Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NT Authority\System Shutdown worm(?) virus(?) PLEASE HELP!


  • Please log in to reply
7 replies to this topic

#1 wildzero

wildzero

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 November 2008 - 12:00 PM

Please help! This is my first post, and I'm hoping someone can help me with an issue that other forums haven't been able to. Everytime I start my computer, I receive the following System Shutdown message -

"This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT Authority\System."

The countdown is 60 seconds. I have avoided the shutdown by changing the clock on my computer, however the issue still lingers. My desktop is infected with the same thing, so I am thinking worm.

Please help, this is driving me crazy!!!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:49 AM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080320
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4047940537-3668592661-2002379000-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://fpass.ed.gov/vdesk/terminal/InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://fpass.ed.gov/vdesk/terminal/urTermP...,2008,0122,2001
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://fpass.ed.gov/vdesk/terminal/urxshos...,2008,0122,2005
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://fpass.ed.gov/vdesk/terminal/urxhost...,2008,0122,2004
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9247 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 PM

Posted 17 November 2008 - 08:00 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.


First let's get a more detailed log so we can determine the best plan of attack for you.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 wildzero

wildzero
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 17 November 2008 - 09:52 PM

Thank you for the response. I have posted the two logs below. Just a quick update, I downloaded MalwareBytes and ran it, and it removed a backdoor trojan called Dimpy. Since then, the machine seems to be working rather well, however, there was no sound coming from my computer. I checked the speakers, everything tested fine, so I downloaded the audio driver and it seemed to fix the problem, although my sound quality is pretty poor right now. Anyway, that's where it stands, here are the (huge) logs:

OTViewit:

OTViewIt logfile created on: 11/17/2008 9:41:28 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Gregory\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.13% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.31 Gb Total Space | 130.77 Gb Free Space | 56.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG
Current User Name: Gregory
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/04/08 14:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2005/04/08 14:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2007/12/11 14:22:36 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2007/12/11 14:22:12 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008/10/28 21:38:20 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/09/23 19:27:30 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
[2004/08/04 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2004/08/04 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2007/09/07 17:49:50 | 01,236,992 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
[2007/12/11 14:22:36 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2006/11/02 14:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
[2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2007/04/16 16:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
[2008/02/19 12:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2005/04/08 14:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2005/04/17 11:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2004/02/12 12:38:56 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2007/09/23 19:27:28 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
[2004/05/12 14:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2007/09/23 19:27:38 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
[2007/09/23 19:27:28 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
[2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2004/05/28 21:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/04/17 11:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2007/05/25 11:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
[2004/05/28 22:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
[2007/09/23 22:12:22 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/04/17 11:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2004/08/04 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/02/22 03:25:20 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/11/17 21:41:01 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregory\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/28 21:38:20 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/04/08 14:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2005/04/08 14:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2005/04/08 14:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2005/04/17 11:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2007/10/11 09:49:46 | 00,076,016 | ---- | M] () -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService [On_Demand | Stopped])
[2007/05/25 11:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc [Auto | Running])
[2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/09/23 22:12:22 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2005/04/17 11:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2005/04/05 10:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2005/03/30 20:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
[2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2005/04/17 11:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/12/11 14:22:36 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe -- (STacSV [Auto | Running])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2007/09/23 19:27:26 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2007/08/07 16:02:56 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2007/12/11 14:22:24 | 01,123,328 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2007/08/23 18:29:10 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr [Auto | Running])
[2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
[2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/11/02 12:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02 [On_Demand | Stopped])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/09/12 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2004/03/21 08:35:48 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2004/03/21 08:35:52 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2004/03/21 08:35:58 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2007/12/02 19:26:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2007/12/02 19:26:22 | 00,989,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/08/07 16:04:38 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007/12/02 19:26:28 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/08/25 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081107.008\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/25 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081107.008\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2007/09/23 22:11:56 | 06,835,744 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/12/18 19:01:20 | 00,012,672 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct [On_Demand | Stopped])
[2006/07/24 03:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/08/26 21:13:30 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/08/26 21:13:30 | 00,056,832 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/08/26 21:13:32 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2005/02/04 19:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2005/02/04 19:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2007/05/03 05:27:21 | 00,078,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/03/30 20:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2005/04/01 19:36:04 | 00,123,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2005/04/05 10:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2005/04/05 10:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2007/12/02 19:26:20 | 00,731,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 00:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320
"SearchAssistant"=http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
"Start Page"=partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320
"Start Page"=partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320
"Start Page"=partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-4047940537-3668592661-2002379000-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080320
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-4047940537-3668592661-2002379000-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4047940537-3668592661-2002379000-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVHotkey"=rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

========== (O4) Startup Folders ==========

[2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2004/05/28 21:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2004/05/28 22:06:36 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-4047940537-3668592661-2002379000-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4047940537-3668592661-2002379000-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{45B69029-F3AB-4204-92DE-D5140C3E8E74}: https://fpass.ed.gov/vdesk/terminal/InstallerControl.cab -- F5 Networks Auto Update
{6C275925-A1ED-4DD2-9CEE-9823F5FDAA10}: https://fpass.ed.gov/vdesk/terminal/urTermP...,2008,0122,2001 -- F5 Networks SSLTunnel
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7}: https://fpass.ed.gov/vdesk/terminal/urxshos...,2008,0122,2005 -- F5 Networks SuperHost Class
{E0FF21FA-B857-45C5-8621-F120A0C17FF2}: https://fpass.ed.gov/vdesk/terminal/urxhost...,2008,0122,2004 -- F5 Networks Host Control

========== (O17) DNS Name Servers ==========

{2D276E17-DEDB-403B-BF92-E4F6A4B412A5} (Servers: | Description: 1394 Net Adapter)
{790716AC-2BFE-4112-89A2-151EC5F6967E} (Servers: | Description: Broadcom NetLink ™ Fast Ethernet)
{F604802F-DFD2-48E8-8C69-D08C18E317FE} (Servers: | Description: Dell Wireless 1395 WLAN Mini-Card)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/11 18:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/11/17 21:40:54 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gregory\Desktop\OTViewIt.exe
[2008/11/16 23:46:31 | 00,146,944 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st325602.dll
[2008/11/16 18:43:02 | 00,001,354 | ---- | C] () -- C:\Documents and Settings\Gregory\Desktop\View History.lnk
[2008/11/16 12:33:44 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/11/16 12:33:44 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/11/16 08:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gregory\Application Data\Malwarebytes
[2008/11/16 08:04:47 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/16 08:04:47 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/16 08:04:44 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/16 08:04:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/16 08:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/09 12:22:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/11/09 06:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gregory\Application Data\CyberLink
[2008/10/28 21:38:00 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/28 21:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/28 21:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/28 21:37:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/19 18:59:19 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/10/19 18:59:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/10/19 18:59:06 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008/11/17 21:41:01 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregory\Desktop\OTViewIt.exe
[2008/11/17 20:52:18 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/17 20:40:57 | 00,055,431 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2008/11/16 23:52:57 | 00,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/16 23:52:57 | 00,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/16 23:52:56 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/16 23:48:40 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/11/16 23:48:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/16 23:48:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/16 23:48:18 | 21,454,27456 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/16 18:43:02 | 00,001,354 | ---- | M] () -- C:\Documents and Settings\Gregory\Desktop\View History.lnk
[2008/11/16 12:33:44 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/11/16 08:15:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/16 08:04:47 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/15 21:53:10 | 00,000,532 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/15 21:53:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/15 21:53:10 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/11/15 11:22:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/10 10:24:10 | 00,000,025 | ---- | M] () -- C:\WINDOWS\webica.ini
[2008/11/03 16:10:26 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/28 21:38:00 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/26 21:53:28 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/26 21:53:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/24 06:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/24 06:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/10/19 18:59:19 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/10/19 18:55:38 | 00,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
< End of report >


Extras:

OTViewIt Extras logfile created on: 11/17/2008 9:41:28 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Gregory\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.13% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.31 Gb Total Space | 130.77 Gb Free Space | 56.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG
Current User Name: Gregory
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/04/16 16:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/02/19 12:10:26 | 19,897,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/05/12 14:18:56 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/11/27 20:19:22 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}"=Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}"=Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}"=HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}"=Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}"=Fax
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}"=CreativeProjects
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}"=AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3AE681E0-4E8D-453F-950A-48534D3C0724}"=Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}"=HPSystemDiagnostics
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}"=Unload
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{457791C5-D702-4143-A7B2-2744BE9573F2}"=HP Software Update
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}"=Dell DataSafe Online
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}"=ProductContext
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}"=Symantec AntiVirus
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{6E448242-1967-4470-A3F5-FFB62B341D8F}"=2600
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7F22ADCE-3549-49C2-BC16-07B692F57EFF}"=2600_Help
"{80FD852F-5AAC-4129-B931-06AAFFA43138}"=iTunes
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}"=SkinsHP1
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}"=OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}"=MediaDirect
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}"=QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}"=PrintScreen
"{9F15F5AD-AA10-46d9-B34D-AF2945DC65A6}"=2600Trb
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Dell Touchpad
"{A1062847-0846-427A-92A1-BB8251A91E91}"=HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}"=PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}"=Readme
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}"=AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}"=DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}"=Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}"=CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}"=DocumentViewer
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}"=InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}"=TrayApp
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}"=Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}"=IntelliSonic Speech Enhancement
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}"=BufferChm
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}"=Destinations
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}"=WebReg
"{FE34691C-4298-4667-9758-D7F534DD0B94}"=Dell Automated PC TuneUp
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}"=CueTour
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"Citrix ICA Web Client"=MetaFrame Presentation Server Web Client for Win32
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F"=Conexant HDA D330 MDC V.92 Modem
"eMusic Remote"=eMusic Remote 1.0.0.2
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IrfanView"=IrfanView (remove only)
"LiveUpdate"=LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"SearchAssist"=SearchAssist
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinRAR archiver"=WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2008 11:09:09 PM | Computer Name = GREG | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Adclicker in File: C:\Documents
and Settings\Gregory\Local Settings\Temporary Internet Files\Content.IE5\D6M48RVL\gnida[1].swf
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/11/2008 11:09:09 PM | Computer Name = GREG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Adclicker in File: C:\Documents
and Settings\Gregory\Local Settings\Temporary Internet Files\Content.IE5\D6M48RVL\gnida[1].swf
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: Quarantine was partially successful.

Error - 6/11/2008 11:09:19 PM | Computer Name = GREG | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Downloader in File: C:\DOCUME~1\Gregory\LOCALS~1\TEMPOR~1\Content.IE5\D6M48RVL\GNIDA_~1.SWF
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was deleted successfully.

Error - 6/11/2008 11:09:19 PM | Computer Name = GREG | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Downloader in File: C:\Documents and Settings\Gregory\Local
Settings\Temporary Internet Files\Content.IE5\D6M48RVL\gnida[1].swf by: Auto-Protect
scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied.
Action Description: The file was deleted successfully.

Error - 6/11/2008 11:09:19 PM | Computer Name = GREG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Downloader in File: C:\DOCUME~1\Gregory\LOCALS~1\TEMPOR~1\Content.IE5\D6M48RVL\GNIDA_~1.SWF
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 6/13/2008 11:42:59 PM | Computer Name = GREG | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Downloader in File: C:\DOCUME~1\Gregory\LOCALS~1\TEMPOR~1\Content.IE5\D6M48RVL\GNIDA_~1.SWF
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was deleted successfully.

Error - 6/13/2008 11:42:59 PM | Computer Name = GREG | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Downloader in File: C:\Documents and Settings\Gregory\Local
Settings\Temporary Internet Files\Content.IE5\D6M48RVL\gnida[1].swf by: Auto-Protect
scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied.
Action Description: The file was deleted successfully.

Error - 6/13/2008 11:43:00 PM | Computer Name = GREG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Downloader in File: C:\DOCUME~1\Gregory\LOCALS~1\TEMPOR~1\Content.IE5\D6M48RVL\GNIDA_~1.SWF
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 6/15/2008 11:29:01 PM | Computer Name = GREG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module quicktime.qts, version 7.4.1.14, fault address 0x001ea806.

Error - 6/21/2008 3:46:34 AM | Computer Name = GREG | Source = Userenv | ID = 1068
Description = Windows ended GPO processing because the computer shut down or the
user logged off.

[ System Events ]
Error - 11/15/2008 10:35:52 PM | Computer Name = GREG | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 11/15/2008 10:54:59 PM | Computer Name = GREG | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 11/15/2008 10:54:59 PM | Computer Name = GREG | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/16/2008 10:34:21 AM | Computer Name = GREG | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 11/16/2008 10:34:21 AM | Computer Name = GREG | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/16/2008 9:15:37 AM | Computer Name = GREG | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 11/16/2008 3:24:21 PM | Computer Name = GREG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001EC902BF6A.

Error - 11/16/2008 6:43:11 PM | Computer Name = GREG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001EC902BF6A.

Error - 11/17/2008 12:13:15 AM | Computer Name = GREG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001EC902BF6A.

Error - 11/17/2008 9:40:54 PM | Computer Name = GREG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 001644AEADA1.


< End of report >

Edited by wildzero, 17 November 2008 - 09:54 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 PM

Posted 18 November 2008 - 09:23 AM

I'm not seeing anything active in your log, but there are signs of remnants still there. Let's make sure you get rid of all of it.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


===================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 wildzero

wildzero
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 November 2008 - 09:21 PM

All done, here's the Kapersky log;

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 18, 2008 20:05:17
Records in database: 1392277
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 68753
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:46:55


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0000\4BBF5649.VBN Infected: Exploit.Multi.Qtp.g 1

The selected area was scanned.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 PM

Posted 19 November 2008 - 10:41 AM

Nothing there that your antivirus hasn't already quarantined, so that's a clean log! :thumbsup:

How is everything on your end? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 wildzero

wildzero
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 20 November 2008 - 01:38 AM

Everything looks good on the laptop end, however my PC was infected with the same thing and I would love for you to take a look at the logs for me if you have the time. The PC also just got a nasty little bugger called delself.bat which I am trying to remove w/ Malwarebytes right now.

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:42 AM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {F4430FE8-2638-42e5-B849-800749B94EED} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://fpass.ed.gov/vdesk/terminal/Install...,2008,0122,2009
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://fpass.ed.gov/vdesk/terminal/urTermP...,2008,0122,2001
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://fpass.ed.gov/vdesk/terminal/urxshos...,2008,0122,2005
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://fpass.ed.gov/vdesk/terminal/urxhost...,2008,0122,2004
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6198 bytes


OTViewIt:

OTViewIt logfile created on: 11/20/2008 1:56:12 AM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2WLQFP9P
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.80 Mb Total Physical Memory | 84.75 Mb Available Physical Memory | 33.39% Memory free
624.85 Mb Paging File | 378.09 Mb Available in Paging File | 60.51% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 39.20 Gb Free Space | 51.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2RN2PM05RG
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2004/05/03 22:38:45 | 00,057,344 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
[2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2003/11/18 02:11:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2004/05/04 01:28:48 | 00,090,112 | ---- | M] (GTW) -- C:\WINDOWS\GWMDMMSG.exe
[2007/12/11 12:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/03/07 09:58:20 | 01,773,568 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\support.com\bin\tgcmd.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/04 02:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/11/20 01:56:07 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2WLQFP9P\OTViewIt[1].exe

========== (O23) Win32 Services ==========

[2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/03/30 16:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [On_Demand | Stopped])
[2004/05/03 22:38:28 | 00,057,344 | ---- | M] (LANovation) -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker [On_Demand | Stopped])
[2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2004/05/03 22:38:45 | 00,057,344 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
[2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[2001/08/17 08:28:00 | 00,871,388 | ---- | M] (BCM) -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem [On_Demand | Stopped])
[2004/04/02 21:35:08 | 00,043,392 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2004/04/02 21:32:20 | 00,024,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2005/06/16 14:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam [System | Running])
[2005/03/31 07:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
[2005/03/31 07:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K [Auto | Running])
[2005/03/31 07:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps [On_Demand | Stopped])
[2005/03/31 07:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP [On_Demand | Stopped])
[2004/02/10 17:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/09/05 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2001/08/09 21:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
[2005/03/31 08:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit [System | Stopped])
[2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/05/04 01:28:48 | 01,107,680 | ---- | M] (GTW) -- C:\WINDOWS\system32\drivers\GWMDM.sys -- (GTWModem [On_Demand | Running])
[2004/03/21 08:35:48 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2004/03/21 08:35:52 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2004/03/21 08:35:58 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2003/11/20 11:25:00 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2005/02/15 14:57:20 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2001/08/17 08:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/11/14 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081114.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/11/14 04:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081114.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2002/01/08 03:41:00 | 00,020,546 | R--- | M] (Thomson Multimedia) -- C:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm [On_Demand | Stopped])
[2002/10/01 09:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2002/09/03 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/09/23 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2002/09/03 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/04/22 00:09:00 | 00,120,448 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Stopped])
[2005/02/04 20:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2005/02/04 20:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/05/04 01:29:12 | 00,459,944 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2005/03/30 21:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2006/09/15 21:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2005/04/05 11:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2005/04/05 11:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2002/09/03 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2003/11/20 11:26:00 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
[2003/11/20 11:26:00 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Live Search
"SearchMigratedDefaultURL"=http://search.msn.com/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q={searchTerms}
"Start Page"=http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Live Search
"SearchMigratedDefaultURL"=http://search.msn.com/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q={searchTerms}
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (21 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A01EB923-56D9-4E6C-9E60-88CDB8A0CC2F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A01EB923-56D9-4E6C-9E60-88CDB8A0CC2F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"GWMDMMSG"=GWMDMMSG.exe (GTW)
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf (SupportSoft, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{BF69DF00-4734-477F-8257-27CD04F88779} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{BF69DF00-4734-477F-8257-27CD04F88779} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
emusic.com\www: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-746137067-1580818891-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
emusic.com\www: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{26CBF141-7D0F-46E1-AA06-718958B6E4D2}: http://download.ebay.com/turbo_lister/US/install.cab -- Reg Error: Key does not exist or could not be opened.
{341FF14B-00CB-49F5-A427-A164DF1D5E1F}: http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab -- MALPlaybackCtrl Class
{45B69029-F3AB-4204-92DE-D5140C3E8E74}: https://fpass.ed.gov/vdesk/terminal/Install...,2008,0122,2009 -- F5 Networks Auto Update
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab -- MSN Photo Upload Tool
{6C275925-A1ED-4DD2-9CEE-9823F5FDAA10}: https://fpass.ed.gov/vdesk/terminal/urTermP...,2008,0122,2001 -- F5 Networks SSLTunnel
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}: http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab -- Verizon Wireless Media Upload
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupdate.microsoft.com/CAB/...8110.9087268518 -- Reg Error: Key does not exist or could not be opened.
{CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7}: https://fpass.ed.gov/vdesk/terminal/urxshos...,2008,0122,2005 -- F5 Networks SuperHost Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{E0FF21FA-B857-45C5-8621-F120A0C17FF2}: https://fpass.ed.gov/vdesk/terminal/urxhost...,2008,0122,2004 -- F5 Networks Host Control
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD}: http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab? -- Photo Upload Plugin Class
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{167CA9F6-ED10-4FB3-A220-B31D0E97210F} (Servers: | Description: Linksys Wireless-G PCI Adapter)
{A463052F-9862-4F5E-9EEA-126B261ABEC2} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\wmfhotfix.dll
>[2006/01/01 15:41:10 | 00,003,584 | ---- | M] () -- C:\WINDOWS\system32\wmfhotfix.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoAlbum.log [-i="C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0.txt" -o="C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0_out.txt" -g -b -s=4 -f="text"input text file: C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0.txt | output file: C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0_out.txt | | Value of width is 2168 and ht is 1426creating book layout ... | layout is complete, writing output file of type 1... | ]
[2005/05/24 17:24:43 | 00,000,619 | ---- | M] () -- C:\autoAlbum.log -- [ NTFS ]

AUTOEXEC.BAT []
[2004/05/04 01:22:02 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/12/06 00:44:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/12/06 00:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
[2008/12/06 00:21:10 | 00,124,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/12/06 00:21:10 | 00,091,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/12/06 00:20:43 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2008/11/17 19:34:30 | 00,003,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Audio1.nra
[2008/11/16 23:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/11/16 23:53:18 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/16 23:53:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/16 23:53:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/16 23:53:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/16 23:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/15 08:31:09 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/11/15 08:31:09 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/11/14 19:40:12 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/03 05:39:24 | 00,353,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photoremix1.1.jpg
[2008/11/03 05:17:29 | 00,160,694 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photoremix1.jpg
[2008/11/03 05:14:44 | 01,914,807 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photogallery1 003.jpg
[2008/11/03 02:54:03 | 01,160,585 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photogallery1 002.jpg
[2008/11/03 02:51:16 | 15,356,650 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photogallery1 001.jpg
[2008/11/03 02:48:46 | 04,810,800 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photogallery1.jpg
[2008/11/03 01:31:09 | 00,086,669 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\picattempt4.JPG
[2008/11/03 01:25:13 | 00,088,637 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\picattempt3.JPG
[2008/11/03 01:22:16 | 00,090,634 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\picattempt2.JPG
[2008/11/03 01:14:41 | 00,092,309 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\picattempt1.JPG
[2008/11/03 00:42:54 | 00,023,925 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic9.jpg
[2008/11/03 00:42:28 | 00,023,506 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic8.jpg
[2008/11/03 00:41:53 | 00,024,947 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic7.jpg
[2008/11/03 00:41:27 | 00,099,527 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photoremix1.1.1.jpg
[2008/11/03 00:36:47 | 00,046,590 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic6.jpg
[2008/11/03 00:35:49 | 00,039,027 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic5.jpg
[2008/11/03 00:35:01 | 00,041,668 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic4.jpg
[2008/11/03 00:34:37 | 00,048,781 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic3.jpg
[2008/11/03 00:34:16 | 00,037,831 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic2.jpg
[2008/11/03 00:33:44 | 00,039,378 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic1.jpg
[2008/11/03 00:25:53 | 01,160,585 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cd1.jpg
[2008/11/02 21:57:12 | 00,317,489 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cdback1.jpg
[2008/11/01 14:21:00 | 00,106,967 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage 2 001.1.jpg
[2008/10/30 00:33:04 | 01,056,731 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage 2 001.jpg
[2008/10/30 00:30:14 | 08,858,685 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage 2.jpg
[2008/10/29 23:31:31 | 01,318,149 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage Greyscale.jpg
[2008/10/29 23:26:30 | 01,336,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage.jpg
[2008/10/29 20:35:25 | 00,064,670 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage 2.1.jpg

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/07 08:27:11 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2008/12/06 00:44:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2008/11/20 01:45:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/20 01:43:26 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/11/20 01:42:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/20 01:42:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/18 07:07:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/17 19:34:31 | 00,003,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Audio1.nra
[2008/11/17 16:42:03 | 00,000,025 | ---- | M] () -- C:\WINDOWS\webica.ini
[2008/11/16 23:53:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/15 08:31:09 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/11/14 19:40:12 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/14 19:37:14 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/14 19:32:44 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/11/14 19:32:43 | 00,000,684 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/14 19:32:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/13 20:13:49 | 01,832,960 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/11/13 20:13:45 | 01,300,480 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/11/07 20:10:22 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/07 20:10:22 | 00,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/07 20:10:22 | 00,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/03 19:05:36 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2008/11/03 02:51:59 | 00,003,253 | ---- | M] () -- C:\WINDOWS\photoimpression.ini
[2008/11/03 01:31:09 | 00,086,669 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\picattempt4.JPG
[2008/11/03 01:25:13 | 00,088,637 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\picattempt3.JPG
[2008/11/03 01:22:16 | 00,090,634 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\picattempt2.JPG
[2008/11/03 01:14:41 | 00,092,309 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\picattempt1.JPG
[2008/11/03 00:42:54 | 00,023,925 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic9.jpg
[2008/11/03 00:42:28 | 00,023,506 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic8.jpg
[2008/11/03 00:41:53 | 00,024,947 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic7.jpg
[2008/11/03 00:41:27 | 00,099,527 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photoremix1.1.1.jpg
[2008/11/03 00:40:18 | 01,160,585 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photogallery1 002.jpg
[2008/11/03 00:39:56 | 00,353,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photoremix1.1.jpg
[2008/11/03 00:36:47 | 00,046,590 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic6.jpg
[2008/11/03 00:35:49 | 00,039,027 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic5.jpg
[2008/11/03 00:35:01 | 00,041,668 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic4.jpg
[2008/11/03 00:34:37 | 00,048,781 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic3.jpg
[2008/11/03 00:34:16 | 00,037,831 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic2.jpg
[2008/11/03 00:33:44 | 00,039,378 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic1.jpg
[2008/11/03 00:25:53 | 01,160,585 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cd1.jpg
[2008/11/03 00:19:07 | 00,160,694 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photoremix1.jpg
[2008/11/03 00:15:14 | 01,914,807 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photogallery1 003.jpg
[2008/11/02 21:57:12 | 00,317,489 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cdback1.jpg
[2008/11/02 21:52:42 | 15,356,650 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photogallery1 001.jpg
[2008/11/02 21:50:01 | 04,810,800 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photogallery1.jpg
[2008/11/01 14:21:00 | 00,106,967 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage 2 001.1.jpg
[2008/10/29 20:35:25 | 00,064,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage 2.1.jpg
[2008/10/29 20:33:54 | 01,056,731 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage 2 001.jpg
[2008/10/29 20:31:23 | 08,858,685 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage 2.jpg
[2008/10/29 19:32:51 | 01,318,149 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage Greyscale.jpg
[2008/10/29 19:28:11 | 01,336,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Black and White Collage.jpg
[2008/10/26 01:48:26 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/24 06:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/24 06:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >

Extras:

OTViewIt Extras logfile created on: 11/20/2008 1:56:12 AM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2WLQFP9P
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.80 Mb Total Physical Memory | 84.75 Mb Available Physical Memory | 33.39% Memory free
624.85 Mb Paging File | 378.09 Mb Available in Paging File | 60.51% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 39.20 Gb Free Space | 51.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2RN2PM05RG
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 02:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 02:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking
[2006/06/02 02:20:41 | 01,003,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\WebRebates\WebRebates.exe:*:Disabled:WebRebates
File not found -- C:\Program Files\Blubster\Blubster.exe:*:Enabled:MP2P servent main executable
File not found -- C:\Program Files\BitTorrent\btdownloadgui.exe:*:Disabled:btdownloadgui
File not found -- C:\Program Files\iMesh\iMesh5\iMesh.exe:*:Disabled:iMesh 5
File not found -- C:\Program Files\Soulseek\slsk.exe:*:Disabled:SoulSeek Client
File not found -- C:\Program Files\eBay\Turbo Lister\Tl.exe:*:Enabled:Turbo Lister
File not found -- C:\Program Files\KaZaA Lite\Kazaa.exe:*:Disabled:KaZaA Lite
File not found -- C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp:*:Disabled:KazaaLite
File not found -- C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Disabled:kazaalite
File not found -- C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Disabled:KazaaLite
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LaunchAnywhere GUI
[2003/02/28 20:26:32 | 00,171,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wjview.exe:*:Disabled:Microsoft® VM Command Line Interpreter
[2005/09/03 07:45:28 | 00,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2006/04/15 01:31:31 | 00,204,845 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\trueplay.exe:*:Disabled:RealPlayer
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2006/10/19 14:13:32 | 00,983,154 | ---- | M] (eMusic, Inc.) -- C:\Program Files\EMusic Download Manager\EMusic.exe:*:Enabled:eMusic Download Manager
[2007/12/11 12:10:18 | 17,152,808 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 05:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/05/12 14:18:56 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 05:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 05:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 05:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}"=iPod Updater 2004-11-15
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}"=iTunes
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}"=Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}"=HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}"=Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}"=Fax
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}"=CreativeProjects
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}"=AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}"=HLPIndex
"{3AE681E0-4E8D-453F-950A-48534D3C0724}"=Copy
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}"=HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}"=Unload
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}"=ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}"=ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}"=CardRd81
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}"=ProductContext
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}"=Symantec AntiVirus
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{69640730-B830-4C24-BB5C-222DA1260548}"=Turbo Lister 2
"{6E448242-1967-4470-A3F5-FFB62B341D8F}"=2600
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}"=Microsoft Works Suite Add-in for Microsoft Word
"{7F22ADCE-3549-49C2-BC16-07B692F57EFF}"=2600_Help
"{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}"=ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}"=HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}"=SkinsHP1
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=DVD
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}"=QuickProjects
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}"=PrintScreen
"{9F15F5AD-AA10-46d9-B34D-AF2945DC65A6}"=2600Trb
"{A1062847-0846-427A-92A1-BB8251A91E91}"=HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}"=PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}"=Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}"=AiO_Scan
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}"=ESSvpaht
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}"=Ipswitch WS_FTP Pro
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}"=DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}"=Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}"=CreativeProjectsTemplates
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}"=DocumentViewer
"{B5C209B1-8DDB-4642-A573-375B951514CB}"=Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}"=InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}"=TrayApp
"{CA60320D-6A16-49C8-A34F-84EEF4799567}"=ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}"=essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}"=Works Suite OS Pack
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}"=iPod for Windows 2005-10-12
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{E0D51394-1D45-460A-B62D-383BC4F8B335}"=QuickTime
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}"=BufferChm
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}"=Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}"=WebReg
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}"=ESSEMAIL
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}"=CueTour
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Applet_App"=Applet_App
"Applet_Copy"=Applet_Copy
"Applet_Creativity"=Applet_Creativity
"Applet_Email"=Applet_Email
"Applet_Epp"=Applet_Epp
"Applet_File"=Applet_File
"Applet_OCR"=Applet_OCR
"Applet_Web"=Applet_Web
"ArcSoft PhotoImpression 3.0"=ArcSoft PhotoImpression 3.0
"Citrix ICA Web Client"=MetaFrame Presentation Server Web Client for Win32
"comcastDD"=Desktop Doctor
"ComcastHSI"=Comcast High-Speed Internet Install Wizard
"Copy Utility"=Copy Utility
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"eMusic Remote"=eMusic Remote 1.0.0.2
"EPSON Smart Panel"=EPSON Smart Panel
"Gateway Desktop Manager"=Gateway Desktop Manager
"Gateway Drivers and Applications Recovery"=Gateway Drivers and Applications Recovery
"Gateway IE Customizations"=Gateway IE Customizations
"Gateway Power Management"=Gateway Power Management
"GTW V.92 Voicemodem"=GTW V.92 Voicemodem
"HelpSpot"=HelpSpot
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Ink Monitor"=Ink Monitor
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}"=iPod Updater 2004-11-15
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}"=Turbo Lister 2
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}"=iPod for Windows 2005-10-12
"IrfanView"=IrfanView (remove only)
"LiveUpdate"=LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Pdf995"=Pdf995
"PdfEdit995"=PdfEdit995
"PF1250-1650 Guide"=PF1250-1650 Guide
"PROSet"=Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0"=RealPlayer
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"TaxCut Basic 2006"=TaxCut Basic 2006
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows WMF Metafile Vulnerability HotFix_is1"=Windows WMF Metafile Vulnerability HotFix 1.2
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"Works2003Setup"=Microsoft Works 2003 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2008 2:37:26 AM | Computer Name = HOME-2RN2PM05RG | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Bloodhound.Exploit.196 in File: C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\7XICTCQ3\US_1_~1.PDF
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 11/12/2008 2:37:27 AM | Computer Name = HOME-2RN2PM05RG | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Bloodhound.Exploit.196 in File: C:\Documents
and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7XICTCQ3\us[1].pdf
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/12/2008 2:37:27 AM | Computer Name = HOME-2RN2PM05RG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Bloodhound.Exploit.196 in File: C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\7XICTCQ3\US_1_~1.PDF
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/12/2008 2:09:17 AM | Computer Name = HOME-2RN2PM05RG | Source = Application Hang | ID = 1002
Description = Hanging application Kodak Software Updater.exe, version 0.0.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/16/2008 3:06:30 AM | Computer Name = HOME-2RN2PM05RG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x0af363b0.

Error - 11/17/2008 1:01:01 AM | Computer Name = HOME-2RN2PM05RG | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Adware.Iefeats in File: C:\Program Files\Windows
Media Player\wmplayer.exe.js by: Auto-Protect scan. Action: Pending Side Effects
Analysis. Action Description:

Error - 11/20/2008 2:25:49 AM | Computer Name = HOME-2RN2PM05RG | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Downloader.MisleadApp in File: c:\windows\system32\brastk.exe
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 11/20/2008 2:26:00 AM | Computer Name = HOME-2RN2PM05RG | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: (null) in File: c:\windows\system32\brastk.exe
by: Manual scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged.

Error - 11/20/2008 2:26:00 AM | Computer Name = HOME-2RN2PM05RG | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Downloader.MisleadApp in File: c:\windows\system32\brastk.exe
by: Manual scan. Action: Terminate Process Required. Action Description:

Error - 11/20/2008 2:55:33 AM | Computer Name = HOME-2RN2PM05RG | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt[1].exe, version 1.0.20.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/12/2008 2:09:26 AM | Computer Name = HOME-2RN2PM05RG | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000006, parameter2 805fd1c7, parameter3
ee6036bc, parameter4 00000000.

Error - 11/13/2008 9:08:25 PM | Computer Name = HOME-2RN2PM05RG | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 11/14/2008 8:33:33 PM | Computer Name = HOME-2RN2PM05RG | Source = Service Control Manager | ID = 7000
Description = The Terminal Services service failed to start due to the following
error: %%230

Error - 11/14/2008 8:33:33 PM | Computer Name = HOME-2RN2PM05RG | Source = Service Control Manager | ID = 7001
Description = The Fast User Switching Compatibility service depends on the Terminal
Services service which failed to start because of the following error: %%230

Error - 11/14/2008 8:33:33 PM | Computer Name = HOME-2RN2PM05RG | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 11/14/2008 8:35:56 PM | Computer Name = HOME-2RN2PM05RG | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service
Pack 2 (KB954430).

Error - 11/16/2008 3:12:20 AM | Computer Name = HOME-2RN2PM05RG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.10 on
the Network Card with network address 0007E9B5F533.

Error - 11/17/2008 1:21:53 AM | Computer Name = HOME-2RN2PM05RG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/20/2008 2:15:36 AM | Computer Name = HOME-2RN2PM05RG | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.

Error - 11/20/2008 2:44:13 AM | Computer Name = HOME-2RN2PM05RG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >

Edited by wildzero, 20 November 2008 - 02:01 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 PM

Posted 20 November 2008 - 10:07 AM

Nothing too worrisome in that log. I would run ATF Cleaner on that one to clean up your temp files. Then run Malwarebytes as you stated you were doing and also a Kaspersky scan.

Please post the log from Malwarebytes and Kaspersky and we'll see turns up.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users