Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack This Log, Last Resort


  • This topic is locked This topic is locked
43 replies to this topic

#1 Dr Fager

Dr Fager

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 03 October 2008 - 10:10 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:11 AM, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Secunia\PSI (RC3)\psi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 7393 bytes

BC AdBot (Login to Remove)

 


#2 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 03 October 2008 - 10:18 AM

BTW, my computer started acting weird Monday night. When i would try to google something all of the links would go to various advertising sites. then the next day the computer would just start freezing up and locking, and then would not restart or shutdown. i had to pull the plug.

ive downloaded, installed, scanned the following since this came up...

Malware Bytes (caught 72 things)
Norton 360 (firewall and virus scan etc, reset the firewall so i have to be notified if anything is connecting)
AdAware
ThreatFire
ATF Cleaner
CCCleaner
F Secure Blacklight Rootkit Detection
Windows Malicious Software Removal Tool
Windows Defender
Spybot
Eusing Registry Cleaner
Spyware Blaster
HijackThis

Ive also done two online scans with Trend Micro and Kapersky.

Things are much better (ie functional), but the computer is still much slower then it was before this happened, and it takes more time to shutdown restart. im not convinced that ive wiped everything out and am fighting a reformat job because i actually did that 2 months ago.

btw, i also installed the "no script", "WOD" and "Secure Login" add-ons for Firefox

Edited by Dr Fager, 03 October 2008 - 10:19 AM.


#3 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 03 October 2008 - 10:49 AM

scanning with the McAfee Avert Stinger, its the only program (or step) on the sticky guide post i havent done.

#4 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 03 October 2008 - 11:58 AM

Stinger didnt catch anything

#5 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 03 October 2008 - 01:18 PM

ok, i turned of the system restore. rebooted. when the desktop came back up this "Hotkey Keyboard" pop up came up, and kept coming up over and over, before i could restart there must have been 7-8 of those messages. said something like access denied and then some numbers. didn't catch the entire message as i was panicking to restart!

it restarted ok. i turned on system restore.

i looked in my Norton 360, and saw it quarantined trojanavkill and downloader yesterday. what does quarantine do and shouldnt it be deleted?

im convinced i have something on this computer, NEED HELP!

#6 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 03 October 2008 - 02:51 PM

no ideas?

#7 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 03 October 2008 - 05:07 PM

im assuming i have to wait 5 days before help?

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:15 PM

Posted 07 October 2008 - 09:09 PM

Hello, Dr Fager.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 October 2008 - 10:14 AM

OTViewIt logfile created on: 10/9/2008 10:05:33 AM - Run 2
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 60.73 Mb Available Physical Memory | 12.08% Memory free
1.20 Gb Paging File | 0.77 Gb Available in Paging File | 64.20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 110.00 Gb Free Space | 73.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/02/18 15:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/10/02 17:34:58 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/24 16:52:22 | 00,066,880 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
[2004/05/17 21:30:04 | 00,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
[2004/03/11 18:18:54 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
[2004/07/01 15:58:14 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2004/07/05 22:05:48 | 02,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/02/18 15:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/04/24 16:52:28 | 00,259,392 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
[2008/06/16 05:03:08 | 00,663,552 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI (RC3)\psi.exe
[2008/10/02 15:48:24 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2007/08/22 04:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
[2008/09/28 21:00:19 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/09 10:03:52 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/02 17:34:58 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/02/18 15:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/02/18 15:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2008/02/18 15:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/08/22 04:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Running])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/02/18 15:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
[2008/10/02 15:48:24 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2008/02/01 18:08:50 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
[2008/04/24 16:52:22 | 00,066,880 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2007/08/08 20:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
[2004/02/10 17:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/09/17 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/09/17 04:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/03/17 18:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
File not found -- C:\WINDOWS\system32\drivers\hitmanpro3.sys -- (hitmanpro3 [On_Demand | Stopped])
[2003/11/13 22:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped])
[2003/11/13 22:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
[2004/06/06 15:09:10 | 00,730,653 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/07/06 20:59:44 | 02,185,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/12/10 22:30:42 | 01,903,338 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51 [On_Demand | Running])
[2004/01/16 18:21:48 | 00,012,970 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/08/19 23:10:28 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2008/09/17 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081007.038\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/09/17 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081007.038\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/06/16 04:31:08 | 00,007,808 | ---- | M] (Secunia) -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI [On_Demand | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
File not found -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
[2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/01/17 00:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/31 21:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/01/31 21:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 21:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2004/03/22 14:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Running])
[2004/03/22 14:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39 [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys -- (Sunkfiltp [On_Demand | Stopped])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/10/02 16:26:58 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/26 19:00:52 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081003.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/06/13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/04/24 16:52:38 | 00,051,520 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon [Boot | Running])
[2008/04/24 16:52:42 | 00,033,088 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon [On_Demand | Running])
[2008/04/24 16:52:44 | 00,038,208 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon [Boot | Running])
[2008/09/10 16:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2003/11/13 22:18:36 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.gateway.com
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gateway.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.gateway.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.gateway.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.gateway.com

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.gateway.com

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gateway.com/

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
{053F9267-DC04-4294-A72C-58F732D338C0} (HKLM) -- C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BFB5F154-9212-46F3-B547-AC6106030A54}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BFB5F154-9212-46F3-B547-AC6106030A54}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AlcWzrd"=ALCWZRD.EXE (RealTek Semicoductor Corp.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"CHotkey"=zHotkey.exe ()
"High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
"ShowWnd"=ShowWnd.exe ()
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/06/16 05:03:08 | 00,663,552 | ---- | M] (Secunia) -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"disableregistrytools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"disableregistrytools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{58ECB495-38F0-49cb-A538-10282ABF65E7}: Button: HP Clipbook -- %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{700259D7-1666-479a-93B1-3250410481E8}: Button: HP Smart Select -- %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3472542157-2264337611-1053281995-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: https://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{67565FC2-B93F-4BE9-A266-3A3F3BA4E283} (Servers: | Description: 1394 Net Adapter)
{7D77D853-5C18-40F0-9E08-61A01C648908} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/19 21:14:03 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d97cf46c-4894-11dd-90b3-0011115428ec}\Shell\AutoRun\command]
""=J:\wd_windows_tools\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2008/10/09 10:03:44 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/04 19:08:12 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stinger.opt
[2008/10/04 17:52:32 | 00,034,198 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Reg Backup.reg
[2008/10/04 16:06:06 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/10/04 16:05:59 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7574.exe
[2008/10/04 16:05:09 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7397.exe
[2008/10/04 15:32:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/10/04 15:31:42 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2008/10/04 13:18:44 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2008/10/04 11:37:49 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Owner\Desktop\stinger.exe
[2008/10/04 10:56:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/10/04 10:56:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/04 09:59:27 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2008/10/04 09:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/10/04 09:53:14 | 52,722,0736 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/03 20:08:25 | 00,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2008/10/03 18:58:50 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/03 18:58:43 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/03 18:58:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/03 18:50:31 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\My Documents\spybotsd160.exe
[2008/10/03 17:44:01 | 00,001,008 | ---- | C] () -- C:\WINDOWS\System32\history.aaw
[2008/10/03 16:59:10 | 07,281,784 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v2.2.exe
[2008/10/03 16:50:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/10/03 16:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro 3
[2008/10/03 13:59:20 | 01,018,520 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Owner\Desktop\fsbl.exe
[2008/10/03 13:51:19 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2008/10/03 13:51:19 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/10/03 13:34:10 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/10/03 13:34:07 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/10/03 13:08:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/10/03 13:07:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/10/03 13:07:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2008/10/03 13:03:45 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2008/10/03 10:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/03 10:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NOS
[2008/10/03 10:04:23 | 00,000,768 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk
[2008/10/03 10:03:05 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2008/10/03 09:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2008/10/03 09:50:07 | 00,000,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2008/10/03 09:50:00 | 00,051,520 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2008/10/03 09:50:00 | 00,038,208 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2008/10/03 09:50:00 | 00,033,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2008/10/03 09:50:00 | 00,012,608 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2008/10/03 09:49:59 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2008/10/03 09:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2008/10/02 17:34:10 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/02 17:34:06 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/02 17:34:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/02 17:33:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/02 17:17:58 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/10/02 17:14:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2008/10/02 16:35:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP
[2008/10/02 15:51:05 | 00,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[2008/10/02 15:48:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2008/10/02 15:48:31 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2008/10/02 15:47:21 | 00,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/10/02 15:47:20 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/10/02 15:47:20 | 00,010,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/10/02 15:47:20 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/10/02 13:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/10/02 13:51:46 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/02 13:51:46 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/02 13:51:45 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/02 13:51:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/02 13:51:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/25 09:05:42 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/25 09:05:41 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/25 09:05:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/25 09:05:02 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/25 09:04:23 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/09/23 12:46:27 | 00,042,356 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gary Hudson Resume + References.pdf
[2008/09/17 10:52:59 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/09/17 10:44:31 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/17 10:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/09/17 10:42:36 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/17 10:42:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/09 10:03:52 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/09 09:38:23 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/10/09 09:35:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/09 09:35:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/09 09:34:57 | 52,722,0736 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/08 21:57:40 | 05,350,088 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/08 13:43:24 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stinger.opt
[2008/10/08 11:26:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/07 16:03:07 | 00,001,008 | ---- | M] () -- C:\WINDOWS\System32\history.aaw
[2008/10/07 08:34:24 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/04 17:52:56 | 00,034,198 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Reg Backup.reg
[2008/10/04 16:05:45 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7574.exe
[2008/10/04 16:04:50 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7397.exe
[2008/10/04 13:18:44 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2008/10/04 11:38:04 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Owner\Desktop\stinger.exe
[2008/10/04 10:56:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/10/04 09:59:27 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2008/10/04 09:52:41 | 00,000,532 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/04 09:52:41 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/04 09:52:41 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/10/03 18:58:50 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/03 18:52:54 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\My Documents\spybotsd160.exe
[2008/10/03 17:00:02 | 07,281,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v2.2.exe
[2008/10/03 13:59:38 | 01,018,520 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Owner\Desktop\fsbl.exe
[2008/10/03 13:51:19 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2008/10/03 13:43:57 | 00,056,288 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/03 13:42:42 | 00,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/03 13:03:49 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2008/10/03 10:04:23 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk
[2008/10/03 09:50:07 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2008/10/02 17:34:10 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/02 16:26:58 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/10/02 16:26:58 | 00,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/10/02 16:26:58 | 00,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/10/02 16:26:58 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/10/02 16:16:58 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 15:51:05 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[2008/10/02 13:51:46 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/23 12:46:29 | 00,042,356 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gary Hudson Resume + References.pdf
[2008/09/23 12:35:47 | 00,000,852 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2008/09/17 10:46:43 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/17 10:46:43 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/17 10:43:25 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/17 10:42:36 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/10 16:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >








OTViewIt Extras logfile created on: 10/9/2008 10:05:33 AM - Run 2
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 60.73 Mb Available Physical Memory | 12.08% Memory free
1.20 Gb Paging File | 0.77 Gb Available in Paging File | 64.20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 110.00 Gb Free Space | 73.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/06/18 14:46:56 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/09/06 15:09:38 | 07,685,424 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 12:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}"=Lizardtech DjVu Control
"{10E1E87C-656C-4D08-86D6-5443D28583BE}"=TrayApp
"{15C70064-2463-49dd-9A88-B700F75BB428}"=dj_sf_ProductContext
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360
"{24DF7221-644B-4C3A-A478-459502D40522}"=Backup
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}"=WebReg
"{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{415CDA53-9100-476F-A7B2-476691E117C7}"=HP Smart Web Printing
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}"=HPSSupply
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}"=Symantec Technical Support Advanced Chat Controls
"{543E938C-BDC4-4933-A612-01293996845F}"=UnloadSupport
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}"=Multimedia Keyboard Driver
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}"=PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}"=dj_sf_software_req
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"{824D3839-DAA1-4315-A822-7AE3E620E528}"=VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}"=HP Photosmart Essential2.01
"{87885939-F824-42bf-B790-231B1E8EF2BB}"=dj_sf_software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}"=Microsoft Visual C Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{93F54611-2701-454e-94AB-623F458D9E6B}"=DeviceDiscovery
"{99041921-18B5-4d36-9729-BE5A671B1932}"=D4200
"{9FE94C17-25AD-4142-A012-E0BBE923C711}"=D4200_Help
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}"=HPProductAssistant
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}"=SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}"=Microsoft Picture It! Photo Premium 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E2662C24-B31E-4349-A084-32EB76E8B760}"=BufferChm
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F5936267-D467-4e7b-8940-A7D9F0398EF3}"=HP Deskjet Printer Driver Software 9.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}"=PSSWCORE
"{FA346937-85CD-4542-96E6-1D0FCE83F502}"=SymNet
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}"=Status
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1"=ThreatFire 3.5
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"BigFix"=BigFix
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"CutePDF Writer Installation"=CutePDF Writer 2.7
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 9.0
"HP Photosmart Essential"=HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools"=HP Solution Center 9.0
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"Intel® 536EP Modem"=Intel® 536EP Modem
"KB835221WXP"=High Definition Audio Driver Package - KB835221
"LimeWire"=LimeWire 4.18.3
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero OEM
"Nero BurnRights!UninstallKey"=Nero BurnRights
"PictureIt_v9"=Microsoft Picture It! Photo Premium 9
"PROSet"=Intel® PRO Network Adapters and Drivers
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"RealPlayer 6.0"=RealPlayer Basic
"Secunia PSI (RC3)"=Secunia PSI (RC3)
"SpywareBlaster_is1"=SpywareBlaster 4.1
"StreetPlugin"=Learn2 Player (Uninstall Only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation)
"ViewpointMediaPlayer"=Viewpoint Media Player
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2008 10:43:20 AM | Computer Name = GARY | Source = MsiInstaller | ID = 11706
Description = Product: SolutionCenter -- Error 1706. An installation package for
the product SolutionCenter cannot be found. Try the installation again using a
valid copy of the installation package 'SolutionCenter.msi'.

Error - 10/3/2008 10:43:33 AM | Computer Name = GARY | Source = MsiInstaller | ID = 11706
Description = Product: SolutionCenter -- Error 1706. An installation package for
the product SolutionCenter cannot be found. Try the installation again using a
valid copy of the installation package 'SolutionCenter.msi'.

Error - 10/3/2008 10:43:49 AM | Computer Name = GARY | Source = MsiInstaller | ID = 11706
Description = Product: SolutionCenter -- Error 1706. An installation package for
the product SolutionCenter cannot be found. Try the installation again using a
valid copy of the installation package 'SolutionCenter.msi'.

Error - 10/3/2008 2:41:01 PM | Computer Name = GARY | Source = MsiInstaller | ID = 11706
Description = Product: SolutionCenter -- Error 1706. An installation package for
the product SolutionCenter cannot be found. Try the installation again using a
valid copy of the installation package 'SolutionCenter.msi'.

Error - 10/3/2008 5:47:55 PM | Computer Name = GARY | Source = MsiInstaller | ID = 11706
Description = Product: SolutionCenter -- Error 1706. An installation package for
the product SolutionCenter cannot be found. Try the installation again using a
valid copy of the installation package 'SolutionCenter.msi'.

Error - 10/4/2008 2:09:45 PM | Computer Name = GARY | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 10/4/2008 4:08:47 PM | Computer Name = GARY | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: GARY\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 10/4/2008 4:08:47 PM | Computer Name = GARY | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: GARY\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

Error - 10/5/2008 1:49:26 PM | Computer Name = GARY | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: GARY\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 10/5/2008 1:49:26 PM | Computer Name = GARY | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: GARY\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

[ System Events ]
Error - 10/8/2008 10:21:51 AM | Computer Name = GARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/8/2008 11:35:22 AM | Computer Name = GARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 10/8/2008 11:37:03 AM | Computer Name = GARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 10/8/2008 11:51:55 AM | Computer Name = GARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 10/8/2008 11:51:55 AM | Computer Name = GARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/8/2008 1:55:49 PM | Computer Name = GARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 10/8/2008 3:12:37 PM | Computer Name = GARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 10/9/2008 9:35:32 AM | Computer Name = GARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/9/2008 9:35:32 AM | Computer Name = GARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/9/2008 9:35:36 AM | Computer Name = GARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL


< End of report >






KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 08, 2008 14:59:23
Records in database: 1299897
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Files scanned 45846
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:52:31

No malware has been detected. The scan area is clean.
The selected area was scanned.

#10 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 October 2008 - 10:27 AM

Billy, thanks for helping me with this. Above are the logs you wanted. To give you an update on my symptoms. My pc wont restart half the time. I still have that pop up (Hot Key, or something similar) that will spring up about one in every 5 times i boot up. (forcing me to restart) The speed of my entire system has turned to crap. My firefox browser goes crazy every couple times i bring it up, ie sometimes when it comes up it doesnt come up with my bookmarks, feed tabs, or home page, just a blank screen with nothing on it, and the back and forward buttons in operable. Ive scanned like crazy with the above listed programs, but my non technical opinion is either something that was on the PC (the slew of 70ish malwares) either damaged something in the pc or is still lurking to some capacity. The computers performance has gone to crap since this happened and it doesnt seem like its completely clean.

Edited by Dr Fager, 08 October 2008 - 10:28 AM.


#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:15 PM

Posted 08 October 2008 - 07:30 PM

Hmm.. your logs indicate that you ran ComboFix. Can you please post the contents of C:\ComboFix.txt ?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 October 2008 - 07:43 PM

I tried to run combofix last week but my firewall (Norton) and ThreatFire, shot it down. I didnt try again because i didnt want to get ahead of myself!

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:15 PM

Posted 08 October 2008 - 08:16 PM

Does that file exist? If so, please post it. :) Wasn't accusing you or anything.. just that if CF deleted anything, it'd be a good thing to know :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 Dr Fager

Dr Fager
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 October 2008 - 11:04 PM

Does that file exist? If so, please post it. :) Wasn't accusing you or anything.. just that if CF deleted anything, it'd be a good thing to know :thumbsup:

Billy3


no im saying that i tried to install/run it and my firewall and threatfire stopped the process and i decided to forget about it since nobody here had told me to do that yet! lol

should i run it? if so ill just have to disable my firewall and threatfire.

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:15 PM

Posted 09 October 2008 - 02:27 PM

Hello, Dr Fager.
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Was just asking because sometimes a log is produced even if it looks like it got killed ;)

You appear to have a Registry Cleaner installed!
The following is referring to Registry Mechanic
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Limewire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
Java 2 Runtime Environment, SE v1.4.2, Java™ 6 Update 6

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    Sunkfiltp
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
    "provider"=-
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    :commands
    [EmptyTemp]
    :files
    C:\Documents and Settings\All Users\Application Data\TEMP
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • GMER's Log
  • ESET OnlineScan's Log
  • A new HJT Log

Billy3

Edited by Billy O'Neal, 09 October 2008 - 02:28 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users