

Error - 10/4/2008 2:44:08 PM | Computer Name = MARRIER-0425E80 | Source = DCOM | ID = 10010
Description = The server {16D99191-6280-4B33-A2F5-04805A0FC582} did not register
with DCOM within the required timeout.

Error - 10/4/2008 2:45:52 PM | Computer Name = MARRIER-0425E80 | Source = nv | ID = 11141231
Description = Silent Running: HW clock slowdown due to missing Auxiliary Power.


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:59 AM

Posted 04 October 2008 - 03:12 PM

Hello, Nickat Night.
Looks good :)

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:59 AM

Posted 05 October 2008 - 04:41 PM

Hello, Nickat Night.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users