Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2nd Request-I have a virus, need help


  • This topic is locked This topic is locked
31 replies to this topic

#1 Beth1

Beth1

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 22 October 2008 - 09:06 AM

I posted on the 18th with no reply so I am reposting begging for some help. My buttons will not work all the time on my mouse, my cursor jumps all over while I am typing, plus I can not restore to a previous date.

Here is my current hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:47 AM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: MotionSD STUDIO - SD Browser auto start -.lnk = C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195321890984
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A609CB6E-FEB5-47C3-966C-1B916842BD01} (Nlopflash Class) - http://poker.nlop.com/poker/PokerCreations.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8723 bytes

BC AdBot (Login to Remove)

 


#2 Beth1

Beth1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 22 October 2008 - 09:09 AM

Forgot to mention, that last week, I ran a Norton scan with no problems. However, later that day a pop up came up asking me to allow something that was watching my computer. First time, I chose disallow, second time, I chose allow this time, then my problems began.


Thanks in advance.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:34 PM

Posted 22 October 2008 - 12:01 PM

Hi Beth1,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  • Please download OTViewIt by OldTimer.
    • Save it to your desktop.
    • Double click on the OTViewIt icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Set File age to 60 days.
    • Type in the Custom Scans section: hijackthisbackups
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTViewIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#4 Beth1

Beth1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 22 October 2008 - 08:26 PM

Thank you for your help, it took a long time. Here it is:

Wednesday, October 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 22, 2008 14:16:31
Records in database: 1334986


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 162845
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 03:25:32

File name Threat name Threats count
C:\WINDOWS\Downloaded Program Files\CpnMgr.dll Infected: not-a-virus:AdWare.Win32.CoolSavings.a 1

The selected area was scanned.


Here is the Otviewit:

OTViewIt logfile created on: 10/22/2008 6:35:48 PM - Run
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\beth duciaome\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 417.47 Mb Available Physical Memory | 43.55% Memory free
2.31 Gb Paging File | 1.65 Gb Available in Paging File | 71.42% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.96 Gb Total Space | 28.94 Gb Free Space | 46.70% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.09 Gb Free Space | 9.45% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC885314341208
Current User Name: beth duciaome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2007/10/06 11:00:42 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/02/05 12:06:30 | 00,067,216 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
[2007/09/10 22:47:20 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
[2007/09/10 22:48:26 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
[2008/02/09 20:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/10/11 22:11:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2006/08/18 04:00:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
[2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
[2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/08/25 07:52:34 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/22 15:48:37 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\beth duciaome\Local Settings\Temp\jkos-beth duciaome\binaries\ScanningProcess.exe
[2008/10/22 15:48:37 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\beth duciaome\Local Settings\Temp\jkos-beth duciaome\binaries\ScanningProcess.exe
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/22 18:34:31 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/06/12 16:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand | Stopped])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/09 20:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2006/09/22 22:37:00 | 00,118,784 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Disabled | Stopped])
[2002/04/11 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Disabled | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/10/11 22:11:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (KodakCCS [On_Demand | Stopped])
[2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
[2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ [Auto | Running])
[2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers [Auto | Running])
[2006/08/18 04:00:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/25 07:52:34 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2005/08/04 05:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2005/10/06 21:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])

========== Driver Services ==========

[2006/06/06 16:39:56 | 00,061,952 | ---- | M] (Ricoh) -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD [On_Demand | Stopped])
[2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2006/06/19 08:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/04/28 13:12:00 | 00,429,184 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2003/12/19 22:15:50 | 00,015,263 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2004/06/12 05:27:18 | 00,051,712 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])
[2004/01/10 04:28:18 | 00,011,648 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/05/12 16:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2005/05/11 02:33:00 | 00,032,256 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running])
[2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/19 17:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2005/09/19 17:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2008/09/02 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/09/02 04:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/09/19 17:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running])
[2006/06/01 20:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/08/29 16:11:08 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2006/08/29 16:12:28 | 00,990,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/10/13 05:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Disabled | Stopped])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/13 14:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
[2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/08/24 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/24 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/08/18 04:00:00 | 03,687,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/01/26 20:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/03/02 20:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/03/02 20:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/03/05 19:49:36 | 00,011,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2006/03/16 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/29 05:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/11/16 00:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/31 21:54:50 | 00,051,584 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/31 22:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2008/05/08 10:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST [On_Demand | Running])
[2004/08/04 02:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2008/04/13 14:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2008/04/13 14:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/01/17 00:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/31 21:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/01/31 21:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 21:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/08/29 13:26:54 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/12 03:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081014.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/06/13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2006/08/29 16:10:56 | 00,728,576 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 14:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
[2007/02/05 12:06:30 | 00,067,216 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MotionSD STUDIO - SD Browser auto start -.lnk = C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
[2007/08/17 23:57:56 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
File not found -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
File not found -- C:\Documents and Settings\Dennis DuCiaome\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
[2006/11/27 18:45:48 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\Elizabeth DuCiaome\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia
{549F957E-2F89-11D6-8CFE-00C04F52B225}: http://coupons.smartsource.com/download/cscmv5X.cab -- CMV5 Class
{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1195321890984 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{A609CB6E-FEB5-47C3-966C-1B916842BD01}: http://poker.nlop.com/poker/PokerCreations.cab -- Nlopflash Class
{A7EA8AD2-287F-11D3-B120-006008C39542}: http://offers.e-centives.com/cif/download/bin/actxcab.cab -- CBSTIEPrint Class
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}: https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab -- InetDownload Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe -- Virtools WebPlayer Class
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}: https://secure.logmein.com/activex/ractrl.cab?lmi=100 -- Performance Viewer Activex Control

========== (O17) DNS Name Servers ==========

{47F3DAA7-0472-4A96-817B-2963BB7B5898} (Servers: | Description: NVIDIA nForce Networking Controller)
{52BA6D53-081D-48AD-A70E-84F6F8375610} (Servers: | Description: 1394 Net Adapter)
{94FF79E9-7235-48B5-AFA0-66BE3843EF96} (Servers: | Description: Broadcom 802.11b/g WLAN)
{D9E0996A-F46B-41E2-8806-C6D0041784BE} (Servers: | Description: 1394 Net Adapter)
{DDE3DDEA-EDB5-421B-B3C1-8FE311E0AFA7} (Servers: | Description: )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

AUTORUN.FCB [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () -- D:\AUTORUN.FCB -- [ FAT32 ]

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/22 18:34:30 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe
[2008/10/18 19:19:07 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/18 19:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/18 16:44:34 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\HijackThis.lnk
[2008/10/18 16:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/17 21:41:34 | 00,171,296 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 3.jpg
[2008/10/17 21:40:50 | 00,165,544 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 2.jpg
[2008/10/17 21:40:27 | 00,188,964 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 1.jpg
[2008/10/17 21:38:43 | 00,197,533 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Sean at the rally 2.jpg
[2008/10/17 21:36:19 | 00,174,200 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\sean at the rally.jpg
[2008/10/17 21:33:16 | 00,129,756 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan at the Rally.jpg
[2008/10/17 21:00:28 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Contract Beth Basement Finish.doc
[2008/10/16 13:53:38 | 00,197,976 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2008/10/15 23:10:50 | 00,297,071 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan and Sean 927.jpg
[2008/10/15 23:09:14 | 00,318,082 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan 927.jpg
[2008/10/15 22:22:31 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 22:22:27 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 22:22:23 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 22:22:23 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 22:22:22 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 22:22:21 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 09:50:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/15 08:37:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2008/10/15 08:37:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/15 08:37:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/15 08:37:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/15 08:37:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/15 08:29:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/10/15 08:21:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/10 13:01:52 | 00,307,124 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\dining table 3.jpg
[2008/10/10 13:00:11 | 00,296,688 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\dining table 2.jpg
[2008/10/10 12:55:52 | 00,179,152 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\dining seat.jpg
[2008/10/10 12:55:30 | 00,163,260 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Dining Chair.jpg
[2008/10/09 16:23:54 | 00,095,985 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Home Binder.pdf
[2008/09/30 19:02:49 | 02,012,421 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Unemployment ReAppeal.jpg
[2008/09/30 19:02:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Desktop\2008_09_30
[2008/09/30 18:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Application Data\Canon
[2008/09/30 11:06:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/09/30 11:06:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/09/27 10:42:26 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP160 User Registration.LNK
[2008/09/27 10:12:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Application Data\ScanSoft
[2008/09/27 10:05:57 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2008/09/27 10:05:33 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2008/09/27 10:01:01 | 00,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator 3.0.lnk
[2008/09/27 10:00:32 | 00,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MP160 On-screen Manual.lnk
[2008/09/27 09:59:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2008/09/27 09:04:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Desktop\Setup3240C
[2008/09/27 09:03:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Desktop\Data
[2008/09/18 20:00:30 | 00,042,590 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Pizza Crust.jpg
[2008/09/14 17:34:23 | 00,852,368 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\9-14-2008%205.jpg
[2008/09/12 23:02:05 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Unemployment facts for 91508.wps
[2008/09/09 14:40:43 | 00,010,240 | ---- | C] () -- C:\Documents and Settings\beth duciaome\My Documents\Vaccine Denial.wps
[2008/09/07 22:27:00 | 00,046,018 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\DuCiaome.docx
[2008/09/07 16:15:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Local Settings\Application Data\Mozilla
[2008/09/04 07:27:13 | 00,149,292 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan with puff on face.jpg
[2008/09/02 11:08:50 | 00,818,730 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\marinades2008%2Epdf.pdf
[2008/09/02 11:06:06 | 00,821,392 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\chicken%20patties2008%2Epdf.pdf
[2008/08/30 08:47:58 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/08/30 08:47:54 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/08/30 08:47:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/08/30 08:47:49 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/08/30 08:47:49 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/08/30 08:47:46 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/08/30 08:47:42 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/08/30 08:47:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/08/30 08:47:38 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/08/30 08:47:38 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/08/30 08:47:37 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/08/30 08:47:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/08/30 08:47:27 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/08/30 08:47:25 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/08/30 08:47:21 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/08/30 08:47:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/08/30 08:47:15 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/08/30 08:47:14 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/08/30 08:47:14 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/08/30 08:47:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/08/30 08:47:11 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/08/30 08:47:10 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/08/30 08:47:09 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/08/30 08:47:09 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/08/30 08:47:07 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/08/30 08:47:04 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/08/30 08:46:54 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/08/30 08:46:51 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/08/30 08:46:51 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/08/30 08:46:51 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/08/30 08:46:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/08/30 08:46:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/08/30 08:46:49 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/08/30 08:46:49 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/08/30 08:46:46 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/08/30 08:46:46 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/08/30 08:46:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/08/30 08:46:23 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/08/30 08:46:23 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/08/30 08:46:23 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/08/30 08:46:06 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/08/30 08:46:06 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/08/30 08:46:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/08/30 08:46:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/08/30 08:46:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/08/30 08:46:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/08/30 08:45:49 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/08/30 08:45:48 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/08/30 08:45:48 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/08/30 08:45:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/08/30 08:45:42 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/08/30 08:45:36 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/08/30 08:45:34 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/08/30 08:45:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/08/30 08:45:29 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/08/30 08:45:29 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/08/30 08:45:28 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/08/30 08:45:28 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/08/30 08:45:28 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/08/30 08:45:28 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/08/30 08:45:28 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/08/30 08:45:28 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/08/30 08:45:26 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/08/30 08:45:26 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/08/30 08:45:26 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/08/30 08:45:26 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/08/30 08:45:26 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/08/30 08:45:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/08/30 08:45:26 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/08/30 08:45:24 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/08/30 08:45:24 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/08/30 08:45:24 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/08/30 08:45:22 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/08/30 08:45:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/08/30 08:45:15 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/08/30 08:45:15 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/08/30 08:45:15 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/08/30 08:45:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/08/30 08:45:14 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/08/30 08:45:13 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/08/30 08:45:03 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/08/25 11:43:54 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\unemployment letter.wps
[2008/08/25 07:54:42 | 00,000,572 | ---- | C] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - beth duciaome.job
[2008/08/25 07:53:50 | 00,001,963 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2008/08/25 07:51:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2008/08/25 07:51:54 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2008/08/25 07:51:24 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/08/25 07:51:24 | 00,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/08/25 07:51:24 | 00,010,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/08/25 07:51:24 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/22 18:34:31 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe
[2008/10/22 07:57:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/22 07:57:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/22 07:57:12 | 10,051,70688 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/18 18:36:51 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2008/10/18 18:36:50 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/18 18:36:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/18 16:44:34 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\HijackThis.lnk
[2008/10/18 16:29:06 | 00,225,106 | ---- | M] () -- C:\logfile
[2008/10/18 09:49:33 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2008/10/18 09:49:26 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/17 23:28:16 | 03,202,048 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/10/17 21:41:35 | 07,238,656 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/10/17 21:38:43 | 00,197,533 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Sean at the rally 2.jpg
[2008/10/17 21:27:57 | 00,171,296 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 3.jpg
[2008/10/17 21:27:44 | 00,174,200 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\sean at the rally.jpg
[2008/10/17 21:27:30 | 00,188,964 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 1.jpg
[2008/10/17 21:27:30 | 00,165,544 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 2.jpg
[2008/10/17 21:27:13 | 00,129,756 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan at the Rally.jpg
[2008/10/17 21:26:37 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/17 21:00:30 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Contract Beth Basement Finish.doc
[2008/10/16 13:53:38 | 00,197,976 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2008/10/16 07:17:53 | 00,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 00:49:30 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 23:37:42 | 00,491,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/15 23:37:42 | 00,417,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/15 23:37:42 | 00,066,888 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/15 23:10:24 | 00,297,071 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan and Sean 927.jpg
[2008/10/15 23:08:41 | 00,318,082 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan 927.jpg
[2008/10/15 09:54:13 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/15 09:51:38 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\beth duciaome\My Documents\desktop.ini
[2008/10/15 09:50:37 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/15 08:24:10 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/13 22:18:12 | 00,000,572 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - beth duciaome.job
[2008/10/10 22:00:29 | 00,000,028 | ---- | M] () -- C:\WINDOWS\MotionSDSTUDIO.INI
[2008/10/10 12:53:44 | 00,179,152 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\dining seat.jpg
[2008/10/10 12:53:44 | 00,163,260 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Dining Chair.jpg
[2008/10/10 12:52:45 | 00,296,688 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\dining table 2.jpg
[2008/10/10 12:52:43 | 00,307,124 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\dining table 3.jpg
[2008/10/09 16:23:54 | 00,095,985 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Home Binder.pdf
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/09/30 19:02:50 | 02,012,421 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Unemployment ReAppeal.jpg
[2008/09/30 11:06:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/09/27 10:42:26 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP160 User Registration.LNK
[2008/09/27 10:05:57 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2008/09/27 10:05:33 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2008/09/27 10:01:01 | 00,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator 3.0.lnk
[2008/09/27 10:00:32 | 00,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP160 On-screen Manual.lnk
[2008/09/27 09:05:07 | 00,001,294 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Application Data\wklnhst.dat
[2008/09/18 19:59:47 | 00,042,590 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Pizza Crust.jpg
[2008/09/15 08:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/09/15 08:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/09/14 17:34:31 | 00,852,368 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\9-14-2008%205.jpg
[2008/09/12 23:21:45 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Unemployment facts for 91508.wps
[2008/09/12 10:57:03 | 00,149,292 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan with puff on face.jpg
[2008/09/09 14:40:44 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\beth duciaome\My Documents\Vaccine Denial.wps
[2008/09/08 06:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/09/08 06:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/09/07 22:27:01 | 00,046,018 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\DuCiaome.docx
[2008/09/02 11:08:50 | 00,818,730 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\marinades2008%2Epdf.pdf
[2008/09/02 11:06:06 | 00,821,392 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\chicken%20patties2008%2Epdf.pdf
[2008/08/29 13:26:54 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/08/29 13:26:54 | 00,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/08/29 13:26:54 | 00,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/08/29 13:26:54 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/08/25 11:43:54 | 00,013,312 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\unemployment letter.wps
[2008/08/25 07:53:50 | 00,001,963 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk

========== Custom Scans ==========


========== HijackThis Backups ==========

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081018-185800-737
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081018-185800-737.dll
MZ

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081018-185800-737.inf
[Add.Code]
DisneyOnlineGames.ocx=DisneyOnlineGames.ocx
DisneyOnlineGames.inf=DisneyOnlineGames.inf
[DisneyOnlineGames.ocx]
file=thiscab
clsid={3DCEC959-378A-4922-AD7E-FD5C925D927F}
RegisterServer=yes
FileVersion=7,6,6,1549
[DisneyOnlineGames.inf]
file=thiscab

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081018-185856-511
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

======= End HijackThis Backups =========

< End of report >


Here is Extras:
OTViewIt Extras logfile created on: 10/22/2008 6:35:48 PM - Run
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\beth duciaome\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 417.47 Mb Available Physical Memory | 43.55% Memory free
2.31 Gb Paging File | 1.65 Gb Available in Paging File | 71.42% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.96 Gb Total Space | 28.94 Gb Free Space | 46.70% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.09 Gb Free Space | 9.45% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC885314341208
Current User Name: beth duciaome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[2007/09/19 06:33:46 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008/03/06 12:40:06 | 00,689,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 20:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 18:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 01:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}"=Wireless Home Network Setup
"{0A8073F2-31C6-413B-BC79-5808352D651A}"=MotionSD STUDIO 1.2E
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160"=Canon MP160
"{13BCF6CB-2F54-4962-9B11-32F07048ACF3}"=HP User Guides 0031
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}"=CP_CalendarTemplates1
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}"=Adobe Media Player
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}"=Quicken 2006
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}"=ScanSoft OmniPage SE 4.0
"{2A548002-9042-4083-A270-B67473DE1073}"=SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.10 A2
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}"=Norton AntiVirus Help
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}"=OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}"=RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}"=Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}"=CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}"=cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}"=SonicAC3Encoder
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}"=cp_PosterPrintConfig
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}"=Macromedia Flash Player 8
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}"=LightScribe 1.4.97.1
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}"=Apple Software Update
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}"=CP_Package_Basic1
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}"=Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}"=cp_UpdateProjectsConfig
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}"=Macromedia Shockwave Player
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}"=OpenOffice.org 2.3
"{85309D89-7BE9-4094-BB17-24999C6118FC}"=ArcSoft PhotoStudio 5.5
"{869C3062-4745-4949-B6C9-98AF24D89030}"=PhotoGallery
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}"=
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}"=QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}"=CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}"=TourSetup
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A662323E-163F-479C-AE60-05822DB1DA3C}"=SymNet
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}"=CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B16AF568-A644-483C-A6DA-5028CD019C8C}"=SonicMPEGEncoder
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}"=cp_OnlineProjectsConfig
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}"=HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}"=InterVideo FilterSDK for Panasonic
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}"=Vongo
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}"=muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}"=InstantShareDevices
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C"=Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016"=Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92"=SCRABBLE from Hewlett-Packard Laptops (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4"=GemMaster Mystic
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86"=Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549"=Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22"=Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD"=Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242"=Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E"=Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88"=Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB"=Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89"=FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71"=Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615"=Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51"=Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54"=Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86"=Blasterball 2 from Hewlett-Packard Laptops (remove only)
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"B0202B33-E73D-4FCD-AC88-0B2971AFC116"=Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008"=Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"C264D692-8E15-4141-96A2-5621332E5DD0"=Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"Canon MP160 User Registration"=Canon MP160 User Registration
"CanonMyPrinter"=Canon My Printer
"CNXT_HDAUDIO"=Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m"=Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"Coupon Printer for Windows2.0"=Coupon Printer for Windows
"Coupon Printer for Windows4.0"=Coupon Printer for Windows
"D2E44AA4-8665-4490-A6C9-2D0744B47B27"=Polar Golfer from Hewlett-Packard Laptops (remove only)
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7"=Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B"=Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0"=Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2"=Crystal Maze from Hewlett-Packard Laptops (remove only)
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5"=Puzzle Express from Hewlett-Packard Laptops (remove only)
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE"=Flip Words from Hewlett-Packard Laptops (remove only)
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP Game Console"=HP Game Console and games
"HP Imaging Device Functions"=HP Imaging Device Functions 6.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.0
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2006b"=Microsoft Money 2006
"MP Navigator 3.0"=Canon MP Navigator 3.0
"NLOP"=NLOP
"NVIDIA Drivers"=NVIDIA Drivers
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus (Symantec Corporation)
"Virtools3DLifePlayer"=Virtools 3D Life Player
"WGA"=Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2008 8:17:20 AM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mfc42.dll, version 6.2.4131.0, fault address 0x0001713c.

Error - 10/15/2008 11:38:37 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application set1d.tmp, version 7.1.100.1248, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/17/2008 9:02:58 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9215.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2008 9:02:59 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9215.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2008 11:27:39 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 6.40.53.95, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000113a0.

Error - 10/17/2008 11:56:24 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 6.40.53.95, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2008 12:18:14 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application set57.tmp, version 7.1.100.1248, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/18/2008 12:18:43 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application set58.tmp, version 7.1.100.1248, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/22/2008 4:08:45 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2008 4:08:49 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

[ System Events ]
Error - 10/20/2008 8:20:49 AM | Computer Name = PC885314341208 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.100 on
the Network Card with network address 0014A5FEE862.

Error - 10/20/2008 8:31:43 AM | Computer Name = PC885314341208 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-SZ6X6SEFXO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{94FF79E9-723. The master browser is stopping or an election is being
forced.

Error - 10/20/2008 9:43:40 AM | Computer Name = PC885314341208 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-SZ6X6SEFXO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{94FF79E9-723. The master browser is stopping or an election is being
forced.

Error - 10/20/2008 1:07:34 PM | Computer Name = PC885314341208 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-SZ6X6SEFXO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{94FF79E9-723. The master browser is stopping or an election is being
forced.

Error - 10/20/2008 2:07:36 PM | Computer Name = PC885314341208 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-SZ6X6SEFXO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{94FF79E9-723. The master browser is stopping or an election is being
forced.

Error - 10/20/2008 8:35:22 PM | Computer Name = PC885314341208 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.100 on
the Network Card with network address 0014A5FEE862.

Error - 10/20/2008 8:43:25 PM | Computer Name = PC885314341208 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-SZ6X6SEFXO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{94FF79E9-723. The master browser is stopping or an election is being
forced.

Error - 10/21/2008 8:07:31 AM | Computer Name = PC885314341208 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.100 on
the Network Card with network address 0014A5FEE862.

Error - 10/21/2008 4:36:00 PM | Computer Name = PC885314341208 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-SZ6X6SEFXO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{94FF79E9-723. The master browser is stopping or an election is being
forced.

Error - 10/22/2008 3:39:56 PM | Computer Name = PC885314341208 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.100 on
the Network Card with network address 0014A5FEE862.


< End of report >


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:34 PM

Posted 23 October 2008 - 12:58 PM

Yes the Kaspersky scan takes a long time.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:
    • @ECHO OFF
      IF EXIST log.txt DEL log.txt
      ECHO Deleting files>>log.txt
      FOR %%g in (
      "C:\WINDOWS\Downloaded Program Files\CpnMgr.dll") DO (
      IF EXIST %%g (
      ATTRIB -r -s -h %%g
      DEL %%g
      IF EXIST %%g (
      ECHO %%g not deleted>>log.txt
      ) ELSE (
      ECHO %%g deleted successfully>>log.txt)
      ) ELSE (
      ECHO %%g not found>>log.txt))
      >>log.txt (
      START NOTEPAD.EXE log.txt
    • Select save in:desktop
    • Fill in File name: remove.bat
    • Save as type: All file types (*.*)
    • Click Save and close the Notepad.
    • Double-click remove.bat on the desktop.
    • Copy/paste the content of the log.txt which opens up
  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
  • Download FileFind.zip and unzip to your desktop.
    • Double-click FindFile.exe
    • In the box labeled "Enter the directory to search" enter the Drive: C:\
    • In the box labeled "Enter the File to Search" enter:
      *.tmp
    • Click "Find" to begin the search.
    • When the search is done, it will list the total number of files found.
    • Double-click on "Export"
    • This will create and save a text file named export.txt in the root of your C:\ directory.
    • Locate export.txt and copy/paste its contents in your next post.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log after running it and removing what it finds, or removing files after reboot.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please run OTViewIt.
    • Click the "Scan All Users" checkbox.
    • Set File age to 7 days.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTViewIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please copy/paste in your next reply:
  • The log.txt
  • The export.txt
  • The log of MBAM.
  • The OTViewIt logs.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:34 PM

Posted 23 October 2008 - 02:14 PM

Hello Beth1,

I noticed you have started a new thread just to tell me that you have posted the logs. Your reply and my reply remain in this thread. There is no need to open another topic to remind me you have posted the scan as I get e-mail notification once you replied to the topic.

It might be that I am going through your post, or tied up with other things in the real life like my work. I'll get back to you as soon as possible, in case I could not get back to you I'll ask a team mate to come in.

If I did not reply within 24 hours you may send me a PM.

Edited by farbar, 23 October 2008 - 02:50 PM.


#7 Beth1

Beth1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 24 October 2008 - 10:08 AM

No problem, I need to be more patient. Thank you for helping me!

There is nothing showing up in the remove log file, there was one before, but not after I ran the malware.

Export text log:

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms10.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms11.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms12.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms13.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms14.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms15.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms16.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms17.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms18.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms25.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms5.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms6.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms7.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms74.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms8.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms81.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms87.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fms9.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fmsA.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fmsB.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fmsC.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fmsD.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fmsE.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\spool\fmsF.tmp - 0 Bytes
C:\Documents and Settings\All Users\Application Data\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PEPCollectors\HBPep2_{BC8D3EAF-F864-4D4B-AB4D-B3D0C32E2840}.tmp - 6648 Bytes
C:\Documents and Settings\All Users\Application Data\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PEPCollectors\System_.tmp - 400 Bytes
C:\Documents and Settings\beth duciaome\Application Data\Canon\MP160\Temp\SCGR.TMP - 25 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\VGX12D3.tmp - 128 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\_iu14D2N.tmp - 707424 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DF11A0.tmp - 16384 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DF6A30.tmp - 16384 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DF8682.tmp - 32768 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DF889B.tmp - 16384 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DF8B33.tmp - 311296 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DF8FDE.tmp - 16384 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DF9CC2.tmp - 311296 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DFA4A9.tmp - 16384 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DFAB33.tmp - 16384 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DFBB0.tmp - 16384 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DFD6D0.tmp - 16384 Bytes
C:\Documents and Settings\beth duciaome\Local Settings\Temp\~DFDDCB.tmp - 114688 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache16552.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache24941.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache41089.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache4495.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache46068.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache4800.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache52057.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache60095.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\jar_cache9039.tmp - 12024 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\svh5.tmp - 0 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DF11B6.tmp - 16384 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DF162F.tmp - 16384 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DF36DB.tmp - 16384 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DF7351.tmp - 16384 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DF965B.tmp - 16384 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DF98CE.tmp - 16384 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DFA00E.tmp - 16384 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DFAF23.tmp - 16384 Bytes
C:\Documents and Settings\Elizabeth DuCiaome\Local Settings\Temp\~DFE408.tmp - 16384 Bytes
C:\Program Files\Canon\IJ Manual\MP160\Uninstall.tmp - 1359 Bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\tmp3c07.tmp - 0 Bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\tmp4538.tmp - 0 Bytes
C:\Program Files\Common Files\System\msadc\SET44B.tmp - 143360 Bytes
C:\Program Files\Common Files\System\msadc\SET44D.tmp - 143360 Bytes
C:\Program Files\Coupons\Uninstall\uni16.tmp - 0 Bytes
C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\ReaD8.tmp - 646 Bytes
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\77bb\Stats.tmp - 159 Bytes
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\7bd8\Stats.tmp - 159 Bytes
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\7e89\Stats.tmp - 159 Bytes
C:\Program Files\Nick Arcade\SpongeBob SquarePants Krabby Quest\product\547.tmp - 7617 Bytes
C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\PROFILES\tmp.tmp - 0 Bytes
C:\WINDOWS\003033_.tmp - 19569 Bytes
C:\WINDOWS\ehome\SET2D.tmp - 237568 Bytes
C:\WINDOWS\Installer\MSI10.tmp - 172032 Bytes
C:\WINDOWS\Installer\MSI11.tmp - 174592 Bytes
C:\WINDOWS\Installer\MSI12.tmp - 174080 Bytes
C:\WINDOWS\Installer\MSI13.tmp - 174592 Bytes
C:\WINDOWS\Installer\MSI16.tmp - 172032 Bytes
C:\WINDOWS\Installer\MSI18.tmp - 174080 Bytes
C:\WINDOWS\Installer\MSI3.tmp - 1358848 Bytes
C:\WINDOWS\Installer\MSI4.tmp - 174080 Bytes
C:\WINDOWS\Installer\MSI6.tmp - 174080 Bytes
C:\WINDOWS\Installer\MSI82.tmp - 135168 Bytes
C:\WINDOWS\Installer\MSI8A.tmp - 135168 Bytes
C:\WINDOWS\Installer\MSI9.tmp - 174592 Bytes
C:\WINDOWS\Installer\MSIA.tmp - 174080 Bytes
C:\WINDOWS\Installer\MSIB.tmp - 174592 Bytes
C:\WINDOWS\Installer\MSIC.tmp - 1358848 Bytes
C:\WINDOWS\Installer\MSIE.tmp - 174080 Bytes
C:\WINDOWS\msagent\SET362.tmp - 57344 Bytes
C:\WINDOWS\msagent\SET369.tmp - 58880 Bytes
C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT6.tmp - 0 Bytes
C:\WINDOWS\system32\CONFIG.TMP - 2577 Bytes
C:\WINDOWS\temp\JETCA06.tmp - 0 Bytes






Mbam log:


Malwarebytes' Anti-Malware 1.30
Database version: 1313
Windows 5.1.2600 Service Pack 3

10/24/2008 10:42:47 AM
mbam-log-2008-10-24 (10-42-47).txt

Scan type: Quick Scan
Objects scanned: 66333
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Delete on reboot.


OTviewIT log:

OTViewIt logfile created on: 10/24/2008 11:04:17 AM - Run 2
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\beth duciaome\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 493.58 Mb Available Physical Memory | 51.49% Memory free
2.31 Gb Paging File | 2.00 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.96 Gb Total Space | 30.56 Gb Free Space | 49.31% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.09 Gb Free Space | 9.45% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC885314341208
Current User Name: beth duciaome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 7 Days

========== Processes ==========

[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/02/09 20:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/10/11 22:11:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2006/08/18 04:00:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
[2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
[2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
[2007/10/06 11:00:42 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/02/05 12:06:30 | 00,067,216 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
[2007/09/10 22:47:20 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
[2007/09/10 22:48:26 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/24 11:00:22 | 00,069,632 | ---- | M] (Atribune.org) -- C:\Documents and Settings\beth duciaome\Temporary Internet Files\Content.IE5\GPARGPQB\FileFind[1]\FileFind.exe
[2008/10/22 18:34:31 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/06/12 16:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand | Stopped])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/09 20:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2006/09/22 22:37:00 | 00,118,784 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Disabled | Stopped])
[2002/04/11 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Disabled | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/10/11 22:11:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (KodakCCS [On_Demand | Stopped])
[2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
[2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ [Auto | Running])
[2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers [Auto | Running])
[2006/08/18 04:00:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/25 07:52:34 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2005/08/04 05:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2005/10/06 21:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])

========== Driver Services ==========

[2006/06/06 16:39:56 | 00,061,952 | ---- | M] (Ricoh) -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD [On_Demand | Stopped])
[2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Stopped])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2006/06/19 08:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/04/28 13:12:00 | 00,429,184 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2003/12/19 22:15:50 | 00,015,263 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2004/06/12 05:27:18 | 00,051,712 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])
[2004/01/10 04:28:18 | 00,011,648 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/05/12 16:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2005/05/11 02:33:00 | 00,032,256 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running])
[2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/19 17:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2005/09/19 17:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2008/09/02 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/09/02 04:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/09/19 17:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running])
[2006/06/01 20:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/08/29 16:11:08 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2006/08/29 16:12:28 | 00,990,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/10/13 05:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Disabled | Stopped])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/13 14:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
[2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/08/24 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081023.041\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/24 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081023.041\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/08/18 04:00:00 | 03,687,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/01/26 20:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/03/02 20:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/03/02 20:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/03/05 19:49:36 | 00,011,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2006/03/16 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/29 05:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/11/16 00:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/31 21:54:50 | 00,051,584 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/31 22:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2008/05/08 10:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST [On_Demand | Running])
[2004/08/04 02:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2008/04/13 14:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2008/04/13 14:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/01/17 00:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/31 21:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/01/31 21:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 21:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/08/29 13:26:54 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/12 03:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081023.002\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/06/13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2006/08/29 16:10:56 | 00,728,576 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 14:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomSearch"=

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\Software\Microsoft\Internet Explorer\SearchURL]
"@"=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
"provider"=yaho

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
[2007/02/05 12:06:30 | 00,067,216 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MotionSD STUDIO - SD Browser auto start -.lnk = C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
[2007/08/17 23:57:56 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
File not found -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
File not found -- C:\Documents and Settings\Dennis DuCiaome\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
[2006/11/27 18:45:48 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\Elizabeth DuCiaome\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia
{549F957E-2F89-11D6-8CFE-00C04F52B225}: http://coupons.smartsource.com/download/cscmv5X.cab -- CMV5 Class
{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1195321890984 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{A609CB6E-FEB5-47C3-966C-1B916842BD01}: http://poker.nlop.com/poker/PokerCreations.cab -- Nlopflash Class
{A7EA8AD2-287F-11D3-B120-006008C39542}: http://offers.e-centives.com/cif/download/bin/actxcab.cab -- CBSTIEPrint Class
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}: https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab -- InetDownload Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe -- Virtools WebPlayer Class
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}: https://secure.logmein.com/activex/ractrl.cab?lmi=100 -- Performance Viewer Activex Control

========== (O17) DNS Name Servers ==========

{47F3DAA7-0472-4A96-817B-2963BB7B5898} (Servers: | Description: NVIDIA nForce Networking Controller)
{52BA6D53-081D-48AD-A70E-84F6F8375610} (Servers: | Description: 1394 Net Adapter)
{94FF79E9-7235-48B5-AFA0-66BE3843EF96} (Servers: | Description: Broadcom 802.11b/g WLAN)
{D9E0996A-F46B-41E2-8806-C6D0041784BE} (Servers: | Description: 1394 Net Adapter)
{DDE3DDEA-EDB5-421B-B3C1-8FE311E0AFA7} (Servers: | Description: )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

AUTORUN.FCB [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () -- D:\AUTORUN.FCB -- [ FAT32 ]

========== Files/Folders - Created Within 7 Days ==========

[2008/10/24 10:57:45 | 00,000,364 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\remove.bat
[2008/10/24 10:44:31 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/10/24 10:34:15 | 01,201,106 | ---- | C] () -- C:\Documents and Settings\beth duciaome\My Documents\2008-Fall-Customer-Appreciation.pdf
[2008/10/24 10:20:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Application Data\Malwarebytes
[2008/10/24 10:20:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/24 10:20:28 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/24 10:20:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/24 10:20:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/24 10:20:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/24 10:10:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2008/10/24 02:46:12 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/22 21:22:13 | 00,002,904 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Kaspersky.html
[2008/10/22 18:34:30 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe
[2008/10/18 19:19:07 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/18 19:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/18 16:44:34 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\HijackThis.lnk
[2008/10/18 16:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/17 21:41:34 | 00,171,296 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 3.jpg
[2008/10/17 21:40:50 | 00,165,544 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 2.jpg
[2008/10/17 21:40:27 | 00,188,964 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 1.jpg
[2008/10/17 21:38:43 | 00,197,533 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Sean at the rally 2.jpg
[2008/10/17 21:36:19 | 00,174,200 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\sean at the rally.jpg
[2008/10/17 21:33:16 | 00,129,756 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan at the Rally.jpg
[2008/10/17 21:00:28 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Contract Beth Basement Finish.doc

========== Files - Modified Within 7 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/24 10:57:45 | 00,000,364 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\remove.bat
[2008/10/24 10:45:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/24 10:44:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/24 10:44:44 | 10,051,70688 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/24 10:34:15 | 01,201,106 | ---- | M] () -- C:\Documents and Settings\beth duciaome\My Documents\2008-Fall-Customer-Appreciation.pdf
[2008/10/24 10:20:28 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/22 21:22:13 | 00,002,904 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Kaspersky.html
[2008/10/22 18:34:31 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/18 18:36:51 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2008/10/18 18:36:50 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/18 18:36:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/18 16:44:34 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\HijackThis.lnk
[2008/10/18 16:29:06 | 00,225,106 | ---- | M] () -- C:\logfile
[2008/10/18 09:49:33 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2008/10/18 09:49:26 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/17 23:28:16 | 03,202,048 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/10/17 21:41:35 | 07,238,656 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/10/17 21:38:43 | 00,197,533 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Sean at the rally 2.jpg
[2008/10/17 21:27:57 | 00,171,296 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 3.jpg
[2008/10/17 21:27:44 | 00,174,200 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\sean at the rally.jpg
[2008/10/17 21:27:30 | 00,188,964 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 1.jpg
[2008/10/17 21:27:30 | 00,165,544 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 2.jpg
[2008/10/17 21:27:13 | 00,129,756 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan at the Rally.jpg
[2008/10/17 21:26:37 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/17 21:00:30 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Contract Beth Basement Finish.doc
< End of report >

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:34 PM

Posted 24 October 2008 - 10:32 AM

There is nothing showing up in the remove log file, there was one before, but not after I ran the malware.


There should always be something, and you could post it the first time it showed something. I did ask the log before running the other tools not after.


I see from the log you are playing with Avenger. Could you tell me what you have done with it? The tool is a powerful tool and you should not remove anything with it unless you know what you are doing. Specially while you are getting help here we expect people not to do anything by themselves as it might complicate the job at hand. Of course if you feel you can do it by yourself feel free to carry on your own.

Please read the instructions carefully and follow them. Your cooperation or lack if it has a great influence on this process. Thanks.

Meanwhile I'm going to look it over and get back to you as soon as possible.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:34 PM

Posted 24 October 2008 - 11:15 AM

Hi Beth1,

Please let me know you have read my previous post.
  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download SDFix by AndyManchesta and save it to your desktop.
    When using this tool, you must use the Administrator's account or an account with "Administrative rights"
    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
  • Please run OTViewIt.
    • Click the "Scan All Users" checkbox.
    • Set File age to 60 days.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTViewIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Edited by farbar, 24 October 2008 - 01:34 PM.


#10 Beth1

Beth1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 24 October 2008 - 11:18 AM

Farbar,

Sorry, I do want your help.

I found the remove log, I forgot what it showed up under:

Deleting files
"C:\WINDOWS\Downloaded Program Files\CpnMgr.dll" not found


I did not know what Avenger is. When I went to do the mbam on major geeks, I ran the wrong thing, it was the download that came up on the opening page. I followed the instructions on that, but it did not match up to your instructions, I then ran mbam after locating it. I removed the other, it was called registry mechnic. It was my stupidity. Only other thing I have done was update Microsoft since your homepage her at BC told me to do so.

Thanks, Beth

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:34 PM

Posted 24 October 2008 - 01:23 PM

Beth1,

Thanks for the post.

You might have run the remove.bat twice but it is OK as log as the file is removed.

I understand now the reason why Avenger was showing up on the log.

Updating Windows is also OK, I usually specifically ask to wait on that until the system is clean, but your system looks clean enough. Thanks for letting me know.

Please proceed with the fix, it will check the system for nasty ones, and will reset a few things. There are also a lot of junks in the temporary folders, I expected ATF Cleaner to clean those but it didn't. SDFix would do that en the rest we will do in another way later on.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:34 PM

Posted 24 October 2008 - 01:39 PM

Beth, I edited the post with the fix, you have already run OTViewIt once, I had mentioned RSIT which is another scanner you have not downloaded. After doing the fix with SDFix run computer for a while then scan with OTViewIt. Post both the SDFix and OTViewIt logs.

#13 Beth1

Beth1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 24 October 2008 - 07:41 PM

Farbar,

I finally figured it out. By the way, my cursor is still jumping all around. Could it be my mouse or keypads? If I type super slow, it does not happen as much.

Here is the SDFix file:

SDFix: Version 1.237
Run by Administrator on Fri 10/24/2008 at 08:51 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 21:02:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Disabled:HP Software Update Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Thu 28 Jul 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Thu 28 Jul 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Thu 7 Dec 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Wed 30 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Fri 29 Dec 2006 392 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Fri 18 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Fri 18 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT6.tmp"

Finished!


Here is the OTViewIT:

OTViewIt logfile created on: 10/24/2008 9:14:39 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\beth duciaome\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 485.10 Mb Available Physical Memory | 50.61% Memory free
2.31 Gb Paging File | 1.96 Gb Available in Paging File | 84.90% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.96 Gb Total Space | 29.95 Gb Free Space | 48.33% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.09 Gb Free Space | 9.44% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC885314341208
Current User Name: beth duciaome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/02/09 20:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/10/11 22:11:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2006/08/18 04:00:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
[2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
[2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
[2007/10/06 11:00:42 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2007/02/05 12:06:30 | 00,067,216 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
[2007/09/10 22:47:20 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
[2007/09/10 22:48:26 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/22 18:34:31 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/06/12 16:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand | Stopped])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/09 20:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2006/09/22 22:37:00 | 00,118,784 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Disabled | Stopped])
[2002/04/11 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Disabled | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/10/11 22:11:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (KodakCCS [On_Demand | Stopped])
[2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/01/25 21:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
[2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ [Auto | Running])
[2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers [Auto | Running])
[2006/08/18 04:00:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/25 07:52:34 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2005/08/04 05:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2005/10/06 21:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])

========== Driver Services ==========

[2006/06/06 16:39:56 | 00,061,952 | ---- | M] (Ricoh) -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD [On_Demand | Stopped])
[2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2006/06/19 08:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/04/28 13:12:00 | 00,429,184 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2003/12/19 22:15:50 | 00,015,263 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2004/06/12 05:27:18 | 00,051,712 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])
[2004/01/10 04:28:18 | 00,011,648 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/05/12 16:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
File not found -- -- (catchme [On_Demand | Running])
[2005/05/11 02:33:00 | 00,032,256 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running])
[2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/19 17:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2005/09/19 17:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2008/09/02 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/09/02 04:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/09/19 17:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running])
[2006/06/01 20:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/08/29 16:11:08 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2006/08/29 16:12:28 | 00,990,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/10/13 05:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Disabled | Stopped])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/13 14:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
[2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/08/24 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081024.024\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/24 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081024.024\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/08/18 04:00:00 | 03,687,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/01/26 20:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/03/02 20:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/03/02 20:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/03/05 19:49:36 | 00,011,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2006/03/16 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/29 05:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/11/16 00:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/31 21:54:50 | 00,051,584 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/31 22:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2008/05/08 10:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST [On_Demand | Running])
[2004/08/04 02:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2008/04/13 14:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2008/04/13 14:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/01/17 00:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/31 21:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/01/31 21:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 21:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/08/29 13:26:54 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/12 03:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081023.002\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/06/13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2006/08/29 16:10:56 | 00,728,576 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 14:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
[2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2007/02/05 12:06:30 | 00,067,216 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MotionSD STUDIO - SD Browser auto start -.lnk = C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
[2007/08/17 23:57:56 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
File not found -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
File not found -- C:\Documents and Settings\Dennis DuCiaome\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
[2006/11/27 18:45:48 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\Elizabeth DuCiaome\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 05:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658088449-2317666998-3772994601-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia
{549F957E-2F89-11D6-8CFE-00C04F52B225}: http://coupons.smartsource.com/download/cscmv5X.cab -- CMV5 Class
{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1195321890984 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{A609CB6E-FEB5-47C3-966C-1B916842BD01}: http://poker.nlop.com/poker/PokerCreations.cab -- Nlopflash Class
{A7EA8AD2-287F-11D3-B120-006008C39542}: http://offers.e-centives.com/cif/download/bin/actxcab.cab -- CBSTIEPrint Class
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}: https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab -- InetDownload Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe -- Virtools WebPlayer Class
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}: https://secure.logmein.com/activex/ractrl.cab?lmi=100 -- Performance Viewer Activex Control

========== (O17) DNS Name Servers ==========

{47F3DAA7-0472-4A96-817B-2963BB7B5898} (Servers: | Description: NVIDIA nForce Networking Controller)
{52BA6D53-081D-48AD-A70E-84F6F8375610} (Servers: | Description: 1394 Net Adapter)
{94FF79E9-7235-48B5-AFA0-66BE3843EF96} (Servers: | Description: Broadcom 802.11b/g WLAN)
{D9E0996A-F46B-41E2-8806-C6D0041784BE} (Servers: | Description: 1394 Net Adapter)
{DDE3DDEA-EDB5-421B-B3C1-8FE311E0AFA7} (Servers: | Description: )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

AUTORUN.FCB [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () -- D:\AUTORUN.FCB -- [ FAT32 ]

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/24 20:57:48 | 10,051,70688 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/24 20:50:43 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/24 20:48:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/24 20:23:16 | 01,554,567 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\SDFix.exe
[2008/10/24 20:18:46 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/10/24 13:49:28 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2008/10/24 13:49:28 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2008/10/24 13:48:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Local Settings\Application Data\NOS
[2008/10/24 13:43:59 | 06,167,403 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\adobe 6.dmg
[2008/10/24 13:20:07 | 01,201,106 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\2008-Fall-Customer-Appreciation.pdf
[2008/10/24 11:20:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Desktop\Adobe Reader 9 Installer
[2008/10/24 11:18:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/10/24 11:18:17 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/10/24 10:57:45 | 00,000,364 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\remove.bat
[2008/10/24 10:44:31 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/10/24 10:34:15 | 01,201,106 | ---- | C] () -- C:\Documents and Settings\beth duciaome\My Documents\2008-Fall-Customer-Appreciation.pdf
[2008/10/24 10:20:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Application Data\Malwarebytes
[2008/10/24 10:20:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/24 10:20:28 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/24 10:20:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/24 10:20:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/24 10:20:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/24 10:10:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2008/10/24 02:46:12 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/22 21:22:13 | 00,002,904 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Kaspersky.html
[2008/10/22 18:34:30 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe
[2008/10/18 19:19:07 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/18 19:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/18 16:44:34 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\HijackThis.lnk
[2008/10/18 16:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/17 21:41:34 | 00,171,296 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 3.jpg
[2008/10/17 21:40:50 | 00,165,544 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 2.jpg
[2008/10/17 21:40:27 | 00,188,964 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 1.jpg
[2008/10/17 21:38:43 | 00,197,533 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Sean at the rally 2.jpg
[2008/10/17 21:36:19 | 00,174,200 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\sean at the rally.jpg
[2008/10/17 21:33:16 | 00,129,756 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan at the Rally.jpg
[2008/10/17 21:00:28 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Contract Beth Basement Finish.doc
[2008/10/16 13:53:38 | 00,197,976 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2008/10/15 23:10:50 | 00,297,071 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan and Sean 927.jpg
[2008/10/15 23:09:14 | 00,318,082 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan 927.jpg
[2008/10/15 22:22:31 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 22:22:27 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 22:22:23 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 22:22:23 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 22:22:22 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 22:22:21 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 09:50:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/15 08:37:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2008/10/15 08:37:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/15 08:37:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/15 08:37:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/15 08:37:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/15 08:29:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/10/15 08:21:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/10 13:01:52 | 00,307,124 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\dining table 3.jpg
[2008/10/10 13:00:11 | 00,296,688 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\dining table 2.jpg
[2008/10/10 12:55:52 | 00,179,152 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\dining seat.jpg
[2008/10/10 12:55:30 | 00,163,260 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Dining Chair.jpg
[2008/10/09 16:23:54 | 00,095,985 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Home Binder.pdf
[2008/09/30 19:02:49 | 02,012,421 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Unemployment ReAppeal.jpg
[2008/09/30 19:02:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Desktop\2008_09_30
[2008/09/30 18:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Application Data\Canon
[2008/09/27 10:42:26 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP160 User Registration.LNK
[2008/09/27 10:12:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Application Data\ScanSoft
[2008/09/27 10:05:57 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2008/09/27 10:05:33 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2008/09/27 10:01:01 | 00,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator 3.0.lnk
[2008/09/27 10:00:32 | 00,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MP160 On-screen Manual.lnk
[2008/09/27 09:59:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2008/09/27 09:04:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Desktop\Setup3240C
[2008/09/27 09:03:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Desktop\Data
[2008/09/18 20:00:30 | 00,042,590 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Pizza Crust.jpg
[2008/09/14 17:34:23 | 00,852,368 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\9-14-2008%205.jpg
[2008/09/12 23:02:05 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Unemployment facts for 91508.wps
[2008/09/09 14:40:43 | 00,010,240 | ---- | C] () -- C:\Documents and Settings\beth duciaome\My Documents\Vaccine Denial.wps
[2008/09/07 22:27:00 | 00,046,018 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\DuCiaome.docx
[2008/09/07 16:15:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\beth duciaome\Local Settings\Application Data\Mozilla
[2008/09/04 07:27:13 | 00,149,292 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan with puff on face.jpg
[2008/09/02 11:08:50 | 00,818,730 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\marinades2008%2Epdf.pdf
[2008/09/02 11:06:06 | 00,821,392 | ---- | C] () -- C:\Documents and Settings\beth duciaome\Desktop\chicken%20patties2008%2Epdf.pdf
[2008/08/30 08:47:58 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/08/30 08:47:54 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/08/30 08:47:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/08/30 08:47:49 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/08/30 08:47:49 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/08/30 08:47:46 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/08/30 08:47:42 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/08/30 08:47:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/08/30 08:47:38 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/08/30 08:47:38 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/08/30 08:47:37 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/08/30 08:47:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/08/30 08:47:27 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/08/30 08:47:25 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/08/30 08:47:21 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/08/30 08:47:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/08/30 08:47:15 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/08/30 08:47:14 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/08/30 08:47:14 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/08/30 08:47:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/08/30 08:47:11 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/08/30 08:47:10 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/08/30 08:47:09 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/08/30 08:47:09 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/08/30 08:47:07 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/08/30 08:47:04 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/08/30 08:46:54 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/08/30 08:46:51 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/08/30 08:46:51 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/08/30 08:46:51 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/08/30 08:46:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/08/30 08:46:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/08/30 08:46:49 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/08/30 08:46:49 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/08/30 08:46:46 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/08/30 08:46:46 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/08/30 08:46:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/08/30 08:46:23 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/08/30 08:46:23 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/08/30 08:46:23 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/08/30 08:46:06 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/08/30 08:46:06 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/08/30 08:46:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/08/30 08:46:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/08/30 08:46:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/08/30 08:46:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/08/30 08:45:49 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/08/30 08:45:48 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/08/30 08:45:48 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/08/30 08:45:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/08/30 08:45:42 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/08/30 08:45:36 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/08/30 08:45:34 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/08/30 08:45:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/08/30 08:45:29 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/08/30 08:45:29 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/08/30 08:45:28 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/08/30 08:45:28 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/08/30 08:45:28 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/08/30 08:45:28 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/08/30 08:45:28 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/08/30 08:45:28 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/08/30 08:45:26 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/08/30 08:45:26 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/08/30 08:45:26 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/08/30 08:45:26 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/08/30 08:45:26 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/08/30 08:45:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/08/30 08:45:26 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/08/30 08:45:24 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/08/30 08:45:24 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/08/30 08:45:24 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/08/30 08:45:22 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/08/30 08:45:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/08/30 08:45:15 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/08/30 08:45:15 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/08/30 08:45:15 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/08/30 08:45:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/08/30 08:45:14 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/08/30 08:45:13 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/08/30 08:45:03 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/24 21:07:28 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/24 20:57:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/24 20:57:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/24 20:57:48 | 10,051,70688 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/24 20:51:54 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/24 20:50:43 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/24 20:36:41 | 01,554,567 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\SDFix.exe
[2008/10/24 13:49:28 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2008/10/24 13:49:28 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2008/10/24 13:44:01 | 06,167,403 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\adobe 6.dmg
[2008/10/24 13:34:28 | 00,226,080 | ---- | M] () -- C:\logfile
[2008/10/24 13:28:19 | 01,201,106 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\2008-Fall-Customer-Appreciation.pdf
[2008/10/24 12:11:06 | 00,000,364 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\remove.bat
[2008/10/24 11:18:02 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/24 10:34:15 | 01,201,106 | ---- | M] () -- C:\Documents and Settings\beth duciaome\My Documents\2008-Fall-Customer-Appreciation.pdf
[2008/10/24 10:20:28 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/22 21:22:13 | 00,002,904 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Kaspersky.html
[2008/10/22 18:34:31 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beth duciaome\Desktop\OTViewIt.exe
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/18 18:36:51 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2008/10/18 18:36:50 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/18 18:36:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/18 16:44:34 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\HijackThis.lnk
[2008/10/18 09:49:33 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2008/10/17 23:28:16 | 03,202,048 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/10/17 21:41:35 | 07,238,656 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/10/17 21:38:43 | 00,197,533 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Sean at the rally 2.jpg
[2008/10/17 21:27:57 | 00,171,296 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 3.jpg
[2008/10/17 21:27:44 | 00,174,200 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\sean at the rally.jpg
[2008/10/17 21:27:30 | 00,188,964 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 1.jpg
[2008/10/17 21:27:30 | 00,165,544 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\palin 2.jpg
[2008/10/17 21:27:13 | 00,129,756 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan at the Rally.jpg
[2008/10/17 21:00:30 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Contract Beth Basement Finish.doc
[2008/10/17 07:57:41 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/16 13:53:38 | 00,197,976 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2008/10/16 07:17:53 | 00,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 23:37:42 | 00,491,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/15 23:37:42 | 00,417,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/15 23:37:42 | 00,066,888 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/15 23:10:24 | 00,297,071 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan and Sean 927.jpg
[2008/10/15 23:08:41 | 00,318,082 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan 927.jpg
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 09:54:13 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/15 09:51:38 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\beth duciaome\My Documents\desktop.ini
[2008/10/15 08:24:10 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/13 22:18:12 | 00,000,572 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - beth duciaome.job
[2008/10/10 22:00:29 | 00,000,028 | ---- | M] () -- C:\WINDOWS\MotionSDSTUDIO.INI
[2008/10/10 12:53:44 | 00,179,152 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\dining seat.jpg
[2008/10/10 12:53:44 | 00,163,260 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Dining Chair.jpg
[2008/10/10 12:52:45 | 00,296,688 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\dining table 2.jpg
[2008/10/10 12:52:43 | 00,307,124 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\dining table 3.jpg
[2008/10/09 16:23:54 | 00,095,985 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Home Binder.pdf
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/09/30 19:02:50 | 02,012,421 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Unemployment ReAppeal.jpg
[2008/09/27 10:42:26 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP160 User Registration.LNK
[2008/09/27 10:05:57 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2008/09/27 10:05:33 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2008/09/27 10:01:01 | 00,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator 3.0.lnk
[2008/09/27 10:00:32 | 00,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP160 On-screen Manual.lnk
[2008/09/27 09:05:07 | 00,001,294 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Application Data\wklnhst.dat
[2008/09/18 19:59:47 | 00,042,590 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Pizza Crust.jpg
[2008/09/15 08:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/09/15 08:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/09/14 17:34:31 | 00,852,368 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\9-14-2008%205.jpg
[2008/09/12 23:21:45 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Unemployment facts for 91508.wps
[2008/09/12 10:57:03 | 00,149,292 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\Evan with puff on face.jpg
[2008/09/09 14:40:44 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\beth duciaome\My Documents\Vaccine Denial.wps
[2008/09/08 06:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/09/08 06:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/09/07 22:27:01 | 00,046,018 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\DuCiaome.docx
[2008/09/02 11:08:50 | 00,818,730 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\marinades2008%2Epdf.pdf
[2008/09/02 11:06:06 | 00,821,392 | ---- | M] () -- C:\Documents and Settings\beth duciaome\Desktop\chicken%20patties2008%2Epdf.pdf
[2008/08/29 13:26:54 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/08/29 13:26:54 | 00,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/08/29 13:26:54 | 00,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/08/29 13:26:54 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
< End of report >


Here is Extra.txt:
OTViewIt Extras logfile created on: 10/24/2008 9:14:39 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\beth duciaome\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 485.10 Mb Available Physical Memory | 50.61% Memory free
2.31 Gb Paging File | 1.96 Gb Available in Paging File | 84.90% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.96 Gb Total Space | 29.95 Gb Free Space | 48.33% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.09 Gb Free Space | 9.44% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC885314341208
Current User Name: beth duciaome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[2007/09/19 06:33:46 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008/03/06 12:40:06 | 00,689,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 20:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 18:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 01:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}"=Wireless Home Network Setup
"{0A8073F2-31C6-413B-BC79-5808352D651A}"=MotionSD STUDIO 1.2E
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160"=Canon MP160
"{13BCF6CB-2F54-4962-9B11-32F07048ACF3}"=HP User Guides 0031
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}"=CP_CalendarTemplates1
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}"=Adobe Media Player
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}"=Quicken 2006
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}"=ScanSoft OmniPage SE 4.0
"{2A548002-9042-4083-A270-B67473DE1073}"=SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.10 A2
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}"=Norton AntiVirus Help
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}"=OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}"=RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}"=Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}"=CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}"=cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}"=SonicAC3Encoder
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}"=cp_PosterPrintConfig
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}"=Macromedia Flash Player 8
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}"=LightScribe 1.4.97.1
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}"=Apple Software Update
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}"=CP_Package_Basic1
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}"=Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}"=cp_UpdateProjectsConfig
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}"=Macromedia Shockwave Player
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}"=OpenOffice.org 2.3
"{85309D89-7BE9-4094-BB17-24999C6118FC}"=ArcSoft PhotoStudio 5.5
"{869C3062-4745-4949-B6C9-98AF24D89030}"=PhotoGallery
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}"=
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}"=QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}"=CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}"=TourSetup
"{A662323E-163F-479C-AE60-05822DB1DA3C}"=SymNet
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}"=CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B16AF568-A644-483C-A6DA-5028CD019C8C}"=SonicMPEGEncoder
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}"=cp_OnlineProjectsConfig
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}"=HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}"=InterVideo FilterSDK for Panasonic
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}"=Vongo
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}"=muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}"=InstantShareDevices
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C"=Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016"=Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92"=SCRABBLE from Hewlett-Packard Laptops (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4"=GemMaster Mystic
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86"=Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549"=Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22"=Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD"=Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242"=Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E"=Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88"=Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB"=Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89"=FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71"=Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615"=Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51"=Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54"=Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86"=Blasterball 2 from Hewlett-Packard Laptops (remove only)
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"B0202B33-E73D-4FCD-AC88-0B2971AFC116"=Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008"=Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"C264D692-8E15-4141-96A2-5621332E5DD0"=Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"Canon MP160 User Registration"=Canon MP160 User Registration
"CanonMyPrinter"=Canon My Printer
"CNXT_HDAUDIO"=Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m"=Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows2.0"=Coupon Printer for Windows
"Coupon Printer for Windows4.0"=Coupon Printer for Windows
"D2E44AA4-8665-4490-A6C9-2D0744B47B27"=Polar Golfer from Hewlett-Packard Laptops (remove only)
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7"=Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B"=Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0"=Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2"=Crystal Maze from Hewlett-Packard Laptops (remove only)
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5"=Puzzle Express from Hewlett-Packard Laptops (remove only)
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE"=Flip Words from Hewlett-Packard Laptops (remove only)
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP Game Console"=HP Game Console and games
"HP Imaging Device Functions"=HP Imaging Device Functions 6.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.0
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2006b"=Microsoft Money 2006
"MP Navigator 3.0"=Canon MP Navigator 3.0
"NLOP"=NLOP
"NVIDIA Drivers"=NVIDIA Drivers
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus (Symantec Corporation)
"Virtools3DLifePlayer"=Virtools 3D Life Player
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2008 11:38:37 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application set1d.tmp, version 7.1.100.1248, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/17/2008 9:02:58 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9215.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2008 9:02:59 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9215.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2008 11:27:39 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 6.40.53.95, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000113a0.

Error - 10/17/2008 11:56:24 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 6.40.53.95, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2008 12:18:14 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application set57.tmp, version 7.1.100.1248, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/18/2008 12:18:43 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application set58.tmp, version 7.1.100.1248, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/22/2008 4:08:45 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2008 4:08:49 PM | Computer Name = PC885314341208 | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 10/23/2008 11:34:07 PM | Computer Name = PC885314341208 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module coupon~1.ocx, version 4.0.0.3, fault address 0x000034a6.

[ System Events ]
Error - 10/24/2008 8:29:41 PM | Computer Name = PC885314341208 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SPBBCDrv SRTSPX SYMTDI
Tcpip

Error - 10/24/2008 8:47:14 PM | Computer Name = PC885314341208 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/24/2008 8:47:18 PM | Computer Name = PC885314341208 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/24/2008 8:48:37 PM | Computer Name = PC885314341208 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 10/24/2008 8:48:37 PM | Computer Name = PC885314341208 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 10/24/2008 8:48:37 PM | Computer Name = PC885314341208 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 10/24/2008 8:48:37 PM | Computer Name = PC885314341208 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Distributed Transaction
Coordinator service which failed to start because of the following error: %%1068

Error - 10/24/2008 8:48:37 PM | Computer Name = PC885314341208 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068

Error - 10/24/2008 8:48:37 PM | Computer Name = PC885314341208 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/24/2008 8:48:37 PM | Computer Name = PC885314341208 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SPBBCDrv SRTSPX SYMTDI
Tcpip


< End of report >


Thank YOU!

Edited by Beth1, 24 October 2008 - 08:17 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:34 PM

Posted 25 October 2008 - 12:08 AM

Well done Beth. :thumbsup:
  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
  • Please run ATF Cleaner once more, make sure all the boxes are selected.

  • Coming to your question about the possible problem with mouse or keyboard. The following settings might differ depending on the mouse and keyboard and the related software you are using. Please find and adjust those in bold accordingly.
    Go to start > Control Panel there open the keyboard icon. Under Speed tab lower Repeat delay, Repeat rate and Cursor blink rate.
    Then open the mouse icon and lower the Cursor Speed.

    Let me know if this made a difference.

  • Please post also a Hijackthis log for a final check.


#15 Beth1

Beth1
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 25 October 2008 - 09:42 AM

The cursor is still jumping spots, maybe it is just my computer. Can I see if the Restore option is working?

Beth



Here is the Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:56 AM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MotionSD STUDIO - SD Browser auto start -.lnk = C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195321890984
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A609CB6E-FEB5-47C3-966C-1B916842BD01} (Nlopflash Class) - http://poker.nlop.com/poker/PokerCreations.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9392 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users