Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.trojan.crypt?


  • This topic is locked This topic is locked
28 replies to this topic

#1 gossipgirl

gossipgirl

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 21 September 2008 - 09:33 PM

Hi there. Today popups started appearing in IE and it would occasionally shut down on its own, so I ran ad-aware and it removed something called Win32.Trojan.Crypt. It seems ok now, but a bit slow, so I though I would post a log. Thanks for any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:54 PM, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/SmartCou...ter20080612.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6873 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 28 September 2008 - 10:54 AM

Hello, gossipgirl.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 29 September 2008 - 12:12 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:13 AM, on 29/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\xb6eGW1c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\XBmE05tC.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/SmartCou...ter20080612.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6894 bytes

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 29 September 2008 - 05:59 AM

Hello, GossipGirl.
One or more of the identified infections is a password stealer!!

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\XBmE05tC.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
    [-HKEY_CLASSES_ROOT\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 29 September 2008 - 04:04 PM

========== FILES ==========
C:\WINDOWS\system32\XBmE05tC.dll unregistered successfully.
C:\WINDOWS\system32\XBmE05tC.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\\ not found.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 09292008_170422

#6 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 29 September 2008 - 04:08 PM

OTViewIt logfile created on: 29/09/2008 5:06:10 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Gwen\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 447.80 Mb Available Physical Memory | 58.38% Memory free
1.08 Gb Paging File | 0.65 Gb Available in Paging File | 60.19% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 2.06 Gb Free Space | 3.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 210.79 Gb Free Space | 90.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D------
Current User Name: Gwen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2003/02/28 02:28:34 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
[2008/06/23 23:59:48 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2003/03/21 12:51:52 | 00,102,400 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe
[2001/11/26 20:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/09/29 16:12:47 | 00,039,426 | ---- | M] () -- C:\WINDOWS\SYSTEM32\xb6eGW1c.exe
[2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2004/08/04 00:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
[2003/08/29 04:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
[2004/10/22 16:13:54 | 00,393,216 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\NetAssistant\SmartBridge\MotiveSB.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2003/02/28 02:26:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2005/09/07 17:45:16 | 00,118,784 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[2005/05/12 00:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/09/29 17:05:15 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2004/08/04 00:56:48 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2008/06/23 23:59:48 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2003/02/28 02:28:34 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2003/08/04 18:27:34 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
[2003/03/21 12:51:52 | 00,102,400 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2002/10/10 05:18:36 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc [On_Demand | Stopped])
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2001/11/26 20:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
[2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services ==========

[2001/08/17 14:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS -- (abp480n5 [Disabled | Stopped])
[2001/08/17 15:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS -- (adpu160m [Disabled | Stopped])
[2004/08/03 23:07:44 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys -- (agpCPQ [Disabled | Stopped])
[2001/08/17 14:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS -- (Aha154x [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS -- (aic78u2 [Disabled | Stopped])
[2001/08/17 15:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS -- (aic78xx [Disabled | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Disabled | Stopped])
[2004/08/03 23:07:42 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys -- (alim1541 [Disabled | Stopped])
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS -- (amsint [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Disabled | Stopped])
[2001/08/17 14:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3350P.SYS -- (asc3350p [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Disabled | Stopped])
[2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
[2002/05/13 19:59:20 | 00,004,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci [On_Demand | Stopped])
File not found -- C:\DOCUME~1\Gwen\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Stopped])
[2001/08/17 14:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CD20XRNT.SYS -- (cd20xrnt [Disabled | Stopped])
[2006/10/18 03:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2006/10/18 03:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2002/12/17 13:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQARRAY.SYS -- (Cpqarray [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC960NT.SYS -- (dac960nt [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DPTI2O.SYS -- (dpti2o [Disabled | Stopped])
[2003/06/02 21:55:53 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2002/09/19 15:59:50 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
[2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC [On_Demand | Stopped])
[2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 15:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPN.SYS -- (hpn [Disabled | Stopped])
[2004/09/29 01:11:42 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2004/09/29 01:11:46 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2004/09/29 01:10:16 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2004/08/03 23:00:52 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
[2004/08/03 23:00:52 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omp.sys -- (i2omp [Disabled | Stopped])
[2004/08/03 22:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/03 22:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/03 22:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/03 22:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/03 22:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/03 22:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/03 22:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/03 22:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/03 22:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/03 22:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4 [On_Demand | Stopped])
[2001/08/17 14:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\INI910U.SYS -- (ini910u [Disabled | Stopped])
[2004/08/03 22:59:20 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm [System | Running])
[2002/04/11 14:47:52 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter [On_Demand | Stopped])
[2003/06/02 21:55:53 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Disabled | Stopped])
[2002/03/13 08:50:36 | 00,023,296 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -- (NaiFiltr [On_Demand | Stopped])
[2002/10/10 05:18:58 | 00,009,868 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG [On_Demand | Stopped])
[2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2002/07/19 11:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2002/08/30 17:29:02 | 01,293,440 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X [On_Demand | Running])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS -- (PCIIde [Boot | Running])
[2001/08/17 15:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2.SYS -- (perc2 [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2HIB.SYS -- (perc2hib [Disabled | Stopped])
[1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2004/08/03 22:59:18 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys -- (Processor [System | Stopped])
[2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2003/06/02 21:55:53 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS -- (Ql10wnt [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1240.SYS -- (ql1240 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Disabled | Stopped])
[2006/10/10 13:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2007/02/27 12:39:26 | 00,032,256 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2006/04/07 19:25:19 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS -- (TosIde [Disabled | Stopped])
[2003/06/02 21:55:53 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Disabled | Stopped])
[2008/07/10 09:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/03 23:08:38 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
[2004/08/03 23:07:44 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys -- (viaagp [Disabled | Stopped])
[2004/08/03 22:59:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaide.sys -- (ViaIde [Disabled | Stopped])
[2001/09/27 11:58:20 | 00,028,396 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2002/08/29 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.dellnet.com
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.dellnet.com
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"BCMSMMSG"=BCMSMMSG.exe (Broadcom Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe (Networks Associates Technology, Inc)
"Motive SmartBridge"=C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"= File not found
"RunNarrator"= File not found

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2005/05/12 00:49:24 | 00,073,728 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2005/09/07 17:45:16 | 00,118,784 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[2007/05/15 18:13:10 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\Georgia\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab -- CKAVWebScan Object
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}: http://protect.microsoft.com/security/prot...b?1097333278437 -- MSSecurityAdvisor Class
{33564D57-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab -- McAfee.com Operating System Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{76716694-EADA-4810-8C3B-4826328A317F}: http://content.dll1.com/Connectus/SmartCou...ter20080612.cab -- SmartCouponPrinter Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab -- DwnldGroupMgr Class
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{9B8AC1E2-3FAF-4C6B-A343-CABD19AB6906} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
wzcnotif: "DllName" = wzcdlg.dll -- C:\WINDOWS\SYSTEM32\wzcdlg.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/09/03 09:59:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3473248b-16f0-11dd-8f69-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3473248b-16f0-11dd-8f69-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3473248b-16f0-11dd-8f69-00038a000015}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/09/29 17:05:13 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTViewIt.exe
[2008/09/29 17:03:21 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTMoveIt3.exe
[2008/09/27 00:22:41 | 01,084,928 | ---- | C] () -- C:\Documents and Settings\Gwen\Desktop\jamies card.doc
[2008/09/27 00:21:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\xb6eGW1c.exe.a_a
[2008/09/24 16:18:52 | 00,039,426 | ---- | C] () -- C:\WINDOWS\System32\xb6eGW1c.exe_
[2008/09/24 16:18:52 | 00,039,426 | ---- | C] () -- C:\WINDOWS\System32\xb6eGW1c.exe
[2008/09/24 15:17:53 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Gwen\Desktop\Chanel.doc
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2008/09/21 16:37:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2008/09/21 16:04:55 | 00,030,272 | ---- | C] () -- C:\WINDOWS\System32\Tlj3LSSl.exe
[2008/09/21 16:04:52 | 00,030,272 | ---- | C] () -- C:\WINDOWS\System32\l1u3DR8T.exe
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2008/09/04 21:15:52 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Gwen\My Documents\revolution pro.doc

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[112 C:\Documents and Settings\Gwen\My Documents\*.tmp files]
[2008/09/29 17:06:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D-------Yvonne).job
[2008/09/29 17:05:15 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTViewIt.exe
[2008/09/29 17:05:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D-------Chris).job
[2008/09/29 17:04:00 | 00,000,498 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D-------Georgia).job
[2008/09/29 17:04:00 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D8VQYV21-Owner).job
[2008/09/29 17:03:22 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTMoveIt3.exe
[2008/09/29 17:02:17 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D-------Gwen).job
[2008/09/29 17:00:41 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2008/09/29 17:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2008/09/29 17:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2008/09/29 16:57:37 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\Gwen\My Documents\My Sharing Folders.lnk
[2008/09/29 16:12:47 | 00,039,426 | ---- | M] () -- C:\WINDOWS\System32\xb6eGW1c.exe
[2008/09/29 16:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2008/09/29 16:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2008/09/29 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2008/09/29 15:55:42 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2008/09/29 15:55:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/29 15:55:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/09/29 15:55:30 | 80,433,1520 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/29 15:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2008/09/29 15:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2008/09/29 10:04:52 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2008/09/29 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2008/09/29 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2008/09/29 01:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2008/09/29 01:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2008/09/29 01:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2008/09/29 00:36:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2008/09/29 00:17:36 | 00,039,426 | ---- | M] () -- C:\WINDOWS\System32\xb6eGW1c.exe_
[2008/09/29 00:09:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2008/09/29 00:06:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2008/09/28 22:02:33 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2008/09/28 13:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2008/09/28 13:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2008/09/28 12:55:17 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/28 11:47:35 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2008/09/28 11:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2008/09/28 11:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2008/09/28 10:32:31 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Gwen\Desktop\Microsoft Office Word 2003.lnk
[2008/09/28 10:30:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2008/09/27 22:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2008/09/27 22:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2008/09/27 22:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2008/09/27 21:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2008/09/27 21:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2008/09/27 21:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2008/09/27 20:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2008/09/27 20:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2008/09/27 14:00:21 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2008/09/27 14:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2008/09/27 14:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2008/09/27 12:00:26 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2008/09/27 12:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2008/09/27 12:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2008/09/27 09:04:36 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2008/09/27 09:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2008/09/27 09:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2008/09/27 01:12:32 | 01,084,928 | ---- | M] () -- C:\Documents and Settings\Gwen\Desktop\jamies card.doc
[2008/09/27 00:56:55 | 00,000,549 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2008/09/27 00:21:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\xb6eGW1c.exe.a_a
[2008/09/26 18:00:21 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2008/09/26 18:00:08 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2008/09/26 18:00:05 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2008/09/26 11:03:17 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2008/09/26 08:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2008/09/26 08:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2008/09/26 08:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2008/09/26 07:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2008/09/26 07:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2008/09/25 19:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2008/09/25 19:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2008/09/25 19:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2008/09/24 15:17:54 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Gwen\Desktop\Chanel.doc
[2008/09/21 23:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2008/09/21 23:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2008/09/21 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2008/09/21 16:37:49 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2008/09/21 16:37:49 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2008/09/21 16:37:49 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2008/09/21 16:37:49 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2008/09/21 16:37:49 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2008/09/21 16:04:56 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2008/09/21 16:04:52 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2008/09/21 16:04:23 | 00,030,272 | ---- | M] () -- C:\WINDOWS\System32\Tlj3LSSl.exe
[2008/09/21 16:04:20 | 00,030,272 | ---- | M] () -- C:\WINDOWS\System32\l1u3DR8T.exe
[2008/09/21 14:29:31 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/09/16 19:58:36 | 01,612,582 | -H-- | M] () -- C:\Documents and Settings\Gwen\Local Settings\Application Data\IconCache.db
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/05 00:12:59 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Gwen\My Documents\revolution pro.doc
[2008/08/31 11:56:50 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
< End of report >

#7 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 29 September 2008 - 04:11 PM

OTViewIt Extras logfile created on: 29/09/2008 5:06:11 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Gwen\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 447.80 Mb Available Physical Memory | 58.38% Memory free
1.08 Gb Paging File | 0.65 Gb Available in Paging File | 60.19% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 2.06 Gb Free Space | 3.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 210.79 Gb Free Space | 90.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D------
Current User Name: Gwen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger
[2008/02/08 17:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2003/02/28 02:26:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
[2006/09/19 18:06:22 | 02,965,504 | ---- | M] (Sony Media Software, Inc.) -- C:\Program Files\Sony\Media Manager for PSP 2.0\MediaManager.exe:*:Enabled:Media Manager for PSP 2.0
File not found -- C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost
File not found -- C:\WINDOWS\SYSTEM32\cssrss.exe:*:Disabled:cssrss
[2008/07/10 10:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}"=Intel® PROSet II
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}"=PhotoGallery
"{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}"=Sony Media Manager for PSP 2.0
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}"=CP_Package_Variety1
"{06874C62-EC70-4275-9F30-BD81969993A8}"=Nancy Drew: Secret of Shadow Ranch
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(Sympatico Consumer)"=Visual IP InSight(Sympatico Consumer)
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}"=Destinations
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}"=Dell Solution Center
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{1505D9B1-6037-4310-815A-4D8A212C5075}"=Nancy Drew: The Phantom of Venice
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}"=Dell Picture Studio - Dell Image Expert
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}"=CP_Package_Variety3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}"=Microsoft IntelliPoint 4.1
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}"=Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}"=CP_Panorama1Config
"{24328842-A29C-4FEA-81D3-1929D3A7F1AE}"=Nancy Drew: Legend of the Crystal Skull
"{29D88826-2AB9-11D5-8854-00902761A46D}"=WordPerfect Office 2002
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}"=Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}"=TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}"=InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}"=HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}"=Apple Mobile Device Support
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}"=CP_CalendarTemplates1
"{38441BE7-79B0-42B8-8297-833704F949FE}"=HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{40C03514-89C3-41BA-0090-3B440256DB87}"=The Sims 2
"{438BC259-E54C-4392-008E-2808B9C251CA}"=The Sims 2 Body Shop
"{469730CC-78DF-4CD3-B286-562D459EA619}"=ESSCAM
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{4817189D-1785-4627-A33C-39FD90919300}"=The Sims 2 Pets
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}"=ESSvpot
"{4C23837C-993E-11D4-9DE0-0060085C158A}"=KODAK Picture CD
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}"=ESSSONIC
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}"=RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}"=WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{59C9A627-5F4A-47c4-94FD-9A886F5AC971}"=PS330
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}"=CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}"=MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{60D8CA34-642C-476F-AB4E-94DECCAEED69}"=The White Wolf of Icicle Creek
"{64116298-93C5-401D-B06C-39D8E3338508}"=DAO
"{65D85050-5610-4A91-A3B1-D5C744291AD4}"=PCDADDIN
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}"=SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{69BD6399-3D8F-45B7-81D9-819361F5101D}"=PCDLNCH
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{70D1416D-C0FF-461C-8AF3-71B98C7F5CA4}"=Nancy Drew: Secret of the Old Clock
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}"=PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}"=PSPrinters08
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}"=CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}"=The Sims 2 University
"{90120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}"=Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}"=Sound Blaster Live!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}"=DVDSentry
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}"=CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{9E38979C-FA65-476D-80C7-72F4EADE726C}"=Nancy Drew: The Curse of Blackmoor Manor
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}"=CameraDrivers
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}"=ESSvpaht
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}"=CueTour
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}"=ArcSoft Panorama Maker 3
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}"=ESSANUP
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}"=HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B2B784E9-F6F2-4781-B033-E15BD3C9993A}"=Sony Media Manager for PSP Patch 2.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}"=PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}"=CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}"=BufferChm
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}"=SFR
"{C3D82C0B-3592-4B03-A970-F84C081A8152}"=Nancy Drew: Danger by Design
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}"=PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}"=ESSAdpt
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}"=ArcSoft Panorama Maker 4
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}"=HPProductAssistant
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}"=Nikon Transfer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}"=SolutionCenter
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}"=iTunes
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}"=Status
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}"=PictureProject
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"America Online ca"=AOL
"BCM V.92 56K Modem"=BCM V.92 56K Modem
"BellCanada.MCCInstall"=Sympatico NetAssistant
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 5.3
"HP Photo & Imaging"=HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools"=HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities"=HP Extended Capabilities 5.3
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"KB870669"=Microsoft Data Access Components KB870669
"LastFM_is1"=Last.fm 1.5.1.29527
"Lexmark X5100 Series"=Lexmark X5100 Series
"LimeWire"=LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mcafee SecurityCenter"=McAfee SecurityCenter
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Nancy Drew: Stay Tuned For Danger"=Nancy Drew: Stay Tuned For Danger
"NVIDIA Display Driver"=NVIDIA Display Driver
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel® PRO Ethernet Adapter and Software
"Shockwave"=Shockwave
"VirusScan Online"=McAfee VirusScan Online
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinZip"=WinZip
"WordPerfect Office 2002"=WordPerfect Office 2002

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/09/2008 7:26:54 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application Sims2EP4.exe, version 1.6.0.259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/09/2008 7:26:57 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application Sims2EP4.exe, version 1.6.0.259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21/09/2008 9:26:41 PM | Computer Name = D------ | Source = Application Error | ID = 1000
Description = Faulting application game.exe, version 6.4.4.0, faulting module ,
version 0.0.0.0, fault address 0x00000000.

Error - 23/09/2008 2:57:14 PM | Computer Name = D------ | Source = Application Error | ID = 1000
Description = Faulting application ad-aware2007.exe, version 7.0.2.5, faulting module
ad-aware2007.exe, version 7.0.2.5, fault address 0x00094caa.

Error - 23/09/2008 2:57:45 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware2007.exe, version 7.0.2.5, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/09/2008 9:08:16 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/09/2008 9:10:26 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 11:47:34 AM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 11:47:38 AM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 11:47:38 AM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 16/09/2008 7:59:03 PM | Computer Name = D------ | Source = DCOM | ID = 10010
Description = The server {BAA8FB92-D1E7-4181-B0EE-94DA3329F7C0} did not register
with DCOM within the required timeout.

Error - 21/09/2008 11:00:00 PM | Computer Name = D------ | Source = Schedule | ID = 7901
Description = The At72.job command failed to start due to the following error: %%2147942402

Error - 22/09/2008 8:44:09 AM | Computer Name = D------ | Source = DCOM | ID = 10010
Description = The server {657C7A59-4FEC-4C06-A354-607B1EB184FB} did not register
with DCOM within the required timeout.

Error - 22/09/2008 9:00:00 AM | Computer Name = D------ | Source = Schedule | ID = 7901
Description = The At58.job command failed to start due to the following error: %%2147942402

Error - 23/09/2008 4:00:00 PM | Computer Name = D------ | Source = Schedule | ID = 7901
Description = The At65.job command failed to start due to the following error: %%2147942402

Error - 24/09/2008 4:00:00 PM | Computer Name = D------ | Source = Schedule | ID = 7901
Description = The At65.job command failed to start due to the following error: %%2147942402

Error - 26/09/2008 10:06:10 PM | Computer Name = D------
| Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 26/09/2008 11:50:01 PM | Computer Name = D------ | Source = Print | ID = 6161
Description =


< End of report >

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 29 September 2008 - 04:58 PM

Hello, GossipGirl.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :processess
    C:\WINDOWS\SYSTEM32\xb6eGW1c.exe
    
    :files
    C:\WINDOWS\SYSTEM32\xb6eGW1c.exe
    C:\WINDOWS\tasks\At??.job
    C:\WINDOWS\tasks\At?.job
    C:\WINDOWS\System32\Tlj3LSSl.exe
    C:\WINDOWS\System32\l1u3DR8T.exe
    C:\WINDOWS\System32\xb6eGW1c.exe.a_a
    C:\WINDOWS\System32\xb6eGW1c.exe_
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A new OTViewIt Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 29 September 2008 - 05:55 PM

Error: Unable to interpret <:processess> in the current context!
Error: Unable to interpret <C:\WINDOWS\SYSTEM32\xb6eGW1c.exe> in the current context!
========== FILES ==========
C:\WINDOWS\SYSTEM32\xb6eGW1c.exe moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
File/Folder C:\WINDOWS\tasks\At?.job not found.
C:\WINDOWS\System32\Tlj3LSSl.exe moved successfully.
C:\WINDOWS\System32\l1u3DR8T.exe moved successfully.
C:\WINDOWS\System32\xb6eGW1c.exe.a_a moved successfully.
C:\WINDOWS\System32\xb6eGW1c.exe_ moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 09292008_185413

#10 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 29 September 2008 - 05:59 PM

OTViewIt logfile created on: 29/09/2008 6:55:31 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Gwen\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 66.17 Mb Available Physical Memory | 8.63% Memory free
1.46 Gb Paging File | 0.06 Gb Available in Paging File | 3.79% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 1.67 Gb Free Space | 2.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 210.79 Gb Free Space | 90.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D---------
Current User Name: Gwen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2003/02/28 02:28:34 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
[2008/06/23 23:59:48 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2003/03/21 12:51:52 | 00,102,400 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe
[2001/11/26 20:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
File not found -- C:\WINDOWS\system32\xb6eGW1c.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2004/08/04 00:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
[2003/08/29 04:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
[2004/10/22 16:13:54 | 00,393,216 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\NetAssistant\SmartBridge\MotiveSB.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2003/02/28 02:26:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2005/09/07 17:45:16 | 00,118,784 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[2005/05/12 00:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/09/29 17:05:15 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2004/08/04 00:56:48 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2008/06/23 23:59:48 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2003/02/28 02:28:34 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2003/08/04 18:27:34 | 00,245,760 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
[2003/03/21 12:51:52 | 00,102,400 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2002/10/10 05:18:36 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc [On_Demand | Stopped])
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2001/11/26 20:54:02 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
[2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services ==========

[2001/08/17 14:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS -- (abp480n5 [Disabled | Stopped])
[2001/08/17 15:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS -- (adpu160m [Disabled | Stopped])
[2004/08/03 23:07:44 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys -- (agpCPQ [Disabled | Stopped])
[2001/08/17 14:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS -- (Aha154x [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS -- (aic78u2 [Disabled | Stopped])
[2001/08/17 15:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS -- (aic78xx [Disabled | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Disabled | Stopped])
[2004/08/03 23:07:42 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys -- (alim1541 [Disabled | Stopped])
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS -- (amsint [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Disabled | Stopped])
[2001/08/17 14:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3350P.SYS -- (asc3350p [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Disabled | Stopped])
[2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
[2002/05/13 19:59:20 | 00,004,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci [On_Demand | Stopped])
File not found -- C:\DOCUME~1\Gwen\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Stopped])
[2001/08/17 14:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CD20XRNT.SYS -- (cd20xrnt [Disabled | Stopped])
[2006/10/18 03:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2006/10/18 03:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2002/12/17 13:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQARRAY.SYS -- (Cpqarray [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC960NT.SYS -- (dac960nt [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DPTI2O.SYS -- (dpti2o [Disabled | Stopped])
[2003/06/02 21:55:53 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2002/09/19 15:59:50 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
[2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC [On_Demand | Stopped])
[2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 15:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPN.SYS -- (hpn [Disabled | Stopped])
[2004/09/29 01:11:42 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2004/09/29 01:11:46 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2004/09/29 01:10:16 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2004/08/03 23:00:52 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
[2004/08/03 23:00:52 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omp.sys -- (i2omp [Disabled | Stopped])
[2004/08/03 22:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/03 22:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/03 22:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/03 22:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/03 22:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/03 22:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/03 22:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/03 22:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/03 22:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/03 22:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4 [On_Demand | Stopped])
[2001/08/17 14:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\INI910U.SYS -- (ini910u [Disabled | Stopped])
[2004/08/03 22:59:20 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm [System | Running])
[2002/04/11 14:47:52 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter [On_Demand | Stopped])
[2003/06/02 21:55:53 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Disabled | Stopped])
[2002/03/13 08:50:36 | 00,023,296 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -- (NaiFiltr [On_Demand | Stopped])
[2002/10/10 05:18:58 | 00,009,868 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG [On_Demand | Stopped])
[2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2002/07/19 11:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2002/08/30 17:29:02 | 01,293,440 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X [On_Demand | Running])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS -- (PCIIde [Boot | Running])
[2001/08/17 15:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2.SYS -- (perc2 [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2HIB.SYS -- (perc2hib [Disabled | Stopped])
[1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2004/08/03 22:59:18 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys -- (Processor [System | Stopped])
[2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2003/06/02 21:55:53 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS -- (Ql10wnt [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1240.SYS -- (ql1240 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Disabled | Stopped])
[2006/10/10 13:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2007/02/27 12:39:26 | 00,032,256 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2006/04/07 19:25:19 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS -- (TosIde [Disabled | Stopped])
[2003/06/02 21:55:53 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Disabled | Stopped])
[2008/07/10 09:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/03 23:08:38 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
[2004/08/03 23:07:44 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys -- (viaagp [Disabled | Stopped])
[2004/08/03 22:59:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaide.sys -- (ViaIde [Disabled | Stopped])
[2001/09/27 11:58:20 | 00,028,396 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2002/08/29 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.dellnet.com
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www.dellnet.com
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{99C6D1BB-7555-474C-91DA-D8FB62A9CC75} (HKLM) -- C:\WINDOWS\SYSTEM32\XBmE05tC.dll (TODO: <Company name>)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"BCMSMMSG"=BCMSMMSG.exe (Broadcom Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe (Networks Associates Technology, Inc)
"Motive SmartBridge"=C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"= File not found
"RunNarrator"= File not found

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2005/05/12 00:49:24 | 00,073,728 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2005/09/07 17:45:16 | 00,118,784 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[2007/05/15 18:13:10 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\Georgia\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3582278927-2971143041-3204845381-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab -- CKAVWebScan Object
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}: http://protect.microsoft.com/security/prot...b?1097333278437 -- MSSecurityAdvisor Class
{33564D57-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab -- McAfee.com Operating System Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{76716694-EADA-4810-8C3B-4826328A317F}: http://content.dll1.com/Connectus/SmartCou...ter20080612.cab -- SmartCouponPrinter Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab -- DwnldGroupMgr Class
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{9B8AC1E2-3FAF-4C6B-A343-CABD19AB6906} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
wzcnotif: "DllName" = wzcdlg.dll -- C:\WINDOWS\SYSTEM32\wzcdlg.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/09/03 09:59:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3473248b-16f0-11dd-8f69-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3473248b-16f0-11dd-8f69-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3473248b-16f0-11dd-8f69-00038a000015}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/09/29 18:13:09 | 00,029,184 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\XBmE05tC.dll
[2008/09/29 17:05:13 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTViewIt.exe
[2008/09/29 17:03:21 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTMoveIt3.exe
[2008/09/27 00:22:41 | 01,084,928 | ---- | C] () -- C:\Documents and Settings\Gwen\Desktop\jamies card.doc
[2008/09/24 15:17:53 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Gwen\Desktop\Chanel.doc
[2008/09/04 21:15:52 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Gwen\My Documents\revolution pro.doc

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[112 C:\Documents and Settings\Gwen\My Documents\*.tmp files]
[2008/09/29 18:55:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D-------Chris).job
[2008/09/29 18:54:00 | 00,000,498 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D-------Georgia).job
[2008/09/29 18:54:00 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D8VQYV21-Owner).job
[2008/09/29 18:52:00 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D-------Yvonne).job
[2008/09/29 18:52:00 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D-------Gwen).job
[2008/09/29 18:13:09 | 00,029,184 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\XBmE05tC.dll
[2008/09/29 17:05:15 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTViewIt.exe
[2008/09/29 17:03:22 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gwen\Desktop\OTMoveIt3.exe
[2008/09/29 16:57:37 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\Gwen\My Documents\My Sharing Folders.lnk
[2008/09/29 15:55:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/29 15:55:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/09/29 15:55:30 | 80,433,1520 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/28 12:55:17 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/28 10:32:31 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Gwen\Desktop\Microsoft Office Word 2003.lnk
[2008/09/27 01:12:32 | 01,084,928 | ---- | M] () -- C:\Documents and Settings\Gwen\Desktop\jamies card.doc
[2008/09/27 00:56:55 | 00,000,549 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2008/09/24 15:17:54 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Gwen\Desktop\Chanel.doc
[2008/09/21 14:29:31 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/09/16 19:58:36 | 01,612,582 | -H-- | M] () -- C:\Documents and Settings\Gwen\Local Settings\Application Data\IconCache.db
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/05 00:12:59 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Gwen\My Documents\revolution pro.doc
[2008/08/31 11:56:50 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
< End of report >


OTViewIt Extras logfile created on: 29/09/2008 6:55:31 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Gwen\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 66.17 Mb Available Physical Memory | 8.63% Memory free
1.46 Gb Paging File | 0.06 Gb Available in Paging File | 3.79% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 1.67 Gb Free Space | 2.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 210.79 Gb Free Space | 90.52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D------
Current User Name: Gwen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger
[2008/02/08 17:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2003/02/28 02:26:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
[2006/09/19 18:06:22 | 02,965,504 | ---- | M] (Sony Media Software, Inc.) -- C:\Program Files\Sony\Media Manager for PSP 2.0\MediaManager.exe:*:Enabled:Media Manager for PSP 2.0
File not found -- C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost
File not found -- C:\WINDOWS\SYSTEM32\cssrss.exe:*:Disabled:cssrss
[2008/07/10 10:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}"=Intel® PROSet II
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}"=PhotoGallery
"{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}"=Sony Media Manager for PSP 2.0
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}"=CP_Package_Variety1
"{06874C62-EC70-4275-9F30-BD81969993A8}"=Nancy Drew: Secret of Shadow Ranch
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(Sympatico Consumer)"=Visual IP InSight(Sympatico Consumer)
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}"=Destinations
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}"=Dell Solution Center
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{1505D9B1-6037-4310-815A-4D8A212C5075}"=Nancy Drew: The Phantom of Venice
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}"=Dell Picture Studio - Dell Image Expert
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}"=CP_Package_Variety3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}"=Microsoft IntelliPoint 4.1
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}"=Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}"=CP_Panorama1Config
"{24328842-A29C-4FEA-81D3-1929D3A7F1AE}"=Nancy Drew: Legend of the Crystal Skull
"{29D88826-2AB9-11D5-8854-00902761A46D}"=WordPerfect Office 2002
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}"=Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}"=TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}"=InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}"=HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}"=Apple Mobile Device Support
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}"=CP_CalendarTemplates1
"{38441BE7-79B0-42B8-8297-833704F949FE}"=HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{40C03514-89C3-41BA-0090-3B440256DB87}"=The Sims 2
"{438BC259-E54C-4392-008E-2808B9C251CA}"=The Sims 2 Body Shop
"{469730CC-78DF-4CD3-B286-562D459EA619}"=ESSCAM
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{4817189D-1785-4627-A33C-39FD90919300}"=The Sims 2 Pets
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}"=ESSvpot
"{4C23837C-993E-11D4-9DE0-0060085C158A}"=KODAK Picture CD
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}"=ESSSONIC
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}"=RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}"=WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{59C9A627-5F4A-47c4-94FD-9A886F5AC971}"=PS330
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}"=CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}"=MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{60D8CA34-642C-476F-AB4E-94DECCAEED69}"=The White Wolf of Icicle Creek
"{64116298-93C5-401D-B06C-39D8E3338508}"=DAO
"{65D85050-5610-4A91-A3B1-D5C744291AD4}"=PCDADDIN
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}"=SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{69BD6399-3D8F-45B7-81D9-819361F5101D}"=PCDLNCH
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{70D1416D-C0FF-461C-8AF3-71B98C7F5CA4}"=Nancy Drew: Secret of the Old Clock
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}"=PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}"=PSPrinters08
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}"=CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}"=The Sims 2 University
"{90120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}"=Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}"=Sound Blaster Live!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}"=DVDSentry
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}"=CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{9E38979C-FA65-476D-80C7-72F4EADE726C}"=Nancy Drew: The Curse of Blackmoor Manor
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}"=CameraDrivers
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}"=ESSvpaht
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}"=CueTour
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}"=ArcSoft Panorama Maker 3
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}"=ESSANUP
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}"=HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B2B784E9-F6F2-4781-B033-E15BD3C9993A}"=Sony Media Manager for PSP Patch 2.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}"=PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}"=CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}"=BufferChm
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}"=SFR
"{C3D82C0B-3592-4B03-A970-F84C081A8152}"=Nancy Drew: Danger by Design
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}"=PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}"=ESSAdpt
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}"=ArcSoft Panorama Maker 4
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}"=HPProductAssistant
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}"=Nikon Transfer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}"=SolutionCenter
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}"=iTunes
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}"=Status
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}"=PictureProject
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"America Online ca"=AOL
"BCM V.92 56K Modem"=BCM V.92 56K Modem
"BellCanada.MCCInstall"=Sympatico NetAssistant
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 5.3
"HP Photo & Imaging"=HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools"=HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities"=HP Extended Capabilities 5.3
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"KB870669"=Microsoft Data Access Components KB870669
"LastFM_is1"=Last.fm 1.5.1.29527
"Lexmark X5100 Series"=Lexmark X5100 Series
"LimeWire"=LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mcafee SecurityCenter"=McAfee SecurityCenter
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Nancy Drew: Stay Tuned For Danger"=Nancy Drew: Stay Tuned For Danger
"NVIDIA Display Driver"=NVIDIA Display Driver
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel® PRO Ethernet Adapter and Software
"Shockwave"=Shockwave
"VirusScan Online"=McAfee VirusScan Online
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinZip"=WinZip
"WordPerfect Office 2002"=WordPerfect Office 2002

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/09/2008 7:26:54 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application Sims2EP4.exe, version 1.6.0.259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/09/2008 7:26:57 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application Sims2EP4.exe, version 1.6.0.259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21/09/2008 9:26:41 PM | Computer Name = D------ | Source = Application Error | ID = 1000
Description = Faulting application game.exe, version 6.4.4.0, faulting module ,
version 0.0.0.0, fault address 0x00000000.

Error - 23/09/2008 2:57:14 PM | Computer Name = D------ | Source = Application Error | ID = 1000
Description = Faulting application ad-aware2007.exe, version 7.0.2.5, faulting module
ad-aware2007.exe, version 7.0.2.5, fault address 0x00094caa.

Error - 23/09/2008 2:57:45 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware2007.exe, version 7.0.2.5, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/09/2008 9:08:16 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/09/2008 9:10:26 PM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 11:47:34 AM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 11:47:38 AM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 11:47:38 AM | Computer Name = D------ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 16/09/2008 7:59:03 PM | Computer Name = D------ | Source = DCOM | ID = 10010
Description = The server {BAA8FB92-D1E7-4181-B0EE-94DA3329F7C0} did not register
with DCOM within the required timeout.

Error - 21/09/2008 11:00:00 PM | Computer Name = D------ | Source = Schedule | ID = 7901
Description = The At72.job command failed to start due to the following error: %%2147942402

Error - 22/09/2008 8:44:09 AM | Computer Name = D------ | Source = DCOM | ID = 10010
Description = The server {657C7A59-4FEC-4C06-A354-607B1EB184FB} did not register
with DCOM within the required timeout.

Error - 22/09/2008 9:00:00 AM | Computer Name = D------ | Source = Schedule | ID = 7901
Description = The At58.job command failed to start due to the following error: %%2147942402

Error - 23/09/2008 4:00:00 PM | Computer Name = D------ | Source = Schedule | ID = 7901
Description = The At65.job command failed to start due to the following error: %%2147942402

Error - 24/09/2008 4:00:00 PM | Computer Name = D------ | Source = Schedule | ID = 7901
Description = The At65.job command failed to start due to the following error: %%2147942402

Error - 26/09/2008 10:06:10 PM | Computer Name = D------ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 26/09/2008 11:50:01 PM | Computer Name = D------ | Source = Print | ID = 6161
Description =


< End of report >

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 29 September 2008 - 07:02 PM

Hello, GossipGirl.
Looks like that got it... just some leftovers to go and a final check :thumbsup:

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
    [-HKEY_CLASSES_ROOT\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
    
    :files
    C:\WINDOWS\System32\XBmE05tC.dll
    
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A new HJT Log

Billy3

Edited by Billy O'Neal, 29 September 2008 - 07:02 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 29 September 2008 - 10:26 PM

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\System32\XBmE05tC.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Gwen\LOCALS~1\Temp\~DFD6C2.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 09292008_231528

Files moved on Reboot...
File C:\DOCUME~1\Gwen\LOCALS~1\Temp\~DFD6C2.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.

#13 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 30 September 2008 - 12:22 AM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3481 (20080929)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=ab947ea15afd944c94c312e76b4e3438
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-30 05:21:26
# local_time=2008-09-30 01:21:26 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=519564
# found=8
# scan_time=6544
C:\Documents and Settings\Georgia\Local Settings\temp\lddjbahg.exe probably a variant of Win32/TrojanDownloader.Delf trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Win32/TrojanDownloader.VB.NEO trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\unovggnb.dll.vir Win32/Adware.AdMedia application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\09292008_170422\WINDOWS\system32\XBmE05tC.dll probably a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\09292008_185413\WINDOWS\SYSTEM32\l1u3DR8T.exe a variant of Win32/TrojanDownloader.Firu trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\09292008_185413\WINDOWS\SYSTEM32\Tlj3LSSl.exe a variant of Win32/TrojanDownloader.Firu trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\09292008_185413\WINDOWS\SYSTEM32\xb6eGW1c.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\09292008_185413\WINDOWS\SYSTEM32\xb6eGW1c.exe_ a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000

#14 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 30 September 2008 - 12:24 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:43 AM, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/SmartCou...ter20080612.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6834 bytes

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 30 September 2008 - 05:28 AM

Hello, GossipGirl.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users