Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not-a-virus:RiskTool.Win32.Deleter, Trojan horse downloader.Agent.ANPP, etc...


  • This topic is locked This topic is locked
10 replies to this topic

#1 Zach712

Zach712

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 21 October 2008 - 05:04 PM

Seems like every few hours AVG (updated) keeps coming up that I'm infected with this Virus/Trojan. Can anyone help? There seems to be nothing visibly wrong with my computer as of now, still going normal speed, no pop ups or anything of the sort. I just have to keep virus vaulting these infections.

Note (from Sunday): Since running the scans and everything from the list of 8 steps to do (http://www.techspot.com/vb/topic58138.html), the infection notice has not come back up, but I will keep you informed. The malware program found 10 infections that seemed pretty bad, and the superspyware found 11 adwares that usually occur. Hopefully this helps.

Edit (from today): Just a few hours ago I just got a infection notice from AVG that Trojan horse downloader.Agent.ANPP was trying to fool around, I just clicked for AVG to heal it so I know for sure that I'm not completely virus free. I am also running a Kaspersky scan now to find out what all viruses are present...so far 1 threat found and 3 infected files (not-a-virus:RiskTool.Win32.Deleter)...but still nothing visibly wrong with my computer. Will update. (UPDATE): Kaspersky finished and only found not-a-virus:RiskTool.Win32.Deleter...it has infected 3 files, but that is it. Will upload log.

Thanks

Attached Files


Edited by Zach712, 21 October 2008 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 28 October 2008 - 05:20 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 Zach712

Zach712
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 28 October 2008 - 08:45 PM

Thanks Panda! And nope, no changes to my computer since the infection except for the installation/uninstallations of several recommended anti virus programs. And there is still nothing visibly wrong with my computer, but with this rootkit I think I have I'm pretty sure it could easily start something.


OTViewIt logfile created on: 10/28/2008 9:39:16 PM - Run
OTViewIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Alan Simmons\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 364.23 Mb Available Physical Memory | 35.92% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.82 Gb Total Space | 118.96 Gb Free Space | 81.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.65 Gb Total Space | 456.99 Gb Free Space | 98.14% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALAN
Current User Name: Alan Simmons
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/02/10 19:17:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2005/10/05 04:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[2006/10/25 09:57:34 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
[2005/08/11 23:02:44 | 00,053,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\oasclnt.exe
[2005/07/01 20:22:20 | 00,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2004/07/27 17:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/07/12 19:06:46 | 00,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
[2005/08/10 13:49:20 | 00,163,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[2005/07/08 19:16:16 | 00,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
[2005/08/18 18:52:12 | 00,999,424 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
[2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/09/29 14:59:47 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2006/03/23 20:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2006/03/23 20:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2005/08/16 17:17:34 | 00,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
[2008/10/25 23:03:44 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/07/16 22:29:54 | 00,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
[2008/09/03 15:03:40 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/10/21 15:34:16 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/10/25 23:03:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2004/04/13 17:03:10 | 00,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\HOTSYNC.EXE
[2008/03/14 23:12:48 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
[2005/07/06 21:06:36 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
[2005/08/10 12:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe
[2008/03/14 23:12:50 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
[2005/08/24 17:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2005/08/16 17:11:40 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
[2005/07/12 19:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
[2008/05/20 15:02:58 | 00,311,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/09/03 15:03:27 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2006/05/17 00:15:10 | 00,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
[2004/08/04 06:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\calc.exe
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[2008/08/23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/28 21:38:40 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan Simmons\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/09/03 15:03:27 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/09/03 15:03:40 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/21 15:34:16 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/25 23:03:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/07/06 21:06:36 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe [Auto | Running])
[2005/08/10 12:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield [Auto | Running])
[2005/08/24 17:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe [Auto | Running])
[2005/07/01 20:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe [On_Demand | Stopped])
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2005/08/16 17:11:40 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService [Auto | Running])
[2005/07/12 19:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService [Auto | Running])
[2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/10/25 09:57:37 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/09/03 15:03:26 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/02 15:05:11 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/07/02 15:05:40 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/01/10 13:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2005/06/13 12:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/03/23 20:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2005/08/16 17:18:40 | 00,080,640 | ---- | M] (McAfee) -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2005/08/10 12:22:10 | 00,114,464 | ---- | M] (McAfee Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Running])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/06/16 06:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/09/29 16:50:28 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2006/02/10 19:19:12 | 01,107,224 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2008/10/19 15:52:24 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2002/08/26 17:29:42 | 00,023,387 | ---- | M] (Magic Control Technology Corp.) -- C:\WINDOWS\system32\drivers\u2s2kxp.sys -- (U2SP [On_Demand | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2007/08/28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Secondary Start Pages"=
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Secondary Start Pages"=
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} (HKLM) -- c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BA52B914-B692-46c4-B683-905236F6F655}" (HKLM) -- c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ()
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe (McAfee Security)
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (McAfee Inc.)
"MSKDetectorExe"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup (McAfee, Inc.)
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"VirusScan Online"=c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe (McAfee, Inc.)
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask (McAfee, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found

========== (O4) Startup Folders ==========

[2004/04/13 17:03:10 | 00,299,008 | ---- | M] (Palm, Inc.) -- C:\Documents and Settings\Alan Simmons\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
[2008/01/21 15:41:28 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\Alan Simmons\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
[2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 12:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 12:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 12:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 12:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre6\bin\npjpi160_10.dll [2008/10/25 23:03:45 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}: Menu: McAfee Anti-Phishing Filter -- %ProgramFiles%\McAfee\SpamKiller\McApfBHO.dll [2005/07/12 19:02:38 | 00,262,236 | ---- | M] (McAfee, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 18:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_10.dll [Sun Java Console] -> [2008/10/25 23:03:45 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> %ProgramFiles%\McAfee\SpamKiller\McApfBHO.dll [McAfee Anti-Phishing Filter] -> [2005/07/12 19:02:38 | 00,262,236 | ---- | M] (McAfee, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_10.dll [Sun Java Console] -> [2008/10/25 23:03:45 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> %ProgramFiles%\McAfee\SpamKiller\McApfBHO.dll [McAfee Anti-Phishing Filter] -> [2005/07/12 19:02:38 | 00,262,236 | ---- | M] (McAfee, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01A88BB1-1174-41EC-ACCB-963509EAE56B}: http://support.dell.com/systemprofiler/SysPro.CAB -- SysProWmi Class
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.srtest.com/srl_bin/sysreqlab_srl.cab -- System Requirements Lab Class
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- Reg Error: Key does not exist or could not be opened.
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{28188897-2B80-455B-A847-75A572078E7F} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
>[2006/10/25 10:02:33 | 00,111,616 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2008/05/20 15:03:09 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun []
[2008/01/24 10:08:56 | 00,000,000 | ---D | M] -- E:\autorun -- [ FAT32 ]

autorun.inf [[autorun] | open=wd_windows_tools\setup.exe | ICON=AUTORUN\WDLOGO.ICO | ]
[2007/05/18 10:37:12 | 00,000,069 | RH-- | M] () -- E:\autorun.inf -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/10/28 21:38:34 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan Simmons\Desktop\OTViewIt.exe
[2008/10/28 17:40:36 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2008/10/26 15:04:25 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2008/10/26 15:04:25 | 00,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2008/10/25 23:09:22 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/25 13:10:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan Simmons\Desktop\Eliza newspaper
[2008/10/25 13:07:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan Simmons\Application Data\Image Zone Express
[2008/10/24 16:49:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/10/24 16:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/24 16:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/24 16:06:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/24 15:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/23 14:55:14 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/21 15:33:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008/10/19 22:54:58 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/10/19 21:23:27 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2008/10/19 21:09:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan Simmons\Local Settings\Application Data\TouchStoneSoftware
[2008/10/19 18:15:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/10/19 18:15:23 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/10/19 18:15:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan Simmons\Application Data\SUPERAntiSpyware.com
[2008/10/19 17:28:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan Simmons\Application Data\Malwarebytes
[2008/10/19 17:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/19 16:52:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/19 15:52:59 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/18 11:31:57 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\TDSSorvd.dat
[2008/10/18 11:30:04 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/18 11:30:04 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/18 09:17:42 | 00,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\tuxguitar.lnk
[2008/10/18 09:17:27 | 00,000,000 | ---D | C] -- C:\Program Files\tuxguitar-1.0-jet
[2008/10/18 07:49:45 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/16 19:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common
[2008/10/15 10:34:16 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 10:31:44 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 10:31:25 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 10:31:24 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 10:31:23 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 10:31:23 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/07 18:09:29 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Alan Simmons\My Documents\Spanish Project 1.wps
[2008/10/04 14:14:02 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2008/10/04 14:14:02 | 00,000,232 | -H-- | C] () -- C:\sqmdata01.sqm
[2008/09/29 17:18:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan Simmons\My Documents\My Games
[2008/09/29 17:11:03 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/09/29 17:09:35 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2008/09/29 17:09:35 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2008/09/29 17:09:35 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2008/09/29 17:09:34 | 01,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2008/09/29 17:09:34 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/29 17:09:34 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2008/09/29 17:09:34 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/09/29 17:09:34 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2008/09/29 17:09:34 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2008/09/29 17:09:34 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2008/09/29 17:09:34 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2008/09/29 17:09:34 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2008/09/29 17:09:34 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2008/09/29 17:09:34 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2008/09/29 17:09:34 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2008/09/29 17:09:34 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2008/09/29 17:09:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2008/09/29 17:09:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2008/09/29 17:09:34 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/09/29 17:09:34 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2008/09/29 17:09:34 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/09/29 17:09:34 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2008/09/29 17:09:34 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/09/29 17:09:34 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2008/09/29 17:09:33 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2008/09/29 17:09:33 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2008/09/29 17:09:33 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2008/09/29 17:09:33 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2008/09/29 17:09:33 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2008/09/29 17:09:33 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2008/09/29 17:09:33 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/09/29 17:09:33 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2008/09/29 17:09:33 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2008/09/29 17:09:33 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2008/09/29 17:09:33 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2008/09/29 17:09:33 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2008/09/29 17:09:33 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/09/29 17:09:33 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2008/09/29 17:09:32 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2008/09/29 17:09:31 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2008/09/29 17:09:31 | 00,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2008/09/29 17:09:31 | 00,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2008/09/29 17:09:31 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/09/29 17:09:31 | 00,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2008/09/29 17:09:31 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2008/09/29 17:09:30 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2008/09/29 17:09:30 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2008/09/29 17:09:30 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2008/09/29 17:09:30 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2008/09/29 17:09:30 | 00,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2008/09/29 17:09:30 | 00,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxapi.sys
[2008/09/29 17:09:29 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2008/09/29 17:09:29 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2008/09/29 17:09:29 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2008/09/29 17:09:29 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2008/09/29 17:09:29 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2008/09/29 17:09:28 | 01,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2008/09/29 17:09:28 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2008/09/29 17:09:28 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2008/09/29 17:09:28 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2008/09/29 17:09:28 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2008/09/29 17:09:28 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2008/09/29 17:09:27 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2008/09/29 17:09:26 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2008/09/29 17:09:26 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2008/09/29 17:09:26 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2008/09/29 17:09:26 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2008/09/29 17:09:26 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2008/09/29 17:09:26 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2008/09/29 17:09:26 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2008/09/29 17:09:25 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2008/09/29 17:09:25 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2008/09/29 17:09:24 | 01,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2008/09/29 17:09:24 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2008/09/29 17:09:24 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2008/09/29 17:09:24 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2008/09/29 17:09:24 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2008/09/29 17:09:24 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2008/09/29 17:09:24 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2008/09/29 17:09:23 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2008/09/29 17:09:23 | 00,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2008/09/29 17:09:23 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2008/09/29 17:09:23 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2008/09/29 17:09:23 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2008/09/29 17:09:23 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2008/09/29 17:09:23 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2008/09/29 17:09:23 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2008/09/29 17:09:23 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2008/09/29 17:09:23 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2008/09/29 17:09:22 | 00,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2008/09/29 16:50:27 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/29 16:50:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan Simmons\Application Data\DAEMON Tools

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/28 21:38:40 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan Simmons\Desktop\OTViewIt.exe
[2008/10/28 06:12:37 | 29,354,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/28 06:10:28 | 00,191,264 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2008/10/28 06:08:58 | 00,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (ALAN-Alan Simmons).job
[2008/10/28 06:08:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/28 06:08:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/28 06:08:43 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/27 07:49:50 | 00,088,958 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/26 15:04:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/26 15:04:25 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/25 23:09:40 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/25 23:09:22 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2008/10/24 15:12:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/21 15:48:17 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/10/21 15:39:28 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/21 15:39:28 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/21 15:39:28 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/20 17:56:35 | 00,070,536 | ---- | M] () -- C:\Documents and Settings\Alan Simmons\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/19 21:23:35 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Alan Simmons\Desktop\LimeWire 4.18.8.lnk
[2008/10/19 15:52:24 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/18 11:31:57 | 00,000,164 | ---- | M] () -- C:\WINDOWS\System32\TDSSorvd.dat
[2008/10/18 11:30:04 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/18 11:30:04 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/18 09:42:34 | 00,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/18 09:17:42 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\tuxguitar.lnk
[2008/10/18 07:49:45 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/11 22:59:10 | 00,577,536 | ---- | M] () -- C:\Documents and Settings\Alan Simmons\My Documents\Simmons.paf
[2008/10/10 18:56:21 | 00,001,224 | ---- | M] () -- C:\Documents and Settings\Alan Simmons\Application Data\wklnhst.dat
[2008/10/09 20:34:51 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/09 19:04:39 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Alan Simmons\Desktop\Sherri's Work.wps
[2008/10/07 18:09:29 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Alan Simmons\My Documents\Spanish Project 1.wps
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/04 23:04:55 | 02,112,124 | -H-- | M] () -- C:\Documents and Settings\Alan Simmons\Local Settings\Application Data\IconCache.db
[2008/10/04 14:15:12 | 00,000,226 | ---- | M] () -- C:\Documents and Settings\Alan Simmons\Desktop\Welcome to Webkinz® - a Ganz website.url
@Alternate Data Stream - 2550 bytes -> C:\Documents and Settings\Alan Simmons\Desktop\Welcome to Webkinz® - a Ganz website.url:favicon
[2008/10/04 14:14:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/04 14:14:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/29 16:50:28 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------


OTViewIt Extras logfile created on: 10/28/2008 9:39:16 PM - Run
OTViewIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Alan Simmons\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 364.23 Mb Available Physical Memory | 35.92% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.82 Gb Total Space | 118.96 Gb Free Space | 81.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.65 Gb Total Space | 456.99 Gb Free Space | 98.14% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALAN
Current User Name: Alan Simmons
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/03 15:02:22 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/09/03 15:03:27 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/09/18 14:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/05 16:14:56 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 02:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}"=Roxio RecordNow Data
"{075F543B-97C5-4118-9D54-93910DE03FE9}"=ASCOM Platform 5.0a
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Roxio DLA
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}"=hph_readme
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}"=hph_software
"{3846E811-639D-4DE1-844B-30491C0A6C0C}"=Dell Support 3.2
"{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1"=Virtual Moon Atlas Expert 3.5
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}"=EarthLink Setup Files
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}"=HP Photosmart Essential
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}"=Intel® PROSet for Wired Connections
"{868F24EB-5CA7-4285-B39B-3617CF37462A}"=D2300_Help
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{91CA0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Small Business Edition 2003
"{A5C16084-032F-4A6D-B19A-2E700421F9FB}"=Microsoft WorldWide Telescope
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}"=hph_ProductContext
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Roxio RecordNow Copy
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}"=hph_software_req
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}"=Digital Content Portal
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D297A783-A680-4FDB-8882-913EBA36ABC5}"=D2300
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}"=MCU
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}"=HP Photosmart and Deskjet 7.0 Software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}"=MarketResearch
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}"=Palm Desktop
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}"=OpenOffice.org 2.4
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AVG8Uninstall"=AVG Free 8.0
"cayahooantispy"=CA Yahoo! Anti-Spy (remove only)
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Google Desktop"=Google Desktop
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPExtendedCapabilities"=HP Customer Participation Program 7.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"LimeWire"=LimeWire 4.18.8
"McAfee Uninstall Utility"=McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PROSet"=Intel® PRO Network Connections Drivers
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer Basic
"SearchAssist"=SearchAssist
"StreetPlugin"=Learn2 Player (Uninstall Only)
"SystemRequirementsLab"=System Requirements Lab
"TuxGuitar_0"=TuxGuitar 1.0
"ViewpointMediaPlayer"=Viewpoint Media Player
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! ¤u¨ă¦C
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2338105714-1617549740-3618452479-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2008 12:16:49 PM | Computer Name = ALAN | Source = McLogEvent | ID = 5051
Description = A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer
than 30000 ms to complete a request. The process will be terminated. Thread id :
2376 (0x948) Thread address : 0x12039A72 Thread message : Build VSCORE.11.0.0.151
/ 11.34 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All
Users\Application Data\avg8\update\download\u7iavi1682u1681tk.bin by avgscanx.exe

27001(31)(0) 10010(31)(0) 24000(31)(11) 10006(31)(0) 27000(31)(26) 27001(31)(0)

10010(31)(1) 24000(31)(16)

Error - 10/14/2008 12:17:07 PM | Computer Name = ALAN | Source = McLogEvent | ID = 5051
Description = A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer
than 30000 ms to complete a request. The process will be terminated. Thread id :
2172 (0x87c) Thread address : 0x12039FC0 Thread message : Build VSCORE.11.0.0.151
/ 11.34 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All
Users\Application Data\avg8\update\download\u7iavi1682u1681tk.bin by avgscanx.exe

27001(47)(0) 10010(47)(0) 24000(47)(11) 10006(47)(0) 27000(47)(26) 27001(47)(0)

10010(47)(1) 24000(47)(16)

Error - 10/16/2008 12:16:41 PM | Computer Name = ALAN | Source = McLogEvent | ID = 5051
Description = A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer
than 30000 ms to complete a request. The process will be terminated. Thread id :
2300 (0x8fc) Thread address : 0x12039FC0 Thread message : Build VSCORE.11.0.0.151
/ 11.34 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All
Users\Application Data\avg8\update\download\u7iavi1682u1681tk.bin by avgscanx.exe

27001(47)(0) 10010(47)(0) 24000(47)(11) 10006(47)(0) 27000(47)(26) 27001(47)(0)

10010(47)(1) 24000(47)(16)

Error - 10/17/2008 12:17:33 PM | Computer Name = ALAN | Source = McLogEvent | ID = 5051
Description = A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer
than 30000 ms to complete a request. The process will be terminated. Thread id :
2224 (0x8b0) Thread address : 0x1203AB59 Thread message : Build VSCORE.11.0.0.151
/ 11.34 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All
Users\Application Data\avg8\update\download\u7iavi1682u1681tk.bin by avgscanx.exe

27001(47)(0) 10010(47)(0) 24000(47)(11) 10006(47)(0) 27000(47)(26) 27001(47)(0)

10010(47)(1) 24000(47)(16)

Error - 10/18/2008 11:32:54 AM | Computer Name = ALAN | Source = Application Error | ID = 1000
Description = Faulting application avgwdsvc.exe, version 8.0.0.145, faulting module
msvcr80.dll, version 8.0.50727.1433, fault address 0x000173e3.

Error - 10/18/2008 11:32:59 AM | Computer Name = ALAN | Source = Application Error | ID = 1001
Description = Fault bucket 879520986.

Error - 10/18/2008 8:15:00 AM | Computer Name = ALAN | Source = McLogEvent | ID = 5051
Description = A thread in process c:\PROGRA~1\mcafee.com\vso\mcshield.exe took longer
than 30000 ms to complete a request. The process will be terminated. Thread id :
176 (0xb0) Thread address : 0x1203B085 Thread message : Build VSCORE.11.0.0.151 /
11.34 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All
Users\Application Data\avg8\update\download\u7iavi1682u1681tk.bin by avgscanx.exe

27001(32)(0) 10010(32)(0) 24000(32)(11) 10006(32)(0) 27000(32)(26) 27001(32)(0)

10010(32)(1) 24000(32)(16)

Error - 10/25/2008 1:08:32 PM | Computer Name = ALAN | Source = Application Hang | ID = 1002
Description = Hanging application HP_IZE.exe, version 1.9.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/26/2008 7:21:17 PM | Computer Name = ALAN | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
module xmlparse.dll, version 0.0.0.0, fault address 0x000077ce.

Error - 10/26/2008 7:21:20 PM | Computer Name = ALAN | Source = Application Error | ID = 1001
Description = Fault bucket 507127123.

[ System Events ]
Error - 10/25/2008 11:06:45 PM | Computer Name = ALAN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/25/2008 11:06:45 PM | Computer Name = ALAN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/25/2008 11:06:45 PM | Computer Name = ALAN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/25/2008 11:06:45 PM | Computer Name = ALAN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/25/2008 11:06:46 PM | Computer Name = ALAN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/25/2008 11:06:46 PM | Computer Name = ALAN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/26/2008 8:46:21 AM | Computer Name = ALAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 10/26/2008 8:46:21 AM | Computer Name = ALAN | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 10/27/2008 7:48:20 AM | Computer Name = ALAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 10/27/2008 7:48:20 AM | Computer Name = ALAN | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053


< End of report >

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 29 October 2008 - 07:28 AM

Hello.

In a bit of a hurry at the moment. First off, please uninstall AVG or McAfee using Add/Remove Programs because you should only have one antivirus.

I do see evidence of a rootkit. Please run GMER.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

I'll review the logs later today.

With Regards,
The Panda

#5 Zach712

Zach712
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 29 October 2008 - 03:34 PM

I did the first step with GMER, it began to reboot but got stuck on a black screen. I eventually manually shut down the computer and booted in safe mode which then got a black screen, so then I booted to last known configuration and after a few minutes of startup got a blue screen twice with the error: IRQL_LESS_THAN_OR _EQUAL or something to that effect, but my comp does have a history of blue screening so this isn't new. Now I just booted it in last known config and it seems to be fine and I guess the log saved and I continued onto the next section to scan. So here it is but I'm not sure if it is correct considering my boot up issues. Btw, I would rather not uninstall McAfee because it has never interfered with anything and even though it is outdated (since I'm not paying for it) it tells me when a process is trying to access the internet and has saved me from making dumb decisions and attacks before. But if it is truely necessary I guess I can make the sacrifice :thumbsup:


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-29 16:27:54
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spoo.sys ZwCreateKey [0xF72BE0E0]
SSDT spoo.sys ZwEnumerateKey [0xF72DCCA2]
SSDT spoo.sys ZwEnumerateValueKey [0xF72DD030]
SSDT spoo.sys ZwOpenKey [0xF72BE0C0]
SSDT spoo.sys ZwQueryKey [0xF72DD108]
SSDT spoo.sys ZwQueryValueKey [0xF72DCF88]
SSDT spoo.sys ZwSetValueKey [0xF72DD19A]

INT 0x62 ? 86DD7BF8
INT 0x63 ? 86C0EF00
INT 0x73 ? 86DD7BF8
INT 0x73 ? 86DD7BF8
INT 0x73 ? 86DD7BF8
INT 0x94 ? 86C0EF00
INT 0xA4 ? 86C0EF00
INT 0xB4 ? 86C0EF00

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!NtCreateSection + 3 805AB3B1 4 Bytes [ 71, 28, CC, CC ]
? spoo.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6AA38AC 5 Bytes JMP 86C0E4E0

---- User code sections - GMER 1.0.14 ----

.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[184] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01473E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe[228] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 016F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[292] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 022B3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[312] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A43E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[352] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E43E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72BF040] spoo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72BF13C] spoo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72BF0BE] spoo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72BF7FC] spoo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72BF6D2] spoo.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86DD61F8

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Fastfat \FatCdrom 86A87500
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-0 86C21500
Device \Driver\NetBT \Device\NetBT_Tcpip_{28188897-2B80-455B-A847-75A572078E7F} 866C11F8
Device \Driver\usbuhci \Device\USBPDO-1 86C23500
Device \Driver\usbuhci \Device\USBPDO-2 86C23500
Device \Driver\usbuhci \Device\USBPDO-3 86C23500

Edited by Zach712, 29 October 2008 - 03:38 PM.


#6 Zach712

Zach712
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 29 October 2008 - 03:38 PM

Device \Driver\usbuhci \Device\USBPDO-4 86C23500
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86D681F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86D681F8
Device \Driver\Cdrom \Device\CdRom0 86BF7368
Device \Driver\Ftdisk \Device\HarddiskVolume3 86D681F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 86D681F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 866C11F8
Device \Driver\NetBT \Device\NetbiosSmb 866C11F8
Device \Driver\USBSTOR \Device\0000005a 8669B1F8
Device \Driver\USBSTOR \Device\0000005b 8669B1F8
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 86C23500
Device \Driver\usbuhci \Device\USBFDO-1 86C23500
Device \Driver\usbuhci \Device\USBFDO-2 86C23500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 866BC1F8
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-3 86C23500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 866BC1F8
Device \Driver\usbehci \Device\USBFDO-4 86C21500
Device \Driver\Ftdisk \Device\FtControl 86D681F8
Device \FileSystem\Fastfat \Fat 86A87500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Cdfs \Cdfs 86B301F8
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0xE6 0xB0 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0xE6 0xB0 0x63 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0xE6 0xB0 0x63 ...

---- EOF - GMER 1.0.14 ----

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 29 October 2008 - 04:26 PM

Hello Zach712.

There is a file that I would like to you upload. It looks like something that a rootkit dropped off, but I don't see any infection on your computer.

Submit File Sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://www.bleepingcomputer.com/forums/t/175685/not-a-virusrisktoolwin32deleter-trojan-horse-downloaderagentanpp-etc/
  • Under Browse to the file you want to submit, input:
    C:\WINDOWS\System32\TDSSorvd.dat
  • Under the comments section, say that Panda asked for the submission.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


With Regards,
The Panda

#8 Zach712

Zach712
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 29 October 2008 - 09:11 PM

Submitted file and here is the KS log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 29, 2008 19:07:35
Records in database: 1356800
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 81483
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:41:54


File name / Threat name / Threats count
C:\Documents and Settings\Alan Simmons\Local Settings\Temp\killti.exe Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

The selected area was scanned.

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 30 October 2008 - 07:12 AM

Hello Zach712.

Sorry, false alarm. There does not appear to be an infection.

Are you still getting those detections? If you want to wait a few days to see if it appears, that is fine.

With Regards,
The Panda

#10 Zach712

Zach712
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 30 October 2008 - 02:42 PM

I actually haven't got a detection notice in a long while. This is good news :thumbsup:

Thanks for the help!!

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 30 October 2008 - 03:26 PM

Hello.

You are very welcome.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users