Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown virus - Outlook 2007 sending spam upon open.


  • This topic is locked This topic is locked
33 replies to this topic

#1 CoachMcGuirk

CoachMcGuirk

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 06 October 2008 - 02:57 PM

I've recently begun experiencing a problem with my Outlook 2007. When I open the program, some malicious program is sending out a number of spam emails using my default email account in Outlook. The spam bot does not appear to be sending emails to my Outlook contacts, rather seemingly random addresses. I've gotten bounce-back emails showing undeliverable mail from my account that I obviously didn't send (your standard spam topics).

I'm generally fairly competent in removal, but this one has me completely stumped. I've done all the recommend scans and they all come up clean. Google search reveals I'm not the only one to see this (seems to be a recently occurring problem), but no posted solutions that I could find. Time to turn it over to the generous experts here. Any help you can provide, I would really appreciate it. Thank you so much!

HJT Log Below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:40 PM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182203302703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182203280921
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mpix.com/Customer/Uploading/act...geUploader4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - F:\Pictures\Seattle Night\DSC02574.JPG

--
End of file - 9597 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:43 AM

Posted 11 October 2008 - 05:53 PM

Hello, CoachMcGuirk.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 CoachMcGuirk

CoachMcGuirk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 11 October 2008 - 11:54 PM

Thank you so much for getting back to me and helping me out, Billy. I really appreciate it.

Below, please find the log files you asked for:


OTViewIt.txt:

OTViewIt logfile created on: 10/11/2008 6:17:22 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.07% Memory free
2.59 Gb Paging File | 2.09 Gb Available in Paging File | 80.71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 68.21 Gb Free Space | 53.29% Space Free | Partition Type: NTFS
Drive D: | 337.77 Gb Total Space | 263.11 Gb Free Space | 77.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 152.66 Gb Total Space | 8.73 Gb Free Space | 5.72% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-DESKTOP
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2007/12/11 22:55:06 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/12/11 22:55:06 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/08/19 06:17:05 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 06:02:12 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
[2006/07/12 14:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
[2008/08/05 17:58:50 | 00,205,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
[2006/08/28 02:53:48 | 00,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
[2008/08/05 17:58:52 | 29,184,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2002/07/15 17:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/07/04 08:59:46 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/06/21 16:48:18 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2005/06/21 16:44:34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2002/06/26 18:36:58 | 00,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[2002/12/09 19:19:20 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/12/14 17:59:20 | 01,071,472 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\flockbox.exe
[2008/10/02 22:39:51 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2005/03/17 18:43:34 | 00,909,312 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/11 18:13:42 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/08/19 06:17:05 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/02/17 19:03:54 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/12/11 22:55:06 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2000/05/24 15:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc [Disabled | Stopped])
[2008/08/29 06:02:12 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/07/12 14:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
[2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2008/08/05 17:58:50 | 00,205,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer [Auto | Running])
[2006/08/28 02:53:48 | 00,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe -- (msftesql [Auto | Running])
[2008/08/05 17:58:52 | 29,184,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
[2008/08/05 17:58:52 | 29,184,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2005/10/14 05:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2008/08/05 17:58:50 | 14,894,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService [On_Demand | Stopped])
[2002/09/27 12:56:20 | 00,139,264 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/05 17:58:50 | 00,016,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer [On_Demand | Stopped])
[2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
[2002/07/15 17:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2007/02/10 05:29:48 | 00,344,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [On_Demand | Stopped])
[2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2002/08/22 18:57:02 | 00,098,752 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2006/11/10 16:05:00 | 00,018,688 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2005/01/10 10:45:56 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K [On_Demand | Running])
[2007/12/12 00:28:10 | 02,849,280 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/11/05 02:55:04 | 00,017,952 | ---- | M] () -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray [System | Running])
[2008/08/29 06:02:09 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/04 08:59:46 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2006/11/21 14:34:24 | 00,203,264 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\system32\drivers\bender.sys -- (BENDER [On_Demand | Running])
[2002/04/02 16:30:16 | 00,033,024 | ---- | M] (Colorvision Inc) -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2 [On_Demand | Stopped])
[2002/09/25 07:09:12 | 00,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/10/06 08:21:47 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\f75100.sys -- (f75100 [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/06/21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2002/01/04 17:27:18 | 00,016,480 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iSMbios.sys -- (ISMBIOS [On_Demand | Stopped])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/13 13:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2007/12/13 21:13:02 | 00,017,264 | ---- | M] (FSPro Labs) -- C:\WINDOWS\system32\drivers\mprifl.sys -- (MPRIFL [Boot | Running])
[2002/10/16 01:11:22 | 00,019,968 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2002/06/13 16:08:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/06/26 17:59:52 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2002/08/23 15:46:22 | 00,549,672 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2005/08/22 01:53:34 | 00,280,576 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"flockbox"=C:\Program Files\My Lockbox\flockbox.exe /a (FSPro Labs)
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

[HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

========== (O4) Startup Folders ==========

[2006/01/31 17:48:52 | 00,385,024 | ---- | M] (ColorVision Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
[2007/02/17 13:36:43 | 00,002,238 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk = C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe
[2006/11/20 09:30:54 | 00,250,368 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
[2006/06/22 14:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
kaspersky.com\www: http in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
kaspersky.com\www: http in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/d/c.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1182203302703 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1182203280921 -- MUWebControl Class
{82774781-8F4E-11D1-AB1C-0000F8773BF0}: https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab -- DLC Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{EDFCB7CB-942C-4822-AF14-F0B687409848}: http://www.mpix.com/Customer/Uploading/act...geUploader4.cab -- Image Uploader Control

========== (O17) DNS Name Servers ==========

{35625C5C-A151-44ED-86B1-E5A31A12BA15} (Servers: | Description: )
{697A93A9-DC26-45F5-843F-66E00271FB6D} (Servers: | Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter)
{ECC61204-F4D5-4829-920B-7FF48B77AB32} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{F82110B1-079D-4CFA-9B28-E44E5363E9E6} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/04 08:59:48 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)


========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ]
[2007/04/17 21:39:13 | 00,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcf920c3-be7f-11db-b345-806d6172696f}\Shell\play\Command]
""=C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 22:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 60 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/11 18:13:42 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTViewIt.exe
[2008/10/10 19:20:57 | 00,688,740 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\StephanieTu_Christmas2Share.psd
[2008/10/09 22:08:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Ripped Songs
[2008/10/09 13:35:33 | 00,230,780 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\1166487108_assorted_holiday.abr.zip
[2008/10/09 08:38:00 | 00,056,780 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\DC092908_ExpenseReport.tif
[2008/10/08 21:44:58 | 00,558,435 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Gina_Girl_5x5_tri_fold_zip.zip
[2008/10/08 21:44:52 | 00,244,960 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Amber_5x5_tri_fold.zip
[2008/10/08 21:44:45 | 00,205,339 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Austin_5x5_Tri_fold.zip
[2008/10/08 21:44:33 | 00,398,984 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Logan_5x5_tri_fold_zip.zip
[2008/10/08 09:46:09 | 00,835,140 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\12x12collage.tif
[2008/10/08 09:45:36 | 00,130,783 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\PhotoGifts-9.jpg
[2008/10/08 09:45:31 | 00,115,314 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\PhotoGifts-8.jpg
[2008/10/08 09:38:55 | 00,324,205 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\PocketCalendar.jpg
[2008/10/08 08:59:41 | 01,305,249 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Monsterinvitelemondropsdesigns.zip
[2008/10/07 18:22:57 | 00,165,290 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Risk Gradient 3.jpg
[2008/10/07 18:22:11 | 00,166,025 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Attractiveness Gradient 3.jpg
[2008/10/06 08:57:51 | 00,598,528 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\2008 OIA CCOM Student Registration Form.doc
[2008/10/06 08:21:47 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\f75100.sys
[2008/10/06 08:21:27 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\c2dFF.mht
[2008/10/05 21:29:20 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/05 21:29:07 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/09/28 22:56:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/09/28 22:56:15 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/09/28 22:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
[2008/09/28 07:42:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/27 17:16:04 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/27 17:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\HouseCall 6.6
[2008/09/19 16:09:22 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2008/09/19 16:09:22 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2008/09/19 16:09:21 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2008/09/19 16:09:20 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2008/09/19 16:09:20 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2008/09/19 16:09:19 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2008/09/19 16:09:18 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2008/09/19 16:09:18 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2008/09/19 16:09:17 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2008/09/19 16:09:16 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2008/09/19 16:09:15 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2008/09/19 16:09:15 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2008/09/19 16:09:14 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2008/09/19 16:09:13 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2008/09/19 16:09:13 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2008/09/19 16:09:12 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2008/09/19 16:09:10 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2008/09/19 16:09:10 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2008/09/19 16:09:08 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2008/09/19 16:08:19 | 00,001,146 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Episode 2 - Strong Badia the Free.lnk
[2008/09/19 16:08:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2008/09/19 11:45:31 | 00,018,461 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\nicewords1.gif
[2008/09/19 07:27:13 | 00,314,860 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA090808Expense.tif
[2008/09/19 07:27:13 | 00,108,268 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA090808EInvoice.tif
[2008/09/19 07:27:13 | 00,106,644 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA092208EInvoice.tif
[2008/09/19 07:27:13 | 00,085,552 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA092208ETicket.tif
[2008/09/19 07:27:13 | 00,077,476 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SEA092208Itin.tif
[2008/09/16 09:49:52 | 02,568,548 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash4.jpg
[2008/09/16 09:48:06 | 02,301,994 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash3.jpg
[2008/09/16 09:47:52 | 02,481,303 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash2.jpg
[2008/09/16 09:47:37 | 01,124,804 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash1.jpg
[2008/09/15 09:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/15 09:22:17 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/15 09:22:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/15 09:19:31 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/15 09:17:08 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/09/15 08:24:56 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/14 18:46:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Telltale Games
[2008/09/14 18:46:30 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data\SecuROM
[2008/09/14 18:46:28 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/14 18:46:19 | 00,001,104 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Episode 1 - Homestar Ruiner.lnk
[2008/09/14 18:46:12 | 00,000,000 | ---D | C] -- C:\Program Files\Telltale Games
[2008/09/13 13:43:09 | 00,015,356 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\DSCF3970.jpg
[2008/09/11 06:42:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB954606_ENU
[2008/09/11 06:41:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\DTS9_KB954606_ENU
[2008/09/11 06:40:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\NS9_KB954606_ENU
[2008/09/11 06:36:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\RS9_KB954606_ENU
[2008/09/11 06:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\OLAP9_KB954606_ENU
[2008/09/11 06:32:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB954606_ENU
[2008/09/07 07:21:46 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/09/07 07:21:46 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/09/04 10:08:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/03 16:01:41 | 00,028,619 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\4344-040-011f.jpg
[2008/09/03 16:01:09 | 00,018,883 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Marie Made Me.gif
[2008/08/25 10:17:00 | 00,067,592 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\IAD073108 - Expense Report.tif
[2008/08/22 12:11:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/08/22 12:11:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/08/22 12:11:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/08/22 12:02:16 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/08/22 10:29:38 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/08/22 10:29:31 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/08/22 10:29:23 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/08/22 10:29:23 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/08/22 10:29:19 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/08/22 10:29:19 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/08/22 10:29:19 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/08/22 10:29:18 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/08/22 10:29:18 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/08/22 10:29:16 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/08/22 10:29:11 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/08/22 10:29:10 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/08/22 10:29:10 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/08/22 10:29:10 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/08/22 10:29:10 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/08/22 10:29:10 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/08/22 10:29:09 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/08/22 10:29:09 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/08/22 10:29:01 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/08/22 10:29:01 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/08/22 10:29:01 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/08/22 10:29:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/08/22 10:28:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/08/22 10:28:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/08/22 10:28:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/08/22 10:28:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/08/22 10:28:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/08/22 10:28:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/08/22 10:28:23 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/08/22 10:28:13 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/08/22 10:28:13 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/08/22 10:28:13 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/08/22 10:28:13 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/08/22 10:28:13 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/08/22 10:28:13 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/08/22 10:28:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/08/22 10:28:13 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/08/22 10:28:11 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/08/22 10:28:11 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/08/22 10:28:11 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/08/22 10:28:11 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/08/22 10:28:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/08/22 10:28:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/08/22 10:28:11 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/08/22 10:28:10 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/08/22 10:28:10 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/08/22 10:28:10 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/08/22 10:28:08 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/08/22 10:28:04 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/08/22 10:28:04 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/08/20 15:20:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/08/20 15:08:56 | 00,000,000 | ---D | C] -- C:\Program Files\Nsasoft
[2008/08/20 14:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/08/19 14:57:24 | 30,986,272 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/08/19 14:57:24 | 00,358,268 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/08/19 06:37:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/08/19 06:36:22 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/08/19 06:35:28 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/08/19 06:35:21 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/08/19 06:34:28 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/08/19 06:33:39 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/08/19 06:33:38 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/08/19 06:33:32 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/08/19 06:33:29 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/08/19 06:33:16 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/08/19 06:33:12 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/08/19 06:33:11 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/08/19 06:33:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/08/19 06:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/08/19 06:33:09 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/08/19 06:33:09 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/08/19 06:33:07 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/08/19 06:33:07 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/08/19 06:32:14 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/08/19 06:32:14 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/08/19 06:32:14 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/08/19 06:32:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/08/19 06:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/08/15 20:29:44 | 00,176,624 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\PIC-0013.jpg
[2008/08/14 06:44:41 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/08/14 06:44:11 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll

========== Files - Modified Within 60 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/11 18:13:42 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTViewIt.exe
[2008/10/11 17:34:59 | 28,551,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/11 17:33:40 | 00,002,329 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk
[2008/10/11 17:33:09 | 00,012,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/11 17:32:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/11 17:31:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/11 10:13:34 | 30,986,272 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/11 10:13:34 | 00,358,268 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/11 05:37:48 | 00,099,328 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/10 22:10:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/10 19:21:02 | 00,688,740 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\StephanieTu_Christmas2Share.psd
[2008/10/10 14:22:13 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/09 22:09:12 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 13:35:38 | 00,230,780 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\1166487108_assorted_holiday.abr.zip
[2008/10/09 10:20:07 | 00,056,780 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\DC092908_ExpenseReport.tif
[2008/10/09 09:22:36 | 05,607,424 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\My Money.mny
[2008/10/09 09:22:35 | 05,609,174 | R--- | M] () -- C:\Documents and Settings\Chris\My Documents\My Money Backup.mbf
[2008/10/08 21:44:59 | 00,558,435 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Gina_Girl_5x5_tri_fold_zip.zip
[2008/10/08 21:44:52 | 00,244,960 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Amber_5x5_tri_fold.zip
[2008/10/08 21:44:45 | 00,205,339 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Austin_5x5_Tri_fold.zip
[2008/10/08 21:44:34 | 00,398,984 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Logan_5x5_tri_fold_zip.zip
[2008/10/08 09:46:11 | 00,835,140 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\12x12collage.tif
[2008/10/08 09:45:44 | 00,130,783 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\PhotoGifts-9.jpg
[2008/10/08 09:45:34 | 00,115,314 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\PhotoGifts-8.jpg
[2008/10/08 09:38:57 | 00,324,205 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\PocketCalendar.jpg
[2008/10/08 08:59:42 | 01,305,249 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Monsterinvitelemondropsdesigns.zip
[2008/10/07 18:23:01 | 10,751,570 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Risk and Attr Gradients.psd
[2008/10/07 18:22:59 | 00,165,290 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Risk Gradient 3.jpg
[2008/10/07 18:22:13 | 00,166,025 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Attractiveness Gradient 3.jpg
[2008/10/06 08:57:52 | 00,598,528 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\2008 OIA CCOM Student Registration Form.doc
[2008/10/06 08:21:47 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\f75100.sys
[2008/10/06 08:21:27 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\c2dFF.mht
[2008/10/05 20:48:08 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/27 09:40:14 | 00,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/27 09:31:13 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/09/19 16:08:19 | 00,001,146 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Episode 2 - Strong Badia the Free.lnk
[2008/09/19 11:45:32 | 00,018,461 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\nicewords1.gif
[2008/09/19 05:02:04 | 00,106,644 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA092208EInvoice.tif
[2008/09/19 05:01:40 | 00,085,552 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA092208ETicket.tif
[2008/09/19 05:01:16 | 00,077,476 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA092208Itin.tif
[2008/09/19 04:55:50 | 00,108,268 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA090808EInvoice.tif
[2008/09/19 04:54:20 | 00,314,860 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SEA090808Expense.tif
[2008/09/16 09:49:59 | 02,568,548 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash4.jpg
[2008/09/16 09:48:10 | 02,301,994 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash3.jpg
[2008/09/16 09:48:03 | 02,481,303 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash2.jpg
[2008/09/16 09:47:48 | 01,124,804 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ChrisWithDash1.jpg
[2008/09/15 06:04:33 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/09/14 18:46:28 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/14 18:46:19 | 00,001,104 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Episode 1 - Homestar Ruiner.lnk
[2008/09/13 13:43:40 | 00,015,356 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\DSCF3970.jpg
[2008/09/11 06:42:26 | 00,654,988 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/11 06:42:26 | 00,149,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/11 06:42:25 | 00,821,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/11 06:31:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/07 18:38:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/07 18:38:13 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/09/07 07:21:46 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/09/05 23:30:42 | 00,241,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll
[2008/09/05 23:30:42 | 00,241,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wgaLogon.dll
[2008/09/05 23:30:06 | 01,480,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.dll
[2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe
[2008/08/29 06:02:09 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/08/26 15:28:12 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/08/25 10:17:00 | 00,067,592 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\IAD073108 - Expense Report.tif
[2008/08/22 12:25:08 | 00,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/22 12:03:37 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/08/19 06:39:34 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/08/15 20:29:44 | 00,176,624 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\PIC-0013.jpg
< End of report >


Extras.Txt:

OTViewIt Extras logfile created on: 10/11/2008 6:17:22 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.07% Memory free
2.59 Gb Paging File | 2.09 Gb Available in Paging File | 80.71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 68.21 Gb Free Space | 53.29% Space Free | Partition Type: NTFS
Drive D: | 337.77 Gb Total Space | 263.11 Gb Free Space | 77.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 152.66 Gb Total Space | 8.73 Gb Free Space | 5.72% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-DESKTOP
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/07 22:02:09 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2006/02/10 18:12:54 | 00,065,536 | ---- | M] (Pinnacle Systems, Inc.) -- C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager
[2006/02/10 19:12:06 | 04,354,048 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio
[2005/09/21 16:22:26 | 00,024,576 | ---- | M] ( ) -- C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile
[2006/02/10 18:12:26 | 00,077,824 | ---- | M] (Pinnacle Systems, Inc.) -- C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
[2008/01/03 11:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/08/29 05:58:04 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
File not found -- C:\WINDOWS\system32\a.exe:*:Disabled:a
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/04 09:00:10 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 10:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 02:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 15:29:55 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}"=Microsoft SQL Server 2005
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}"=Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}"=Microsoft FrontPage Client - English
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}"=Microsoft Visual J# .NET Redistributable Package 1.1
"{20608BFA-6068-48FE-A410-400F2A124C27}"=Microsoft SQL Server Management Studio Express
"{23959E96-A80F-4172-A655-210E9BB7BFBE}"=MSDN Library for Visual Studio 2005
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}"=Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2EB44B16-05EF-42FD-9300-A85CDEF60864}"=Free Word Excel Password Wizard
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36DD7006-7BFE-4E3D-AF6E-FA734BC879B7}"=SQLXML4
"{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}"=Microsoft SQL Server 2005 Notification Services
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX
"{3BFC7D0F-FA4A-4FDC-AA03-440655EA656A}"=TBS WMP Plug-in
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{44D4AF75-6870-41F5-9181-662EA05507E1}"=Microsoft Document Explorer 2005
"{48963B63-7A10-49D6-8B08-61E6132453D0}"=ViewSonic Monitor Drivers
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{4C643986-DE3C-4737-8472-CCEC36CCC267}"=Studio Content CD
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}"=Studio 8
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}"=MSDN Library for Visual Studio .NET 2003
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}"=Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69880C00-08DD-4385-B752-9C62656F6D1E}"=Microsoft SQL Server 2005 Backward compatibility
"{6C531060-84FB-4F96-8F33-29DF020632EB}"=Microsoft .NET Compact Framework 1.0 SP3 Developer
"{70014586-7BBA-4A92-A610-CDC896C48F8F}"=NETGEAR WG311v3 802.11g Wireless PCI Adapter
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74BE7519-41A7-45A8-8AA6-78C7907A4808}"=EOS Capture 1.2
"{750CF8D7-4B04-404F-AFA2-14C129C42373}"=EOS Viewer Utility 1.2.1
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}"=Microsoft Device Emulator version 1.0 - ENU
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}"=DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}"=Microsoft SQL Server 2005 Analysis Services
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Professional 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office OneNote 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}"=Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}"=DiscAPI (Studio 10)
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}"=PaperPort 8.0 SE
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C0F76C41-A3EF-4645-871C-FBE5CB4B48F6}"=MyPhotoBooks
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Professional
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}"=Microsoft Money 2001
"{D407F7C0-579E-4CCB-91FD-855CE5084E86}"=Microsoft Visual Studio 2005 Standard Edition - ENU
"{D4134B0B-EA9B-4835-A77A-60BEE6277101}"=Lightroom
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}"=Visual Studio.NET Baseline - English
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}"=Visual Studio .NET Enterprise Architect 2003 - English
"{E25DE747-066F-4801-9F79-B1D8CF0C15CC}"=ccc-Branding
"{E285C3A0-C883-4B42-849D-8BA71768EE64}"=My Photo Calendars and Cards
"{E930E839-998E-42F9-97E2-71FC960DB1B7}"=Microsoft SQL Server 2005 Reporting Services
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}"=Canon Camera WIA Driver
"{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}"=Microsoft SQL Server 2005 Integration Services
"{EEECE229-49F6-4851-A73A-99B058221F8C}"=RAPID
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}"=Intel® PROSet
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}"=ViewSonic Windows XP Signed Files
"{FDFE8A65-3DDD-4309-8194-559F41BF61F3}"=Studio 10
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Type Manager 4.1"=Adobe Type Manager 4.1
"AIM_6"=AIM 6
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"BhoScanner_is1"=BhoScanner 1.9
"CANONBJ_Deinstall_CNMCP4q.DLL"=Canon i9100
"CCleaner"=CCleaner (remove only)
"Episode 1 - Homestar Ruiner"=Strong Bad - Strong Bad Episode 1 - Homestar Ruiner
"Episode 2 - Strong Badia the Free"=Strong Bad - Strong Bad Episode 2 - Strong Badia the Free
"ffdshow"=ffdshow (remove only)
"HijackThis"=HijackThis 2.0.2
"Hollywood FX 4.6"=Pinnacle Hollywood FX 4.6
"hp deskjet 5550 series"=hp deskjet 5550 series (Remove only)
"hp deskjet 5550 series_Driver"=hp deskjet 5550 series
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}"=NETGEAR WG311v3 802.11g Wireless PCI Adapter
"InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}"=Canon Utilities EOS Capture 1.2
"InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}"=Canon Utilities EOS Viewer Utility 1.2
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}"=Canon EOS 20D WIA Driver
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Microsoft Document Explorer 2005"=Microsoft Document Explorer 2005
"Microsoft SQL Server 2005"=Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Standard Edition - ENU"=Microsoft Visual Studio 2005 Standard Edition - ENU
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005"=MSDN Library for Visual Studio 2005
"My Lockbox_is1"=My Lockbox 1.2 for Windows 2000/XP
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1"=PeerGuardian 2.0
"Privoxy"=Privoxy 3.0.6
"PROSet"=Intel® PRO Network Adapters and Drivers
"Radeon Omega Drivers for Windows XP/2kv4.8.442"=Radeon Omega Drivers v4.8.442 Setup Files and Tools
"SeaMonkey (1.1.9)"=SeaMonkey (1.1.9)
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Spyder2"=Spyder2
"SystemRequirementsLab"=System Requirements Lab
"Tor"=Tor 0.1.2.19
"Trend Micro HouseCall 6.6"=HouseCall 6.6
"ULTIMATER"=Microsoft Office Ultimate 2007
"uTorrent"=µTorrent
"Vidalia"=Vidalia 0.0.16
"ViewpointMediaPlayer"=Viewpoint Media Player
"Visioneer OneTouch"=Visioneer OneTouch
"Visual Studio .NET Enterprise Architect 2003 - English"=Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"VLC media player"=VideoLAN VLC media player 0.8.6d
"WIC"=Windows Imaging Component
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm"=ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting"=GoToMeeting 4.0.0.320

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-2000478354-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting"=GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/15/2008 10:27:28 AM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application softwareupdate.exe, version 2.0.2.92, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00042b9f.

Error - 9/26/2008 10:17:43 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.11, faulting module
ad-aware.exe, version 7.1.0.11, fault address 0x0014b4ec.

Error - 10/3/2008 7:20:42 AM | Computer Name = CHRIS-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2008 11:38:33 AM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6316.5000, stamp 4833a470,
faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
0x0c36e274.

Error - 10/7/2008 11:38:47 AM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 10/7/2008 12:32:02 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.0.0.35, faulting module
quicktimempeg4.qtx, version 7.55.90.70, fault address 0x00010e23.

Error - 10/9/2008 7:37:45 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20080.31312, faulting
module js3250.dll, version 4.0.0.0, fault address 0x0001ec8d.

Error - 10/9/2008 7:38:32 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20080.31312, faulting
module js3250.dll, version 4.0.0.0, fault address 0x0001ec8d.

Error - 10/9/2008 7:39:38 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20080.31312, faulting
module js3250.dll, version 4.0.0.0, fault address 0x0001ec8d.

Error - 10/9/2008 10:47:48 PM | Computer Name = CHRIS-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20080.31312, faulting
module js3250.dll, version 4.0.0.0, fault address 0x00020263.

[ OSession Events ]
Error - 3/21/2007 3:41:30 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 310
seconds with 300 seconds of active time. This session ended with a crash.

Error - 11/2/2007 3:29:15 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 799
seconds with 480 seconds of active time. This session ended with a crash.

Error - 11/19/2007 5:49:17 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 31932
seconds with 5940 seconds of active time. This session ended with a crash.

Error - 12/1/2007 9:23:01 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 276
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/23/2008 8:28:00 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 65
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/5/2008 9:50:29 AM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 395
seconds with 180 seconds of active time. This session ended with a crash.

Error - 4/11/2008 3:51:24 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1713
seconds with 540 seconds of active time. This session ended with a crash.

Error - 5/6/2008 10:03:07 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 75
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/29/2008 12:41:03 PM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 16462
seconds with 2760 seconds of active time. This session ended with a crash.

Error - 10/7/2008 11:37:59 AM | Computer Name = CHRIS-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2602
seconds with 960 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/15/2008 9:16:34 PM | Computer Name = CHRIS-DESKTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MMSLAPTOP that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{ECC61204-F4D5-4829. The master browser is stopping or an election is
being forced.

Error - 9/20/2008 9:10:39 AM | Computer Name = CHRIS-DESKTOP | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 9/21/2008 8:44:45 AM | Computer Name = CHRIS-DESKTOP | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 9/22/2008 7:28:04 PM | Computer Name = CHRIS-DESKTOP | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{ECC61204-F4D5-4829-920B-7FF48B77AB32}. The
backup browser is stopping.

Error - 9/26/2008 9:51:03 PM | Computer Name = CHRIS-DESKTOP | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 9/26/2008 10:35:48 PM | Computer Name = CHRIS-DESKTOP | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{ECC61204-F4D5-4829-920B-7FF48B77AB32}. The
backup browser is stopping.

Error - 9/27/2008 10:38:26 AM | Computer Name = CHRIS-DESKTOP | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{ECC61204-F4D5-4829-920B-7FF48B77AB32}. The
backup browser is stopping.

Error - 10/2/2008 11:43:20 PM | Computer Name = CHRIS-DESKTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 10/6/2008 9:45:20 AM | Computer Name = CHRIS-DESKTOP | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 10/6/2008 9:47:48 AM | Computer Name = CHRIS-DESKTOP | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 a119921e, parameter3
a1b77340, parameter4 00000000.


< End of report >


Kaspersky Online Scanner Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 12, 2008 00:19:55
Records in database: 1305913
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 299850
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 05:28:58

No malware has been detected. The scan area is clean.

The selected area was scanned.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:43 AM

Posted 12 October 2008 - 01:15 PM

Hello, CoachMcGuirk.
That all looks clean. Are you still getting the emails?

I do note that anyone who is putting your address in the From field will cause you to get bounce back emails even if you did not send the mail.

Are you positive they are being sent from your machine?

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

Please Set Your System to Show Hidden Files
If you are using Windows XP or earlier:
  • Go to Start -> My Computer (Or click the My Computer icon on your desktop)
  • Go to the Tools Menu -> Folder Options.
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.
If you are using Windows Vista:
  • Please go to Start -> Computer
  • Click on Posted Image
  • Click on Posted Image
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.
We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
J2SE Runtime Environment 5.0 Update 11, Java™ SE Runtime Environment 6 Update 1, Java™ 6 Update 2, Java™ 6 Update 3, Java™ 6 Update 4, Java™ 6 Update 5, Java™ 6 Update 6

We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/t/173074/infected-with-unknown-virus-outlook-2007-sending-spam-upon-open/?p=972222
  • Where it says "Browse to the file you want to submit", browse to
    C:\WINDOWS\system32\f75100.sys
  • Press the Posted Image button.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 CoachMcGuirk

CoachMcGuirk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 12 October 2008 - 07:19 PM

Thanks again Billy!

Yes, I am reasonably sure that the emails are being sent from my computer. When I get the bounce-back emails the time sent corresponds to when I opened outlook on my computer. If I access my email through the web interface of my mail server, I do not get any of the bounce backs. I have gotten around it by creating a default dummy email account in outlook as the malware seems to only use the default address. When I do this, I can see that outlook is "preparing to send x messages" from the dummy account, but can't as all the account information is made up. I can't see the email in the drafts our outbox folder, however.

I've uploaded the file you requested, removed the programs you've recommend and made the system changes. I ran ESET online scanner and will include the results below, but, unfortunately, it didn't seem to find anything. This thing is driving me crazy!

ESET Online Scanner Results:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3515 (20081011)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=d6718e7584fe5346806636a308d68d1a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-13 12:09:07
# local_time=2008-10-12 07:09:07 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=789286
# found=0
# scan_time=18415

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:43 AM

Posted 12 October 2008 - 08:41 PM

Hello, CoachMcGuirk.
We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 CoachMcGuirk

CoachMcGuirk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 12 October 2008 - 10:06 PM

Thank you, Billy! Below is my GMER log as per your request.

GMER Log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-12 22:03:28
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwCreateFile [0xA544D930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwCreateKey [0xA5458A80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwDeleteFile [0xA544DF20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwDeleteKey [0xA54596E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwDeleteValueKey [0xA5459440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwLoadKey [0xA54598B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwOpenFile [0xA544DD70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwRenameKey [0xA545A250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwReplaceKey [0xA5459CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwRestoreKey [0xA545A080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwSetInformationFile [0xA544E120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

ZwSetValueKey [0xA5459140]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI

Technologies Inc.) B9AC959A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI

Technologies Inc.) B9AC9655

---- Kernel code sections - GMER 1.0.14 ----

? srescan.sys

The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile]

[A5463330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile]

[A544E5C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile]

[A544E770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile]

[A544E2D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile]

[A544E670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs

MPRIFL.SYS (My Private Folder driver/FSPro Labs)

Device \Driver\Tcpip \Device\Ip

vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp

vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp

vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp

vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device

ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST

vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e066

92b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c

59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd

016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561a

a48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818

472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522

f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27

b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f9

93d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d84

4a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb278

35b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e

3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32


Reg

HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel

Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@

C:\WINDOWS\system32\OLE32.DLL
Reg

HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791

ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.14 ----

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:43 AM

Posted 13 October 2008 - 03:21 PM

When you get the delivery status failure notification, the message that attempted to send should be put on the bottom of the delivery status failure.

Can you post the contents of one of these bounce back messages?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 CoachMcGuirk

CoachMcGuirk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 13 October 2008 - 03:30 PM

I will try to do that the next time I get one. I've cleared them all out of my inbox currently and it doesn't seem too predictable as to when they are sent and come back, but will post here the next time I see it.

Thanks again!

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:43 AM

Posted 13 October 2008 - 03:50 PM

Excellent :thumbsup:

This is a note to myself to leave this topic open longer than the usual timeout of 5 days.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:43 AM

Posted 19 October 2008 - 09:13 PM

Hello. This is my 7 day checkup. Have you had any more issues? Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 CoachMcGuirk

CoachMcGuirk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 19 October 2008 - 09:22 PM

Hi Billy,

Yeah, I'm still around but haven't seen the issue pop up again, so I've been unable to post the contents of one of the spam messages yet.

Thanks!

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:43 AM

Posted 19 October 2008 - 09:35 PM

Hi Billy,

Yeah, I'm still around but haven't seen the issue pop up again, so I've been unable to post the contents of one of the spam messages yet.

Thanks!

You're welcome :thumbsup:

On a positive note... maybe the nastie is gone? Is the lack of sending emails a bad thing? LOL

I'll leave this open another week before checking up again,

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 CoachMcGuirk

CoachMcGuirk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 22 October 2008 - 08:57 PM

Hi Billy,

Thanks for bearing with me while we waited to see if the problem still occurred. Unfortunately, I got a few bounced back emails today of the same nature. It appears the emails it sends are blank other than the subject...though one had some garbled text (possibly a translation of an attachment?). They do have all seem to have an attachment of "winmail.dat", though it appears as though they are 0kb in size. Below are a few examples of the emails it is sending (i've not included identifying info where available). Really appreciate any more ideas you have. This is so frustrating!


Bounce Back 1
from Mail Delivery Subsystem <mailer-daemon@googlemail.com>
date Wed, Oct 22, 2008 at 8:23 PM
subject Delivery Status Notification (Failure)

Reply


This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

Brandi-kiurut@edc.dk

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 No such user (Brandi-kiurut@edc.dk) (state 14).

----- Original message -----

Received: by 10.65.189.20 with SMTP id r20mr9356402qbp.51.1224725030325;
Wed, 22 Oct 2008 18:23:50 -0700 (PDT)
Return-Path: <MyEmailAddress>
Received: from MyWindowsComputerName (MyIPAddress)
by mx.google.com
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Wed, 22 Oct 2008 18:23:50 -0700 (PDT)
To: <Brandi-kiurut@EDC.DK>
Subject: Not read: ladies say size doesnot matter, but we know, it does!
Date: Wed, 22 Oct 2008 20:23:50 -0500
Message-ID: <005b01c934ae$04be6430$0e3b2c90$@com>
MIME-Version: 1.0
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
X-Mailer: Microsoft Office Outlook 12.0
thread-index: AckcQnJtNvnhmxkYR2eQSVgxQzJ/0AYa3mKr
X-MS-TNEF-Correlator: 00000000581BECDFD61CB047B09CF50C49640BB224752500
From: MyName <MyEmailAddress>

eJ8+IjgBAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9SVC5J
UE0uTm90ZS5JUE5OUk4AtwYBCoABACEAAABFOTg1ODRFOTI5OEE0NjQxQjY1NDZDNTFFNzRDNkE0
NQAbBwEDkAYAkAIAABgAAAALACkAAAAAAEAAMgCAYfjrrTTJAR4ASQABAAAANgAAAGxhZGllcyBz
YXkgc2l6ZSBkb2Vzbm90IG1hdHRlciwgYnV0IHdlIGtub3csIGl0IGRvZXMhAAAAAgFMAAEAAABa
AAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAGAQgByAGEAbgBkAGkAAABTAE0AVABQAAAAQgByAGEA
bgBkAGkALQBrAGkAdQByAHUAdABAAEUARABDAC4ARABLAAAAAAAeAE0AAQAAAAcAAABCcmFuZGkA
AEAATgCAHHhsQhzJAUAAVQCA/W1yQhzJAR4AcAABAAAANgAAAGxhZGllcyBzYXkgc2l6ZSBkb2Vz
bm90IG1hdHRlciwgYnV0IHdlIGtub3csIGl0IGRvZXMhAAAAAgFxAAEAAAAbAAAAAckcQnJtNvnh
mxkYR2eQSVgxQzJ/0AYa3mKrAB4AcgABAAAAAQAAAAAAAAAeAHMAAQAAAAEAAAAAAAAAHgB0AAEA
AAASAAAAY2ZvcmdpZUBnbWFpbC5jb20AAAALAAgMAAAAAAsAAQ4BAAAAAwAUDgEAAAAeAAEQAQAA

----- Message truncated -----



Bounce Back 2
Your message

To: Pauliina-sargdraa@royallabel.com
Subject: Not read: Short way to long male power.
Sent: Wed, 22 Oct 2008 21:23:50 -0400

did not reach the following recipient(s):

Pauliina-sargdraa@royallabel.com on Wed, 22 Oct 2008 21:23:59 -0400
The e-mail account does not exist at the organization this message
was sent to. Check the e-mail address, or contact the recipient
directly to find out the correct address.
<royal-mail.royallabel.com #5.1.1>


Final-Recipient: RFC822; Pauliina-sargdraa@royallabel.com
Action: failed
Status: 5.1.1
X-Supplementary-Info: <royal-mail.royallabel.com #5.1.1>
X-Display-Name: Pauliina-sargdraa@royallabel.com


Bounce Back 3
from Mail Delivery System <MAILER-DAEMON@hammer.wmhost.com>
date Wed, Oct 22, 2008 at 8:40 PM
subject Undelivered Mail Returned to Sender
mailed-by hammer.wmhost.com

[winmail.dat]


Reply


This is the mail system at host hammer.wmhost.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<badivate_1950@fourkeys.fi>: unknown user: "badivate_1950@fourkeys.fi"

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:43 AM

Posted 23 October 2008 - 01:48 PM

Hello, CoachMcGuirk.
Please remove ZoneAlarm firewall before preforming the following instructions. Don't worry, we can reinstall it later if you wish. It can be removed via Add/Remove programs.

ZoneAlarm is appearing in the GMER logs and obscuring whether things are really hooked or not :thumbsup:

Received: from MyWindowsComputerName (MyIPAddress)

This is information I need. If you want to obsure the information here publicly, that's fine, but could you please send the IP address over PM?

That information is public anyway.. every single time you connect to another machine on the internet your IP address is shown. It's just like the home address of the machine. It does not identify you personally, but it can go a long way toward pinning down what's going on with the machine.

We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • GMER's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users