Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please this is new laptop i need help


  • This topic is locked This topic is locked
18 replies to this topic

#1 nightsjewel20

nightsjewel20

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 25 October 2008 - 10:34 PM

In the task bar i have 2 icons one is a triangle with and ! in it and a red circle with a x in it. I log onto the internet and i get so many popups that i cant control them but when i run Norton 360 and windows vista defender they all show that nothing is wrong with my pc. Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:12 PM, on 10/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Users\Whitehead Family\AppData\Roaming\Facegame\Facegame.exe
C:\Users\Whitehead Family\AppData\Roaming\Gool\Gool.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=ML6732
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=ML6732
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=ML6732
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {77ede90a-a419-c088-60e4-2bb5726a51bd} - {db15a627-5bb2-4e06-880c-914aa09ede77} - C:\Windows\system32\vkaaoy.dll
O2 - BHO: (no name) - {E310E602-5765-46AD-85A6-FE8142D04C7B} - C:\Windows\system32\vtUopNEU.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Transflo Notify] C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJBqomn.dll,#1
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\Windows\system32\drvrup.dll,startup
O4 - HKLM\..\Run: [2254813c] rundll32.exe "C:\Windows\system32\ckbcwhkd.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Facegame] "C:\Users\Whitehead Family\AppData\Roaming\Facegame\Facegame.exe" 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\WHITEH~1\AppData\Local\Temp\urqRLbcA.dll,#1
O4 - HKCU\..\Run: [Gool] "C:\Users\Whitehead Family\AppData\Roaming\Gool\Gool.exe"
O4 - HKCU\..\Run: [2254813c] rundll32.exe "C:\Windows\system32\ckbcwhkd.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tba...pointsSetup.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{66190A01-DD5B-46FF-8F33-4E9BB063DAAE}: NameServer = 66.174.95.44 69.78.96.14
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL vkaaoy.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TRANSFLO Client Agent Service (TRANSFLOClientAgentService) - Pegasus TransTech Corp. - c:\program files\pegasus transtech\transflo now\transflo.client.agent.exe

--
End of file - 9263 bytes

Please need to know how to clean this up please. Thx.

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:33 AM

Posted 25 October 2008 - 10:39 PM

Hello, nightsjewel20.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 nightsjewel20

nightsjewel20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 25 October 2008 - 10:46 PM

Thanx billy i hope you can help me with this i lost my home 3 months ago so this pc is my means to work. So thanx!

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:33 AM

Posted 25 October 2008 - 11:04 PM

Hello, nightsjewel20.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :processes
    explorer.exe
    rundll32.exe
    Gool.exe
    Facegame.exe
    FlashUtil9f.exe
    :files
    C:\Windows\system32\vkaaoy.dll
    C:\Windows\system32\vtUopNEU.dll
    C:\Windows\system32\ljJBqomn.dll
    C:\Windows\system32\drvrup.dll
    C:\Windows\system32\ckbcwhkd.dll
    C:\Users\Whitehead Family\AppData\Roaming\Facegame\Facegame.exe
    C:\Users\WHITEH~1\AppData\Local\Temp\urqRLbcA.dll
    C:\Users\Whitehead Family\AppData\Roaming\Gool\Gool.exe
    C:\Windows\system32\ckbcwhkd.dll
    C:\Program Files\iWin Games
    :REG
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ede90a-a419-c088-60e4-2bb5726a51bd}]
    [-HKEY_CLASSES_ROOT\CLSID\{77ede90a-a419-c088-60e4-2bb5726a51bd}]
    [-HKEY_CLASSES_ROOT\CLSID\{db15a627-5bb2-4e06-880c-914aa09ede77}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E310E602-5765-46AD-85A6-FE8142D04C7B}]
    [-HKEY_CLASSES_ROOT\CLSID\{E310E602-5765-46AD-85A6-FE8142D04C7B}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSServer"=-
    "MSDisp32"=-
    "2254813c"=-
    "Facegame"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSServer"=-
    "Gool"=-
    "2254813c"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
    :services
    iWinGamesInstaller
    :commands
    [EmptyTemp]
    [Purity]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 nightsjewel20

nightsjewel20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 26 October 2008 - 08:49 AM

Here is the First one, OTMoveIt3's Log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
Process rundll32.exe killed successfully.
Process Gool.exe killed successfully.
Process Facegame.exe killed successfully.
Unable to kill process: FlashUtil9f.exe
========== FILES ==========
DllUnregisterServer procedure not found in C:\Windows\system32\vkaaoy.dll
C:\Windows\system32\vkaaoy.dll NOT unregistered.
File move failed. C:\Windows\system32\vkaaoy.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\vtUopNEU.dll
C:\Windows\system32\vtUopNEU.dll NOT unregistered.
File move failed. C:\Windows\system32\vtUopNEU.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\ljJBqomn.dll
C:\Windows\system32\ljJBqomn.dll NOT unregistered.
File move failed. C:\Windows\system32\ljJBqomn.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\drvrup.dll
C:\Windows\system32\drvrup.dll NOT unregistered.
File move failed. C:\Windows\system32\drvrup.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\ckbcwhkd.dll
C:\Windows\system32\ckbcwhkd.dll NOT unregistered.
C:\Windows\system32\ckbcwhkd.dll moved successfully.
C:\Users\Whitehead Family\AppData\Roaming\Facegame\Facegame.exe moved successfully.
File/Folder C:\Users\WHITEH~1\AppData\Local\Temp\urqRLbcA.dll not found.
C:\Users\Whitehead Family\AppData\Roaming\Gool\Gool.exe moved successfully.
File/Folder C:\Windows\system32\ckbcwhkd.dll not found.
Folder move failed. C:\Program Files\iWin Games\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\pages scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ede90a-a419-c088-60e4-2bb5726a51bd}\\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{77ede90a-a419-c088-60e4-2bb5726a51bd}\\ not found.
Unable to delete registry key HKEY_CLASSES_ROOT\CLSID\{db15a627-5bb2-4e06-880c-914aa09ede77}\\ .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E310E602-5765-46AD-85A6-FE8142D04C7B}\\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{E310E602-5765-46AD-85A6-FE8142D04C7B}\\ not found.
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSServer .
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSDisp32 .
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\2254813c .
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Facegame not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSServer deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Gool deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\2254813c deleted successfully.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL":servicesiWinGamesInstaller:commands /E!

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_011203

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\Windows\system32\vkaaoy.dll
C:\Windows\system32\vkaaoy.dll NOT unregistered.
File move failed. C:\Windows\system32\vkaaoy.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\vtUopNEU.dll
C:\Windows\system32\vtUopNEU.dll NOT unregistered.
File move failed. C:\Windows\system32\vtUopNEU.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\ljJBqomn.dll
C:\Windows\system32\ljJBqomn.dll NOT unregistered.
File move failed. C:\Windows\system32\ljJBqomn.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\drvrup.dll
C:\Windows\system32\drvrup.dll NOT unregistered.
File move failed. C:\Windows\system32\drvrup.dll scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\pages scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\pages scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games scheduled to be moved on reboot.

OTViewIt.txt:

OTViewIt logfile created on: 10/26/2008 1:25:04 AM - Run 2
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Users\Whitehead Family\Desktop
Windows Vista An unknown product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 89.04% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.24 Gb Total Space | 261.98 Gb Free Space | 91.21% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 5.23 Gb Free Space | 48.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WHITEHEADFAM-PC
Current User Name: Whitehead Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== Processes ==========

[2008/01/20 21:23:42 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/20 21:23:44 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/01/20 21:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/01/20 21:24:44 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/01/20 21:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/20 21:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/12/10 23:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2007/02/12 15:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2008/10/19 19:09:02 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe
[2008/02/19 11:12:18 | 00,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2007/09/06 21:25:12 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
[2007/10/31 18:57:58 | 00,122,880 | ---- | M] (Pegasus TransTech Corp.) -- c:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Client.Agent.exe
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/02/21 17:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/08/13 15:15:25 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/02/28 13:57:54 | 00,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
[2007/10/31 18:58:46 | 00,196,608 | ---- | M] (Pegasus TransTech Corp.) -- C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
[2008/02/28 13:57:36 | 00,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
[2008/01/20 21:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2007/08/16 19:17:56 | 02,342,912 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
[2008/01/20 21:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/01/20 21:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008/01/20 21:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/08/13 15:15:25 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/01/20 21:24:49 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/01/20 21:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2008/04/28 19:44:46 | 01,738,032 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
[2008/01/20 21:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/01/20 21:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008/01/20 21:23:50 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/08/30 17:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/01/20 21:24:21 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
[2008/01/20 21:23:41 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2008/01/20 21:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/04/22 23:44:47 | 00,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\mcupdate.exe
[2008/05/27 00:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/05/27 00:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/10/26 01:21:48 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/12/10 23:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
[2008/01/20 21:24:45 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/21 17:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/20 21:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/08/22 03:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/20 21:23:41 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/20 21:24:35 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/20 21:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/20 21:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/05/05 17:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
[2008/08/13 15:15:25 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
[2008/01/20 21:24:55 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008/04/01 22:37:04 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/02/12 15:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2008/10/19 19:09:02 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller [Auto | Running])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
[2008/02/19 11:12:18 | 00,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device [Auto | Running])
[2008/07/16 18:58:36 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/20 21:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 05:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/20 21:24:06 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008/01/20 21:24:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/01/20 21:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/09/06 21:25:12 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV [Auto | Running])
[2008/10/25 08:15:33 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2007/10/31 18:57:58 | 00,122,880 | ---- | M] (Pegasus TransTech Corp.) -- c:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Client.Agent.exe -- (TRANSFLOClientAgentService [Auto | Running])
[2008/01/20 21:24:08 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/20 21:25:00 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2008/02/29 03:13:38 | 01,202,560 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2008/01/20 21:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2008/01/20 21:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/20 21:23:00 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008/01/20 21:23:53 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008/01/20 21:23:26 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/20 21:23:54 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2007/08/08 19:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
[2008/01/20 21:23:22 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2008/01/20 21:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/20 21:24:55 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/01 20:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/20 21:23:39 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/10/15 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/10/15 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/01/20 21:23:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev [Disabled | Stopped])
[2008/01/20 21:25:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/20 21:24:04 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/20 21:24:21 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/20 21:23:22 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/02 02:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/20 21:23:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 02:36:45 | 01,302,492 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2007/02/12 15:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2008/10/03 16:21:54 | 00,270,384 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081023.002\IDSvix86.sys -- (IDSvix86 [System | Running])
[2008/02/11 21:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/01/20 21:23:22 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/01/20 21:24:37 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/20 21:24:37 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2008/01/20 21:23:22 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2008/01/20 21:23:20 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/20 21:24:47 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/05/08 14:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/20 21:24:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2008/01/20 21:23:00 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Boot | Running])
[2008/01/20 21:23:21 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/20 21:24:26 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/19 21:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2008/10/15 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081025.020\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/10/15 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081025.020\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/11/02 02:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32 [On_Demand | Stopped])
[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/20 21:24:47 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/04 20:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/08/17 20:56:34 | 00,029,952 | ---- | M] (DEVGURU Co,LTD.) -- C:\Windows\System32\drivers\PTDMBus.sys -- (PTDMBus [On_Demand | Running])
[2007/08/17 20:56:38 | 00,041,856 | ---- | M] (DEVGURU Co,LTD.) -- C:\Windows\System32\drivers\PTDMMdm.sys -- (PTDMMdm [On_Demand | Running])
[2007/08/17 20:56:40 | 00,039,936 | ---- | M] (DEVGURU Co,LTD.) -- C:\Windows\System32\drivers\PTDMVsp.sys -- (PTDMVsp [On_Demand | Running])
[2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/20 21:23:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/20 21:25:05 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/20 21:24:50 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/20 21:24:37 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2008/05/02 07:59:40 | 00,122,368 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
[2008/02/20 14:14:22 | 00,292,352 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B [On_Demand | Running])
[2008/02/15 16:22:38 | 00,059,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR [On_Demand | Running])
[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/01/20 21:23:21 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [Disabled | Stopped])
[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/20 21:23:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2008/01/20 21:23:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/01/20 21:23:01 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2008/01/20 21:23:26 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/20 21:25:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/16 23:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/20 21:24:11 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/31 20:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/01/31 20:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 20:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/01/20 21:24:59 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/20 21:23:45 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/09/06 21:26:04 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2008/02/05 14:34:43 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/10/25 08:17:50 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/02/05 14:34:43 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/02/19 20:06:11 | 00,024,112 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM [System | Running])
[2008/02/05 14:34:43 | 00,041,008 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2008/02/05 14:34:43 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/02/05 14:34:43 | 00,188,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2007/04/26 04:38:40 | 00,186,680 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/01/20 21:23:43 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/20 21:24:53 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/20 21:24:59 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/20 21:24:25 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/20 21:24:25 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2008/01/20 21:23:22 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2008/01/20 21:23:01 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/20 21:23:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/20 21:23:02 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2008/01/20 21:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/20 21:24:27 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2008/01/20 21:23:24 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/20 21:23:51 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2008/01/20 21:23:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2008/01/20 21:24:47 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006/11/02 02:30:56 | 00,194,048 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Local Page"=http://www.iesearch.com/
"SearchAssistant"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=
"SearchDefaultBranded"=
"Start Page"=http://yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=
"SearchDefaultBranded"=
"Start Page"=http://yahoo.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
{6A9C7C61-CCC2-41E8-9D20-ADBE3A6BEFA0} (HKLM) -- C:\Windows\System32\vtUopNEU.dll ()
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{8CA5ED52-F3FB-4414-A105-2E3491156990} (HKLM) -- C:\Program Files\iWin Games\iWinGamesHookIE.dll ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{db15a627-5bb2-4e06-880c-914aa09ede77} (HKLM) -- C:\Windows\System32\vkaaoy.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2254813c"=rundll32.exe "C:\Windows\system32\ckbcwhkd.dll",b File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" (Lexmark International, Inc.)
"MSDisp32"=rundll32.exe C:\Windows\system32\drvrup.dll,startup ()
"MSServer"=rundll32.exe C:\Windows\system32\ljJBqomn.dll,#1 (Microsoft Corporation)
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
"Transflo Notify"=C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe (Pegasus TransTech Corp.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Facegame"="C:\Users\Whitehead Family\AppData\Roaming\Facegame\Facegame.exe" 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 File not found
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
"MSServer"=rundll32.exe C:\Users\WHITEH~1\AppData\Local\Temp\yayyVoml.dll,#1 File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Facegame"="C:\Users\Whitehead Family\AppData\Roaming\Facegame\Facegame.exe" 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 File not found
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
"MSServer"=rundll32.exe C:\Users\WHITEH~1\AppData\Local\Temp\yayyVoml.dll,#1 File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=255

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=255

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 03:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 03:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [2008/03/25 06:28:01 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 22:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{149E45D8-163E-4189-86FC-45022AB2B6C9}: file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx -- SpinTop DRM Control
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}: http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab -- Reg Error: Key does not exist or could not be opened.
{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}: http://www.infospace.com/mypoints.main/tba...pointsSetup.exe -- Reg Error: Key does not exist or could not be opened.
{6A060448-60F9-11D5-A6CD-0002B31F7455}: -- ExentInf Class
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{10DC4A68-55CB-492A-8C15-2CE56C92A163} (Servers: | Description: )
{9645605F-07D9-4962-A2D2-D0B7F8CBCC19} (Servers: | Description: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter)
{C797A633-D62B-43F0-8BA6-F7A1014BBA75} (Servers: | Description: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0))

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL vkaaoy.dll
>[2008/08/13 15:15:25 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2008/10/25 01:36:25 | 00,113,152 | ---- | M] () -- C:\Windows\System32\vkaaoy.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{10C08715-AD85-4FB5-BB96-A7F700AB2964}" (HKLM) -- C:\Windows\System32\ljJBqomn.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/20 21:24:37 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\Windows\system32\vtUopNEU,
>[2008/10/25 01:30:20 | 00,282,112 | ---- | M] () -- C:\Windows\System32\vtUopNEU.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/20 21:24:37 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 16:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 04:01:00 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/26 01:21:31 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTViewIt.exe
[2008/10/26 01:20:22 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTMoveIt3.exe
[2008/10/26 01:12:03 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/25 22:08:44 | 00,001,845 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\HijackThis.lnk
[2008/10/25 22:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/25 20:28:03 | 32,111,90272 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/25 19:43:58 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2008/10/25 19:43:58 | 00,015,464 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2008/10/25 19:43:55 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/25 19:37:48 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Roaming\Gool
[2008/10/25 08:18:50 | 00,001,725 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/10/25 08:15:45 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2008/10/25 08:13:11 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2008/10/25 08:12:51 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2008/10/25 07:57:31 | 00,001,586 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\Norton 360 2008 Setup.lnk
[2008/10/25 07:31:04 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ljJBqomn.dll
[2008/10/25 01:36:26 | 00,113,152 | ---- | C] () -- C:\Windows\System32\vkaaoy.dll
[2008/10/25 01:36:23 | 00,113,152 | ---- | C] () -- C:\Windows\System32\quxpempd.dll
[2008/10/25 01:35:50 | 01,425,842 | -HS- | C] () -- C:\Windows\System32\dkhwcbkc.ini
[2008/10/25 01:30:22 | 00,001,384 | -HS- | C] () -- C:\Windows\System32\UENpoUtv.ini2
[2008/10/25 01:30:22 | 00,001,384 | -HS- | C] () -- C:\Windows\System32\UENpoUtv.ini
[2008/10/25 01:30:12 | 00,282,112 | ---- | C] () -- C:\Windows\System32\vtUopNEU.dll
[2008/10/25 01:26:24 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Roaming\Facegame
[2008/10/25 01:25:55 | 00,019,456 | ---- | C] () -- C:\Windows\System32\drvrup.dll
[2008/10/25 01:25:55 | 00,000,145 | ---- | C] () -- C:\Windows\System32\winver.bat
[2008/10/25 01:25:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\124909
[2008/10/25 01:25:09 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efcCstTN.dll
[2008/10/25 01:17:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2008/10/21 22:52:56 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/21 13:18:05 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2008/10/20 13:51:20 | 00,008,352 | ---- | C] () -- C:\smschat.wav
[2008/10/19 23:17:34 | 00,001,790 | ---- | C] () -- C:\Users\Public\Desktop\ Cake Shop.lnk
[2008/10/19 19:34:47 | 00,001,832 | ---- | C] () -- C:\Users\Public\Desktop\Supermarket Mania.lnk
[2008/10/19 19:06:25 | 00,000,174 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\More SpinTop Games.url
[2008/10/19 15:54:02 | 00,037,033 | ---- | C] () -- C:\Windows\FRGT.ico
[2008/10/19 15:54:02 | 00,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2008/10/19 15:54:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2008/10/16 09:09:21 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/10/16 09:09:19 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/10/16 09:09:19 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/10/16 09:09:18 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/10/16 09:09:18 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/10/16 09:09:18 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/10/16 09:09:17 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/10/16 09:09:17 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/10/16 08:36:56 | 03,601,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/10/16 08:36:56 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/10/16 08:08:43 | 00,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2008/10/16 08:08:43 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2008/10/16 07:50:38 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2008/10/15 22:00:25 | 02,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/10/15 19:32:42 | 00,011,776 | ---- | C] (Beuger Enterprises, Inc.) -- C:\Windows\System32\TypeItIn28.dll
[2008/10/15 19:26:42 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Local\craigslist
[2008/10/13 16:34:12 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\Desktop\ALL ACCESS
[2008/10/12 13:05:13 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Local\oDesk
[2008/10/10 11:26:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Microgaming
[2008/10/10 11:26:05 | 00,000,000 | ---D | C] -- C:\ProgramData\MGS
[2008/10/09 17:06:06 | 00,014,336 | ---- | C] () -- C:\Users\Whitehead Family\Documents\alina route profile.wps
[2008/10/09 17:05:59 | 00,068,555 | ---- | C] () -- C:\Users\Whitehead Family\Documents\Profiles2.rtf
[2008/10/09 14:55:26 | 00,058,880 | ---- | C] () -- C:\Users\Whitehead Family\Documents\Profiles.doc
[2008/10/09 14:53:14 | 00,005,660 | ---- | C] () -- C:\Users\Whitehead Family\Documents\Additional Training.rtf
[2008/10/09 11:55:39 | 00,017,462 | ---- | C] () -- C:\Users\Whitehead Family\Documents\alina.bmp
[2008/10/07 13:53:11 | 03,620,930 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\mtmchat.exe
[2008/10/05 22:12:34 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Roaming\Hoyle Casino
[2008/10/05 15:18:01 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\Documents\LimeWire
[2008/10/04 12:56:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Fashion Solitaire 1.2
[2008/10/04 09:32:45 | 00,656,761 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\ID & SSN.jpg
[2008/09/30 13:02:34 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Roaming\Hoyle Card Games

========== Files - Modified Within 30 Days ==========

[2008/10/26 01:21:48 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTViewIt.exe
[2008/10/26 01:20:41 | 00,604,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/10/26 01:20:41 | 00,105,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/10/26 01:20:40 | 00,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/10/26 01:20:36 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTMoveIt3.exe
[2008/10/26 01:14:19 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/10/26 01:14:19 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/10/26 01:14:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/10/26 01:13:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/10/26 01:13:50 | 32,111,90272 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/25 22:08:44 | 00,001,845 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\HijackThis.lnk
[2008/10/25 21:34:10 | 03,626,500 | -H-- | M] () -- C:\Users\Whitehead Family\AppData\Local\IconCache.db
[2008/10/25 20:22:55 | 32,902,9773 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008/10/25 08:18:50 | 00,001,725 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/10/25 08:17:50 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2008/10/25 08:17:50 | 00,010,563 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2008/10/25 08:17:50 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2008/10/25 08:10:02 | 00,001,384 | -HS- | M] () -- C:\Windows\System32\UENpoUtv.ini
[2008/10/25 08:07:24 | 00,001,384 | -HS- | M] () -- C:\Windows\System32\UENpoUtv.ini2
[2008/10/25 07:57:31 | 00,001,586 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\Norton 360 2008 Setup.lnk
[2008/10/25 07:32:08 | 00,000,169 | ---- | M] () -- C:\Windows\win.ini
[2008/10/25 07:30:22 | 00,293,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/10/25 01:36:25 | 00,113,152 | ---- | M] () -- C:\Windows\System32\vkaaoy.dll
[2008/10/25 01:36:25 | 00,113,152 | ---- | M] () -- C:\Windows\System32\quxpempd.dll
[2008/10/25 01:35:55 | 01,425,842 | -HS- | M] () -- C:\Windows\System32\dkhwcbkc.ini
[2008/10/25 01:30:20 | 00,282,112 | ---- | M] () -- C:\Windows\System32\vtUopNEU.dll
[2008/10/25 01:25:55 | 00,019,456 | ---- | M] () -- C:\Windows\System32\drvrup.dll
[2008/10/25 01:25:55 | 00,000,145 | ---- | M] () -- C:\Windows\System32\winver.bat
[2008/10/25 01:25:09 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ljJBqomn.dll
[2008/10/25 01:25:09 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efcCstTN.dll
[2008/10/21 22:52:56 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/20 13:51:20 | 00,008,352 | ---- | M] () -- C:\smschat.wav
[2008/10/19 23:17:34 | 00,001,790 | ---- | M] () -- C:\Users\Public\Desktop\ Cake Shop.lnk
[2008/10/19 19:34:47 | 00,001,832 | ---- | M] () -- C:\Users\Public\Desktop\Supermarket Mania.lnk
[2008/10/19 19:06:25 | 00,000,174 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\More SpinTop Games.url
[2008/10/19 15:54:02 | 00,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2008/10/18 09:59:14 | 00,002,016 | ---- | M] () -- C:\Users\Whitehead Family\AppData\Roaming\wklnhst.dat
[2008/10/10 21:37:39 | 00,000,781 | ---- | M] () -- C:\Users\Whitehead Family\Documents\My Sharing Folders.lnk
[2008/10/09 17:06:12 | 00,014,336 | ---- | M] () -- C:\Users\Whitehead Family\Documents\alina route profile.wps
[2008/10/09 17:06:10 | 00,068,555 | ---- | M] () -- C:\Users\Whitehead Family\Documents\Profiles2.rtf
[2008/10/09 14:55:31 | 00,058,880 | ---- | M] () -- C:\Users\Whitehead Family\Documents\Profiles.doc
[2008/10/09 14:53:17 | 00,005,660 | ---- | M] () -- C:\Users\Whitehead Family\Documents\Additional Training.rtf
[2008/10/09 11:55:39 | 00,017,462 | ---- | M] () -- C:\Users\Whitehead Family\Documents\alina.bmp
[2008/10/07 14:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2008/10/07 13:53:20 | 03,620,930 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\mtmchat.exe
[2008/10/04 09:32:46 | 00,656,761 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\ID & SSN.jpg
[2008/10/01 22:49:19 | 01,166,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/10/01 22:49:19 | 00,827,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/10/01 22:49:16 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/10/01 22:49:15 | 03,578,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/10/01 22:49:14 | 06,068,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/10/01 22:49:14 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/10/01 22:49:14 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/10/01 20:32:38 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
< End of report >

Extra.txt:

OTViewIt Extras logfile created on: 10/26/2008 1:31:47 AM - Run 4
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Users\Whitehead Family\Desktop
Windows Vista An unknown product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 89.18% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.24 Gb Total Space | 261.96 Gb Free Space | 91.20% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 5.23 Gb Free Space | 48.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WHITEHEADFAM-PC
Current User Name: Whitehead Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 7 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-544475780-3865938551-3954877077-1000]
"EnableNotifications"=0
"EnableNotificationsRef"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 15:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/06/07 10:30:54 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 23:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Cake Shop"= Cake Shop (remove only)
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}"=REALTEK USB Wireless LAN Driver
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}"=IDT Audio
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}"=Backup
"{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}"=BigFix
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go 5.0
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}"=Norton 360
"{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}"=Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}"=Gateway Recovery Center Installer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}"=Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}"=Adobe Flash Player 9 ActiveX
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B21F265E-96AB-4A11-9CC3-57B22B28B825}_is1"=TRANSFLO Now!™ 1.1
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B29B0066-547B-402c-9C0D-090E2F928A01}"=PANTECH PC USB Modem Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DC24971E-1946-445D-8A82-CE685433FA7D}"=Realtek USB 2.0 Card Reader
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}"=Gateway Connect
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}"=Hoyle Puzzle and Board Games
"1713EFD0409BCDF53DED33020E5FE8E4FB97BA41"=Windows Driver Package - Intel (NETw2v32) net (03/06/2007 9.1.1.15)
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Agere Systems Soft Modem"=Agere Systems HDA Modem
"FE1C1D7936737A38BEF487FE955502FC00778EF5"=Windows Driver Package - Intel (NETw4v32) net (03/13/2008 11.5.1.15)
"Foxit PDF Creator"=Foxit PDF Creator
"Foxit Reader"=Foxit Reader
"Google Desktop"=Google Desktop
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"InterActual Player"=InterActual Player
"iWinArcade"=iWin Games (remove only)
"Jojos Fashion Show"=Jojos Fashion Show (remove only)
"JoJo's Fashion Show 2 - Las Cruces"=JoJo's Fashion Show 2 - Las Cruces
"Lexmark X1100 Series"=Lexmark X1100 Series
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2007b"=Microsoft Money Essentials
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"RealArcade"=RealArcade
"Supermarket Mania"=Supermarket Mania (remove only)
"Supple"=Supple (remove only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"VZAccess Manager"=VZAccess Manager
"WildTangent gateway Master Uninstall"=Gateway Games
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2008 8:59:56 PM | Computer Name = WhiteheadFam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2008 8:59:58 PM | Computer Name = WhiteheadFam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2008 8:59:58 PM | Computer Name = WhiteheadFam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2008 9:00:00 PM | Computer Name = WhiteheadFam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2008 9:00:00 PM | Computer Name = WhiteheadFam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2008 9:00:03 PM | Computer Name = WhiteheadFam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2008 9:00:03 PM | Computer Name = WhiteheadFam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2008 9:23:32 PM | Computer Name = WhiteheadFam-PC | Source = EventSystem | ID = 4609
Description =

Error - 10/25/2008 9:24:10 PM | Computer Name = WhiteheadFam-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/25/2008 9:28:47 PM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> ServiceQueuedMainCallback -> OnStart -> OnStart -> Start -> StartTasks
-> Start -> Load -> BeginSession -> BeginSession

[ Media Center Events ]
Error - 8/28/2008 12:27:03 PM | Computer Name = WhiteheadFam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/23/2008 8:18:54 PM | Computer Name = WhiteheadFam-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 721
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/17/2008 10:10:02 PM | Computer Name = WhiteheadFam-PC | Source = DCOM | ID = 10005
Description =

Error - 9/17/2008 10:10:02 PM | Computer Name = WhiteheadFam-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/17/2008 10:10:02 PM | Computer Name = WhiteheadFam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2008 10:16:13 PM | Computer Name = WhiteheadFam-PC | Source = HTTP | ID = 15016
Description =

Error - 9/17/2008 10:16:47 PM | Computer Name = WhiteheadFam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2008 10:20:28 PM | Computer Name = WhiteheadFam-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 9/18/2008 11:08:16 AM | Computer Name = WhiteheadFam-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 9/18/2008 1:38:10 PM | Computer Name = WhiteheadFam-PC | Source = netbt | ID = 4321
Description = The name "WHITEHEADFAM-PC:0" could not be registered on the interface
with IP address 169.254.52.45. The computer with the IP address 172.30.7.155 did
not allow the name to be claimed by this computer.

Error - 9/18/2008 1:38:10 PM | Computer Name = WhiteheadFam-PC | Source = netbt | ID = 4321
Description = The name "WHITEHEADFAM-PC:0" could not be registered on the interface
with IP address 169.254.52.45. The computer with the IP address 172.30.7.155 did
not allow the name to be claimed by this computer.

Error - 9/19/2008 12:44:49 AM | Computer Name = WhiteheadFam-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:33 AM

Posted 26 October 2008 - 09:44 PM

Hello, nightsjewel20.
Alright... let's try this one more time...

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :processes
    iWinGamesInstaller.exe
    explorer.exe
    notepad.exe
    rundll32.exe
    wininit.exe
    taskeng.exe
    :services
    iWinGamesInstaller
    :files
    C:\Program Files\iWin Games
    C:\Windows\System32\vtUopNEU.dll
    C:\Windows\System32\vkaaoy.dll
    C:\Windows\system32\ckbcwhkd.dll
    C:\Windows\system32\ljJBqomn.dll
    C:\Windows\system32\drvrup.dll
    C:\Users\Whitehead Family\AppData\Roaming\Facegame
    C:\Users\WHITEH~1\AppData\Local\Temp\yayyVoml.dll
    C:\Windows\System32\vkaaoy.dll
    C:\Windows\System32\vtUopNEU.dll
    C:\Users\Whitehead Family\AppData\Roaming\Gool
    C:\Windows\System32\ljJBqomn.dll
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A9C7C61-CCC2-41E8-9D20-ADBE3A6BEFA0}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db15a627-5bb2-4e06-880c-914aa09ede77}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "2254813c"=-
    "MSDisp32"=-
    "MSServer"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facegame"=-
    "MSServer"=-
    [HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facegame"=-
    MSServer"=-
    .[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145
    "_NoDriveTypeAutoRun"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
    :files
    C:\Windows\System32\vkaaoy.dll
    C:\Windows\System32\quxpempd.dll
    C:\Windows\System32\dkhwcbkc.ini
    C:\Windows\System32\UENpoUtv.ini2
    C:\Windows\System32\UENpoUtv.ini
    C:\Windows\System32\vtUopNEU.dll
    C:\Windows\System32\drvrup.dll
    C:\Windows\System32\winver.bat
    C:\Windows\System32\efcCstTN.dll
    C:\smschat.wav
    C:\Users\Public\Desktop\ Cake Shop.lnk
    C:\Users\Public\Desktop\Supermarket Mania.lnk
    C:\Users\Whitehead Family\Desktop\More SpinTop Games.url
    C:\Windows\FRGT.ico
    C:\Windows\GPlrLanc.dat
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    C:\Windows\System32\UENpoUtv.ini
    C:\Windows\System32\UENpoUtv.ini2
    C:\Windows\System32\vkaaoy.dll
    C:\Windows\System32\quxpempd.dll
    C:\Windows\System32\dkhwcbkc.ini
    C:\Windows\System32\vtUopNEU.dll
    C:\Windows\System32\drvrup.dll
    C:\Windows\System32\winver.bat
    C:\Windows\System32\ljJBqomn.dll
    C:\Windows\System32\efcCstTN.dll
    C:\Users\Whitehead Family\AppData\Roaming\Facegame
    C:\Windows\System32\124909
    C:\ProgramData\Trymedia
    C:\ProgramData\Free Ride Games
    C:\Users\Whitehead Family\AppData\Local\craigslist
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New HiJack This log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

Billy3

Edited by Billy O'Neal, 26 October 2008 - 09:45 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 nightsjewel20

nightsjewel20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 27 October 2008 - 12:14 PM

Here Ya go:
How is it looking so far billy?
Also i am not getting as many popups when i get online but the two icons in my taskbar are still there and the windows security alert thing still popsup.
Hope this helps.

OTMoveIt3's Log:

Files moved on Reboot...
Folder move failed. C:\Program Files\iWin Games\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\pages scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\pages scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games\firefox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\iWin Games scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\vtUopNEU.dll
C:\Windows\System32\vtUopNEU.dll NOT unregistered.
File move failed. C:\Windows\System32\vtUopNEU.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\vkaaoy.dll
C:\Windows\System32\vkaaoy.dll NOT unregistered.
File move failed. C:\Windows\System32\vkaaoy.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\ljJBqomn.dll
C:\Windows\system32\ljJBqomn.dll NOT unregistered.
File move failed. C:\Windows\system32\ljJBqomn.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\drvrup.dll
C:\Windows\system32\drvrup.dll NOT unregistered.
File move failed. C:\Windows\system32\drvrup.dll scheduled to be moved on reboot.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:12 AM, on 10/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=ML6732
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=ML6732
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=ML6732
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {A1C2F1FD-E1BD-45DF-A3FD-3372EFDC2111} - C:\Windows\system32\vtUopNEU.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {77ede90a-a419-c088-60e4-2bb5726a51bd} - {db15a627-5bb2-4e06-880c-914aa09ede77} - C:\Windows\system32\vkaaoy.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Transflo Notify] C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJBqomn.dll,#1
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\Windows\system32\drvrup.dll,startup
O4 - HKLM\..\Run: [2254813c] rundll32.exe "C:\Windows\system32\ckbcwhkd.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\WHITEH~1\AppData\Local\Temp\urqNEXqn.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tba...pointsSetup.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{66190A01-DD5B-46FF-8F33-4E9BB063DAAE}: NameServer = 69.78.96.14 66.174.95.44
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL vkaaoy.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TRANSFLO Client Agent Service (TRANSFLOClientAgentService) - Pegasus TransTech Corp. - c:\program files\pegasus transtech\transflo now\transflo.client.agent.exe

--
End of file - 8748 bytes




OTViewIt logfile created on: 10/27/2008 11:50:05 AM - Run 7
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Users\Whitehead Family\Desktop
Windows Vista An unknown product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 91.94% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.24 Gb Total Space | 261.84 Gb Free Space | 91.16% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 5.23 Gb Free Space | 48.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WHITEHEADFAM-PC
Current User Name: Whitehead Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== Processes ==========

[2008/01/20 21:23:42 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/20 21:23:44 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/01/20 21:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/01/20 21:24:44 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/01/20 21:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/20 21:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/12/10 23:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2007/02/12 15:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2008/10/19 19:09:02 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe
[2008/02/19 11:12:18 | 00,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2007/09/06 21:25:12 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
[2007/10/31 18:57:58 | 00,122,880 | ---- | M] (Pegasus TransTech Corp.) -- c:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Client.Agent.exe
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/02/21 17:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/08/13 15:15:25 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/02/28 13:57:54 | 00,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
[2007/10/31 18:58:46 | 00,196,608 | ---- | M] (Pegasus TransTech Corp.) -- C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe
[2008/01/20 21:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2007/08/16 19:17:56 | 02,342,912 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/01/20 21:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008/02/28 13:57:36 | 00,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
[2008/01/20 21:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/01/20 21:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/08/13 15:15:25 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2007/08/30 17:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/01/20 21:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/04/28 19:44:46 | 01,738,032 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
[2008/01/20 21:24:49 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/01/20 21:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2008/01/20 21:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008/01/20 21:23:50 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/01/20 21:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
[2008/10/26 01:21:48 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/12/10 23:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
[2008/01/20 21:24:45 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/21 17:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/20 21:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/08/22 03:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/20 21:23:41 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/20 21:24:35 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/20 21:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/20 21:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/05/05 17:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
[2008/08/13 15:15:25 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
[2008/01/20 21:24:55 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008/04/01 22:37:04 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/02/12 15:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2008/10/19 19:09:02 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller [Auto | Running])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/02/18 14:37:20 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
[2008/02/19 11:12:18 | 00,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device [Auto | Running])
[2008/07/16 18:58:36 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/20 21:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 05:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/20 21:24:06 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008/01/20 21:24:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/01/20 21:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/09/06 21:25:12 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV [Auto | Running])
[2008/10/25 08:15:33 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2007/10/31 18:57:58 | 00,122,880 | ---- | M] (Pegasus TransTech Corp.) -- c:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Client.Agent.exe -- (TRANSFLOClientAgentService [Auto | Running])
[2008/01/20 21:24:08 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/20 21:25:00 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2008/02/29 03:13:38 | 01,202,560 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2008/01/20 21:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2008/01/20 21:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/20 21:23:00 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008/01/20 21:23:53 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008/01/20 21:23:26 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/20 21:23:54 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2007/08/08 19:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
[2008/01/20 21:23:22 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2008/01/20 21:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/20 21:24:55 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/01 20:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/20 21:23:39 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/10/15 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/10/15 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/01/20 21:23:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev [Disabled | Stopped])
[2008/01/20 21:25:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/20 21:24:04 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/20 21:24:21 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/20 21:23:22 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/02 02:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/20 21:23:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 02:36:45 | 01,302,492 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2007/02/12 15:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2008/10/03 16:21:54 | 00,270,384 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081023.002\IDSvix86.sys -- (IDSvix86 [System | Running])
[2008/02/11 21:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/01/20 21:23:22 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/01/20 21:24:37 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/20 21:24:37 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2008/01/20 21:23:22 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2008/01/20 21:23:20 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/20 21:24:47 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/05/08 14:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/20 21:24:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2008/01/20 21:23:00 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Boot | Running])
[2008/01/20 21:23:21 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/20 21:24:26 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/19 21:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2008/10/15 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081027.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/10/15 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081027.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/11/02 02:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32 [On_Demand | Stopped])
[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/20 21:24:47 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/04 20:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/08/17 20:56:34 | 00,029,952 | ---- | M] (DEVGURU Co,LTD.) -- C:\Windows\System32\drivers\PTDMBus.sys -- (PTDMBus [On_Demand | Running])
[2007/08/17 20:56:38 | 00,041,856 | ---- | M] (DEVGURU Co,LTD.) -- C:\Windows\System32\drivers\PTDMMdm.sys -- (PTDMMdm [On_Demand | Running])
[2007/08/17 20:56:40 | 00,039,936 | ---- | M] (DEVGURU Co,LTD.) -- C:\Windows\System32\drivers\PTDMVsp.sys -- (PTDMVsp [On_Demand | Running])
[2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/20 21:23:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/20 21:25:05 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/20 21:24:50 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/20 21:24:37 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2008/05/02 07:59:40 | 00,122,368 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
[2008/02/20 14:14:22 | 00,292,352 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B [On_Demand | Running])
[2008/02/15 16:22:38 | 00,059,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR [On_Demand | Running])
[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/01/20 21:23:21 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [Disabled | Stopped])
[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/20 21:23:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2008/01/20 21:23:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/01/20 21:23:01 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2008/01/20 21:23:26 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/20 21:25:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/16 23:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/20 21:24:11 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/31 20:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/01/31 20:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 20:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/01/20 21:24:59 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/20 21:23:45 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/09/06 21:26:04 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2008/02/05 14:34:43 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/10/25 08:17:50 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/02/05 14:34:43 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/02/19 20:06:11 | 00,024,112 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM [System | Running])
[2008/02/05 14:34:43 | 00,041,008 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2008/02/05 14:34:43 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/02/05 14:34:43 | 00,188,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2007/04/26 04:38:40 | 00,186,680 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/01/20 21:23:43 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/20 21:24:53 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/20 21:24:59 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/20 21:24:25 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/20 21:24:25 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2008/01/20 21:23:22 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2008/01/20 21:23:01 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/20 21:23:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/20 21:23:02 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2008/01/20 21:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/20 21:23:01 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/20 21:24:27 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2008/01/20 21:23:24 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/20 21:23:51 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2008/01/20 21:23:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2008/01/20 21:24:47 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006/11/02 02:30:56 | 00,194,048 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Local Page"=http://www.iesearch.com/
"SearchAssistant"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=
"SearchDefaultBranded"=
"Start Page"=http://yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=
"SearchDefaultBranded"=
"Start Page"=http://yahoo.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{8CA5ED52-F3FB-4414-A105-2E3491156990} (HKLM) -- C:\Program Files\iWin Games\iWinGamesHookIE.dll ()
{A1C2F1FD-E1BD-45DF-A3FD-3372EFDC2111} (HKLM) -- C:\Windows\System32\vtUopNEU.dll ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{db15a627-5bb2-4e06-880c-914aa09ede77} (HKLM) -- C:\Windows\System32\vkaaoy.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2254813c"=rundll32.exe "C:\Windows\system32\ckbcwhkd.dll",b File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" (Lexmark International, Inc.)
"MSDisp32"=rundll32.exe C:\Windows\system32\drvrup.dll,startup ()
"MSServer"=rundll32.exe C:\Windows\system32\ljJBqomn.dll,#1 (Microsoft Corporation)
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
"Transflo Notify"=C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe (Pegasus TransTech Corp.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
"MSServer"=rundll32.exe C:\Users\WHITEH~1\AppData\Local\Temp\urqNEXqn.dll,#1 File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
"MSServer"=rundll32.exe C:\Users\WHITEH~1\AppData\Local\Temp\urqNEXqn.dll,#1 File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=255

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=255

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 03:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 03:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [2008/03/25 06:28:01 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 22:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-544475780-3865938551-3954877077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{149E45D8-163E-4189-86FC-45022AB2B6C9}: file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx -- SpinTop DRM Control
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}: http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab -- Reg Error: Key does not exist or could not be opened.
{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}: http://www.infospace.com/mypoints.main/tba...pointsSetup.exe -- Reg Error: Key does not exist or could not be opened.
{6A060448-60F9-11D5-A6CD-0002B31F7455}: -- ExentInf Class
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{10DC4A68-55CB-492A-8C15-2CE56C92A163} (Servers: | Description: )
{9645605F-07D9-4962-A2D2-D0B7F8CBCC19} (Servers: | Description: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter)
{C797A633-D62B-43F0-8BA6-F7A1014BBA75} (Servers: | Description: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0))

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL vkaaoy.dll
>[2008/08/13 15:15:25 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2008/10/25 01:36:25 | 00,113,152 | ---- | M] () -- C:\Windows\System32\vkaaoy.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{10C08715-AD85-4FB5-BB96-A7F700AB2964}" (HKLM) -- C:\Windows\System32\ljJBqomn.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/20 21:24:37 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\Windows\system32\vtUopNEU,
>[2008/10/25 01:30:20 | 00,282,112 | ---- | M] () -- C:\Windows\System32\vtUopNEU.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/20 21:24:37 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 16:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 04:01:00 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/26 01:21:31 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTViewIt.exe
[2008/10/26 01:20:22 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTMoveIt3.exe
[2008/10/26 01:12:03 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/25 22:08:44 | 00,001,845 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\HijackThis.lnk
[2008/10/25 22:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/25 20:28:03 | 32,091,21792 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/25 19:43:58 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2008/10/25 19:43:58 | 00,015,464 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2008/10/25 19:43:55 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/25 08:18:50 | 00,001,725 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/10/25 08:15:45 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2008/10/25 08:13:11 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2008/10/25 08:12:51 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2008/10/25 07:57:31 | 00,001,586 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\Norton 360 2008 Setup.lnk
[2008/10/25 07:31:04 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ljJBqomn.dll
[2008/10/25 01:36:26 | 00,113,152 | ---- | C] () -- C:\Windows\System32\vkaaoy.dll
[2008/10/25 01:36:23 | 00,113,152 | ---- | C] () -- C:\Windows\System32\quxpempd.dll
[2008/10/25 01:35:50 | 01,425,842 | -HS- | C] () -- C:\Windows\System32\dkhwcbkc.ini
[2008/10/25 01:30:22 | 00,001,384 | -HS- | C] () -- C:\Windows\System32\UENpoUtv.ini2
[2008/10/25 01:30:22 | 00,001,384 | -HS- | C] () -- C:\Windows\System32\UENpoUtv.ini
[2008/10/25 01:30:12 | 00,282,112 | ---- | C] () -- C:\Windows\System32\vtUopNEU.dll
[2008/10/25 01:25:55 | 00,019,456 | ---- | C] () -- C:\Windows\System32\drvrup.dll
[2008/10/25 01:25:55 | 00,000,145 | ---- | C] () -- C:\Windows\System32\winver.bat
[2008/10/25 01:25:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\124909
[2008/10/25 01:25:09 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efcCstTN.dll
[2008/10/25 01:17:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2008/10/21 22:52:56 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/21 13:18:05 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2008/10/20 13:51:20 | 00,008,352 | ---- | C] () -- C:\smschat.wav
[2008/10/19 23:17:34 | 00,001,790 | ---- | C] () -- C:\Users\Public\Desktop\ Cake Shop.lnk
[2008/10/19 19:34:47 | 00,001,832 | ---- | C] () -- C:\Users\Public\Desktop\Supermarket Mania.lnk
[2008/10/19 19:06:25 | 00,000,174 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\More SpinTop Games.url
[2008/10/19 15:54:02 | 00,037,033 | ---- | C] () -- C:\Windows\FRGT.ico
[2008/10/19 15:54:02 | 00,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2008/10/19 15:54:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2008/10/16 09:09:21 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/10/16 09:09:19 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/10/16 09:09:19 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/10/16 09:09:18 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/10/16 09:09:18 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/10/16 09:09:18 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/10/16 09:09:17 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/10/16 09:09:17 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/10/16 08:36:56 | 03,601,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/10/16 08:36:56 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/10/16 08:08:43 | 00,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2008/10/16 08:08:43 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2008/10/16 07:50:38 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2008/10/15 22:00:25 | 02,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/10/15 19:32:42 | 00,011,776 | ---- | C] (Beuger Enterprises, Inc.) -- C:\Windows\System32\TypeItIn28.dll
[2008/10/15 19:26:42 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Local\craigslist
[2008/10/13 16:34:12 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\Desktop\ALL ACCESS
[2008/10/12 13:05:13 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Local\oDesk
[2008/10/10 11:26:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Microgaming
[2008/10/10 11:26:05 | 00,000,000 | ---D | C] -- C:\ProgramData\MGS
[2008/10/09 17:06:06 | 00,014,336 | ---- | C] () -- C:\Users\Whitehead Family\Documents\alina route profile.wps
[2008/10/09 17:05:59 | 00,068,555 | ---- | C] () -- C:\Users\Whitehead Family\Documents\Profiles2.rtf
[2008/10/09 14:55:26 | 00,058,880 | ---- | C] () -- C:\Users\Whitehead Family\Documents\Profiles.doc
[2008/10/09 14:53:14 | 00,005,660 | ---- | C] () -- C:\Users\Whitehead Family\Documents\Additional Training.rtf
[2008/10/09 11:55:39 | 00,017,462 | ---- | C] () -- C:\Users\Whitehead Family\Documents\alina.bmp
[2008/10/07 13:53:11 | 03,620,930 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\mtmchat.exe
[2008/10/05 22:12:34 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Roaming\Hoyle Casino
[2008/10/05 15:18:01 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\Documents\LimeWire
[2008/10/04 12:56:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Fashion Solitaire 1.2
[2008/10/04 09:32:45 | 00,656,761 | ---- | C] () -- C:\Users\Whitehead Family\Desktop\ID & SSN.jpg
[2008/09/30 13:02:34 | 00,000,000 | ---D | C] -- C:\Users\Whitehead Family\AppData\Roaming\Hoyle Card Games

========== Files - Modified Within 30 Days ==========

[2008/10/27 11:32:31 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTMoveIt3.exe
[2008/10/27 11:32:04 | 00,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/10/27 11:32:04 | 00,604,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/10/27 11:32:04 | 00,105,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/10/27 11:25:24 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/10/27 11:25:24 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/10/27 11:25:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/10/27 11:25:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/10/27 11:25:01 | 32,091,21792 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/26 01:21:48 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Users\Whitehead Family\Desktop\OTViewIt.exe
[2008/10/25 22:08:44 | 00,001,845 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\HijackThis.lnk
[2008/10/25 21:34:10 | 03,626,500 | -H-- | M] () -- C:\Users\Whitehead Family\AppData\Local\IconCache.db
[2008/10/25 20:22:55 | 32,902,9773 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008/10/25 08:18:50 | 00,001,725 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/10/25 08:17:50 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2008/10/25 08:17:50 | 00,010,563 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2008/10/25 08:17:50 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2008/10/25 08:10:02 | 00,001,384 | -HS- | M] () -- C:\Windows\System32\UENpoUtv.ini
[2008/10/25 08:07:24 | 00,001,384 | -HS- | M] () -- C:\Windows\System32\UENpoUtv.ini2
[2008/10/25 07:57:31 | 00,001,586 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\Norton 360 2008 Setup.lnk
[2008/10/25 07:32:08 | 00,000,169 | ---- | M] () -- C:\Windows\win.ini
[2008/10/25 07:30:22 | 00,293,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/10/25 01:36:25 | 00,113,152 | ---- | M] () -- C:\Windows\System32\vkaaoy.dll
[2008/10/25 01:36:25 | 00,113,152 | ---- | M] () -- C:\Windows\System32\quxpempd.dll
[2008/10/25 01:35:55 | 01,425,842 | -HS- | M] () -- C:\Windows\System32\dkhwcbkc.ini
[2008/10/25 01:30:20 | 00,282,112 | ---- | M] () -- C:\Windows\System32\vtUopNEU.dll
[2008/10/25 01:25:55 | 00,019,456 | ---- | M] () -- C:\Windows\System32\drvrup.dll
[2008/10/25 01:25:55 | 00,000,145 | ---- | M] () -- C:\Windows\System32\winver.bat
[2008/10/25 01:25:09 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ljJBqomn.dll
[2008/10/25 01:25:09 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efcCstTN.dll
[2008/10/21 22:52:56 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/20 13:51:20 | 00,008,352 | ---- | M] () -- C:\smschat.wav
[2008/10/19 23:17:34 | 00,001,790 | ---- | M] () -- C:\Users\Public\Desktop\ Cake Shop.lnk
[2008/10/19 19:34:47 | 00,001,832 | ---- | M] () -- C:\Users\Public\Desktop\Supermarket Mania.lnk
[2008/10/19 19:06:25 | 00,000,174 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\More SpinTop Games.url
[2008/10/19 15:54:02 | 00,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2008/10/18 09:59:14 | 00,002,016 | ---- | M] () -- C:\Users\Whitehead Family\AppData\Roaming\wklnhst.dat
[2008/10/10 21:37:39 | 00,000,781 | ---- | M] () -- C:\Users\Whitehead Family\Documents\My Sharing Folders.lnk
[2008/10/09 17:06:12 | 00,014,336 | ---- | M] () -- C:\Users\Whitehead Family\Documents\alina route profile.wps
[2008/10/09 17:06:10 | 00,068,555 | ---- | M] () -- C:\Users\Whitehead Family\Documents\Profiles2.rtf
[2008/10/09 14:55:31 | 00,058,880 | ---- | M] () -- C:\Users\Whitehead Family\Documents\Profiles.doc
[2008/10/09 14:53:17 | 00,005,660 | ---- | M] () -- C:\Users\Whitehead Family\Documents\Additional Training.rtf
[2008/10/09 11:55:39 | 00,017,462 | ---- | M] () -- C:\Users\Whitehead Family\Documents\alina.bmp
[2008/10/07 14:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2008/10/07 13:53:20 | 03,620,930 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\mtmchat.exe
[2008/10/04 09:32:46 | 00,656,761 | ---- | M] () -- C:\Users\Whitehead Family\Desktop\ID & SSN.jpg
[2008/10/01 22:49:19 | 01,166,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/10/01 22:49:19 | 00,827,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/10/01 22:49:16 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/10/01 22:49:15 | 03,578,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/10/01 22:49:14 | 06,068,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/10/01 22:49:14 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/10/01 22:49:14 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/10/01 20:32:38 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
< End of report >

OTViewIt Extras logfile created on: 10/27/2008 11:50:06 AM - Run 7
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Users\Whitehead Family\Desktop
Windows Vista An unknown product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 91.94% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.24 Gb Total Space | 261.84 Gb Free Space | 91.16% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 5.23 Gb Free Space | 48.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WHITEHEADFAM-PC
Current User Name: Whitehead Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-544475780-3865938551-3954877077-1000]
"EnableNotifications"=0
"EnableNotificationsRef"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 15:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/06/07 10:30:54 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 23:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Cake Shop"= Cake Shop (remove only)
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}"=REALTEK USB Wireless LAN Driver
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}"=IDT Audio
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}"=Backup
"{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}"=BigFix
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go 5.0
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}"=Norton 360
"{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}"=Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}"=Gateway Recovery Center Installer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}"=Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}"=Adobe Flash Player 9 ActiveX
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B21F265E-96AB-4A11-9CC3-57B22B28B825}_is1"=TRANSFLO Now!™ 1.1
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B29B0066-547B-402c-9C0D-090E2F928A01}"=PANTECH PC USB Modem Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DC24971E-1946-445D-8A82-CE685433FA7D}"=Realtek USB 2.0 Card Reader
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}"=Gateway Connect
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}"=Hoyle Puzzle and Board Games
"1713EFD0409BCDF53DED33020E5FE8E4FB97BA41"=Windows Driver Package - Intel (NETw2v32) net (03/06/2007 9.1.1.15)
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Agere Systems Soft Modem"=Agere Systems HDA Modem
"FE1C1D7936737A38BEF487FE955502FC00778EF5"=Windows Driver Package - Intel (NETw4v32) net (03/13/2008 11.5.1.15)
"Foxit PDF Creator"=Foxit PDF Creator
"Foxit Reader"=Foxit Reader
"Google Desktop"=Google Desktop
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"InterActual Player"=InterActual Player
"iWinArcade"=iWin Games (remove only)
"Jojos Fashion Show"=Jojos Fashion Show (remove only)
"JoJo's Fashion Show 2 - Las Cruces"=JoJo's Fashion Show 2 - Las Cruces
"Lexmark X1100 Series"=Lexmark X1100 Series
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2007b"=Microsoft Money Essentials
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"RealArcade"=RealArcade
"Supermarket Mania"=Supermarket Mania (remove only)
"Supple"=Supple (remove only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"VZAccess Manager"=VZAccess Manager
"WildTangent gateway Master Uninstall"=Gateway Games
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2008 5:09:27 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 5:43:08 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 6:16:47 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 6:50:27 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 7:24:04 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 7:57:42 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 8:31:22 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 9:05:07 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 9:38:47 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

Error - 10/26/2008 10:13:47 AM | Computer Name = WhiteheadFam-PC | Source = Transflo.Agent | ID = 2029
Description = Transflo.TFClient: NetworkException: Connection to the server failed.
Communication
Error ---> System.Net.WebException: The underlying connection was closed: The remote
name could not be resolved. at Transflo.TFClient.TFClientWS.ProcessServerError(Exception
ex, String methodName, Object[] parameters, AttachmentCollection attachments)
at Transflo.TFClient.TFClientWS.Invoke(String methodName, Object[] parameters)
at Transflo.TransfloWS.TransfloWSWse.Authenticate(String userName, String password,
Int32 applicationId, String machineName, DateTime& clientCrc, String& sessionId)

at Transflo.TFClient.TFSession.Authenticate(String userId, String password, DateTime&
configCrc) at Transflo.TFClient.TFSession.DoLogin() --- End of inner exception
stack trace --- at Transflo.TFClient.TFSession.DoLogin() at Transflo.TFClient.TFSession..ctor(String
userId, String password, Int32 appId, AuthenticationType authType, TransfloWSWse
webService, ConnectionType connectionType, String machineInstanceId) at Transflo.TFClient.Client.BeginSession()
in BeginSession Connection to the server failed. Communication Error The underlying
connection was closed: The remote name could not be resolved. Error stack trace:
at Transflo.TFClient.TFClientWS.ProcessServerError(Exception ex, String methodName,
Object[] parameters, AttachmentCollection attachments) at Transflo.TFClient.TFClientWS.Invoke(String
methodName, Object[] parameters) at Transflo.TransfloWS.TransfloWSWse.Authenticate(String
userName, String password, Int32 applicationId, String machineName, DateTime& clientCrc,
String& sessionId) at Transflo.TFClient.TFSession.Authenticate(String userId,
String password, DateTime& configCrc) at Transflo.TFClient.TFSession.DoLogin()
Calling
stack trace: -> Execute -> BatchSubmitTask_OnRunLoop -> BeginSession -> BeginSession

[ Media Center Events ]
Error - 8/28/2008 12:27:03 PM | Computer Name = WhiteheadFam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/23/2008 8:18:54 PM | Computer Name = WhiteheadFam-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 721
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/17/2008 10:10:02 PM | Computer Name = WhiteheadFam-PC | Source = DCOM | ID = 10005
Description =

Error - 9/17/2008 10:10:02 PM | Computer Name = WhiteheadFam-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/17/2008 10:10:02 PM | Computer Name = WhiteheadFam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2008 10:16:13 PM | Computer Name = WhiteheadFam-PC | Source = HTTP | ID = 15016
Description =

Error - 9/17/2008 10:16:47 PM | Computer Name = WhiteheadFam-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2008 10:20:28 PM | Computer Name = WhiteheadFam-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 9/18/2008 11:08:16 AM | Computer Name = WhiteheadFam-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 9/18/2008 1:38:10 PM | Computer Name = WhiteheadFam-PC | Source = netbt | ID = 4321
Description = The name "WHITEHEADFAM-PC:0" could not be registered on the interface
with IP address 169.254.52.45. The computer with the IP address 172.30.7.155 did
not allow the name to be claimed by this computer.

Error - 9/18/2008 1:38:10 PM | Computer Name = WhiteheadFam-PC | Source = netbt | ID = 4321
Description = The name "WHITEHEADFAM-PC:0" could not be registered on the interface
with IP address 169.254.52.45. The computer with the IP address 172.30.7.155 did
not allow the name to be claimed by this computer.

Error - 9/19/2008 12:44:49 AM | Computer Name = WhiteheadFam-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:33 AM

Posted 28 October 2008 - 03:33 PM

Hello, nightsjewel20.
Looks like they just don't want to leave. I think we need some bigger guns,,,

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbsup:
In your next reply, please include the following:
  • ComboFix.txt

Billy3

Edited by Billy O'Neal, 01 November 2008 - 05:44 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 nightsjewel20

nightsjewel20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 30 October 2008 - 10:10 AM

I have tried several times to get it to work but it keeps coming up with the blue screen and it says that a duplicate file exists or a file cannot be found then it says underneath that, that combofix is preparing to run one time i left it for 2 hours and another time i left for half the night and still nothing is this normal? If not what should i do. Is it because i have windows vista?

Edited by nightsjewel20, 30 October 2008 - 10:12 AM.


#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:33 AM

Posted 30 October 2008 - 10:10 PM

Hello, nightsjewel20.
No.. that is not normal :thumbsup:

Please give me some time to discuss with another Team Member about this.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:33 AM

Posted 31 October 2008 - 02:14 PM

Please delete your copy of ComboFix, download a new copy, and try the instructions posted above again :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 nightsjewel20

nightsjewel20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 31 October 2008 - 02:48 PM

I have several times and it sad the same thing unless its on here somewhere and i cant find it but i have done a search and its nowhere to be found. So i dont know. I have used it before with windows xp and didnt have a problem is it because its windows vista maybe? I am not used to vista yet so i dont know maybe you know something i havent tried yet.

I could just reformat it i dont have anything on here to lose so it no biggy but i am trying to keep that as a last resort ya know?

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:33 AM

Posted 01 November 2008 - 05:44 PM

Hello again :thumbsup:

Please delete your existing copy, download one more time, and see if it fails again. (Things have changed since you last ran it ;)) :)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 nightsjewel20

nightsjewel20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 02 November 2008 - 04:22 PM

Nope Still nothing.

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:33 AM

Posted 02 November 2008 - 08:08 PM

Can you describe exactly what happens when CF runs? You said a blue screen appeared, is that still appearing? Was any error message displayed?

We need to know exactly what's going on in order to figure out what's going on.

Did you disable your Anti-Virus first?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users