Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow IE and Norton not functioning...


  • This topic is locked This topic is locked
7 replies to this topic

#1 daze4

daze4

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 10 January 2009 - 01:59 PM

Hello,
I have run spyware, adaware, and malwarebytes and at first they found Virtuamonde and Smitfraud but I got rid of them and the scans now come up clean. Now IE takes a LONG time to load when it is first started up and when you open a new tab. We have Norton 360 but it freezes and wont do anything if we try to do a scan. It does the same if we try to reinstall it. I would guess this has something to do with the spyware we had. HJthis posted below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:40 PM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wilottery.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Norton 360.lnk = C:\Program Files\Norton 360\MainStub.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kayla Day\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://cam6.uat.edu/SysCamInst.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185611483578
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: mbnekp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9758 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 18 January 2009 - 10:20 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Malwarebytes Anti-Malware log
  • GMER log
  • Description of Problems you still have

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 daze4

daze4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 19 January 2009 - 07:33 PM

Norton still freezes and IE is still really slow. Oddly, this is only the case on one user profile, not the other. The Norton problem is for both profiles though.

OTViewIt logfile created on: 1/19/2009 3:33:50 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Dan & Julie Day\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.48% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 231.65 Gb Free Space | 77.71% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JORDANDAYCUSTOM
Current User Name: Dan & Julie Day
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/02/21 16:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/04/07 16:26:10 | 01,421,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2008/10/05 00:07:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/11/29 11:59:24 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/01/05 03:39:46 | 00,597,504 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
[2007/01/11 22:39:12 | 01,423,360 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
[2008/03/25 03:28:02 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[2006/12/18 07:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006/07/13 06:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[2007/08/24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/12/03 02:00:18 | 01,064,400 | ---- | M] (Illysoft LLC) -- C:\Program Files\SpyNoMore\SNM.exe
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/05/17 15:22:26 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/12/09 04:12:30 | 00,234,856 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2007/05/29 15:29:36 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
[2007/05/29 15:29:42 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
[2008/03/25 03:28:02 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
[2008/10/15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/19 15:33:40 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan & Julie Day\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/21 16:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])
[2007/08/22 02:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
[2005/04/07 16:26:10 | 01,421,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/05 00:07:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])
[2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2007/08/24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/11/29 11:59:24 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/01/15 19:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006/08/06 16:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio [On_Demand | Running])
[2006/10/18 13:12:16 | 00,012,664 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2007/08/08 18:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
[2005/02/08 10:27:00 | 00,005,185 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2005/04/07 16:23:50 | 00,299,083 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2003/07/24 18:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2008/12/17 08:38:16 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/11/20 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[1996/04/03 13:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
[2004/10/27 14:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/02/07 05:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [Boot | Running])
[2006/10/29 21:31:58 | 00,043,648 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2004/08/12 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/11/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090104.020\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
[2008/11/20 03:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090104.020\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
[2008/10/07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/05/31 06:19:24 | 00,096,896 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
[2007/12/19 01:09:06 | 00,021,920 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2006/03/17 03:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService [On_Demand | Running])
[2008/09/05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2006/09/24 07:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
[2008/01/31 19:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Stopped])
[2008/01/31 19:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 19:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/12/03 16:05:59 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/11/21 02:01:06 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090113.002\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/06/13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005/01/26 04:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.wilottery.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=www.google.com

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.wilottery.com/

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290793 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
10016 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" ()
"AsusServiceProvider"=C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe ()
"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe ()
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"JMB36X Configure"=C:\WINDOWS\System32\JMRaidSetup.exe boot (JMicron Technology Corp.)
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup (Illysoft LLC)
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e"=C:\Program Files\XP Antivirus\xpa.exe File not found
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent (Electronic Arts)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/04/07 16:26:14 | 01,425,424 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
[1998/06/06 09:33:30 | 00,325,632 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
[2008/08/28 12:03:54 | 00,448,864 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Dan & Julie Day\Start Menu\Programs\Startup\Norton 360.lnk = C:\Program Files\Norton 360\MAINSTUB.EXE
[2007/02/02 16:54:56 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
File not found -- C:\Documents and Settings\Kayla Day\Start Menu\Programs\Startup\IMVU.lnk = C:\Documents and Settings\Dan & Julie Day\Application Data\IMVUClient\IMVUClient.exe
[2007/02/02 16:54:56 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\Kayla Day\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [2008/03/25 03:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %SystemDrive%\Documents and Settings\Kayla Day\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> [2008/03/25 03:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> [2008/03/25 03:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> [2008/03/25 03:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> [2008/03/25 03:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> [2008/03/25 03:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
antimalwareguard.com: * in Trusted sites
gomyhit.com: * in Trusted sites
moove.com: * in Trusted sites
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}: http://cam6.uat.edu/SysCamInst.cab -- Panasonic Network Camera
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab -- System Requirements Lab Class
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- Reg Error: Key does not exist or could not be opened.
{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1185611483578 -- MUWebControl Class
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}: http://picture.vzw.com/activex/VerizonWire...loadControl.cab -- Verizon Wireless Media Upload
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{44CE1FE7-7478-41F1-B397-33E4F6346446} (Servers: | Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC)
{82166929-92C9-4713-B82C-408487393349} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=mbnekp.dll
>File not found --

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/07/28 00:18:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | open=OblivionLauncher.exe | icon=Oblivion.ico | ]
[2005/11/21 11:26:21 | 00,000,057 | R--- | M] () -- D:\autorun.inf -- [ UDF ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=D:\OblivionLauncher.exe -- [2006/04/06 11:25:44 | 01,662,976 | R--- | M] (Bethesda Softworks)

========== Files/Folders - Created Within 30 Days ==========

[2009/01/19 15:33:23 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan & Julie Day\Desktop\OTViewIt.exe
[2009/01/14 17:42:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/14 17:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Application Data\Mozilla
[2009/01/14 17:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Application Data\Deployment
[2009/01/10 12:48:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\HijackThis.lnk
[2009/01/10 12:48:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/06 15:45:17 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/01/06 15:45:17 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/01/06 15:45:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/01/06 15:45:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/01/06 15:27:49 | 00,001,632 | ---- | C] () -- C:\Documents and Settings\Dan & Julie Day\Start Menu\Programs\Startup\Norton 360.lnk
[2009/01/05 20:49:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/01/05 17:15:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Application Data\Malwarebytes
[2009/01/05 17:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/05 17:08:10 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/01/05 13:25:43 | 00,000,000 | ---D | C] -- C:\NSS
[2009/01/05 05:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/01/05 05:33:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/01/01 10:46:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\My Documents\TomTom
[2009/01/01 10:45:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/01 10:45:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Application Data\TomTom
[2009/01/01 10:45:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Application Data\TomTom
[2009/01/01 10:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2009/01/01 10:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/19 15:33:40 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan & Julie Day\Desktop\OTViewIt.exe
[2009/01/19 15:06:04 | 00,193,728 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/19 07:06:08 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/19 05:09:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/19 05:09:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/16 16:04:10 | 00,000,024 | ---- | M] () -- C:\url_history.xml
[2009/01/14 17:42:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/01/14 04:15:38 | 00,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/13 21:07:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/10 19:27:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/10 19:27:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/01/10 12:48:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\HijackThis.lnk
[2009/01/10 12:39:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/10 12:39:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/09 19:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/06 15:45:17 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/01/06 15:45:17 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/01/06 05:27:40 | 00,075,576 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/06 04:16:32 | 00,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 19:42:43 | 00,014,239 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\Jordan Finaces.xlsx
[2009/01/05 10:19:47 | 00,290,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/28 08:57:45 | 00,001,714 | -H-- | M] () -- C:\Documents and Settings\Dan & Julie Day\My Documents\Default.rdp
< End of report >

OTViewIt Extras logfile created on: 1/19/2009 3:33:50 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Dan & Julie Day\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.48% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 231.65 Gb Free Space | 77.71% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JORDANDAYCUSTOM
Current User Name: Dan & Julie Day
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2008/08/30 08:38:29 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
File not found -- C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}"=Backup
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}"=AI Suite
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=JMB36X Raid Configurer
"{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}"=OpenOffice.org 2.2
"{40C03514-89C3-41BA-0090-3B440256DB87}"=The Sims 2
"{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls
"{4817189D-1785-4627-A33C-39FD90919300}"=The Sims 2 Pets
"{4F34DA70-F8E1-4ED6-A939-2A8CD7D2794F}"=SymNet
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}"=VPN Client
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{587178E7-B1DF-494E-9838-FA4DD36E873C}"=ASUSUpdate
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}"=The Sims 2 Family Fun Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}"=The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8795CBED-55E2-4693-9F14-84EC446935BE}"=SpeechRedist
"{88D5B052-13BF-44FE-8C17-AC416B323BFE}"=UT2004 Editor's Choice Edition Mod Installer
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}"=The Sims 2 University
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-800000000003}"=Chinese Traditional Fonts Support For Adobe Reader 8
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BC6D69DB-724A-4B12-A3AC-B54645F91395}"=MorphVOX Junior
"{C9BED750-1211-4480-B1A5-718A3BE15525}"=REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}"=Black & White 2
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims 2 Seasons
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}"=The Sims 2 Bon Voyage
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}"=PC Probe II
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"American Greetings Art & More Store"=American Greetings Art & More Store
"ENTERPRISER"=Microsoft Office Enterprise 2007
"Free YouTube to iPhone Converter_is1"=Free YouTube to iPhone Converter version 2.1
"Free YouTube to iPod Converter_is1"=Free YouTube to iPod Converter version 3.1
"Free YouTube to Mp3 Converter_is1"=Free YouTube to Mp3 Converter version 3.1
"Google Updater"=Google Updater
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PrintMaster 7.00"=PrintMaster 7.00
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"SecondLife"=SecondLife (remove only)
"Serif DrawPlus 3.0"=Serif DrawPlus 3.0
"SpeedFan"=SpeedFan (remove only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation)
"SystemRequirementsLab"=System Requirements Lab
"TomTom HOME"=TomTom HOME 2.5.2.60
"Uninstall_is1"=Uninstall 1.0.0.1
"WebPost"=Microsoft Web Publishing Wizard 1.52
"WIC"=Windows Imaging Component
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2009 5:57:19 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/9/2009 4:14:15 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x001b56c0.

Error - 1/13/2009 10:34:52 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2009 7:09:53 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2009 7:35:30 PM | Computer Name = JORDANDAYCUSTOM | Source = Google Update | ID = 20
Description =

Error - 1/14/2009 7:37:32 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2009 5:08:50 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2009 5:08:50 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2009 9:38:00 AM | Computer Name = JORDANDAYCUSTOM | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 1/19/2009 7:09:50 AM | Computer Name = JORDANDAYCUSTOM | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041F from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 1/16/2009 5:39:05 PM | Computer Name = JORDANDAYCUSTOM | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/16/2009 5:39:05 PM | Computer Name = JORDANDAYCUSTOM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/16/2009 5:39:22 PM | Computer Name = JORDANDAYCUSTOM | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/16/2009 5:39:22 PM | Computer Name = JORDANDAYCUSTOM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/18/2009 9:38:00 AM | Computer Name = JORDANDAYCUSTOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 1/18/2009 9:38:00 AM | Computer Name = JORDANDAYCUSTOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/18/2009 9:38:00 AM | Computer Name = JORDANDAYCUSTOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 1/19/2009 7:09:49 AM | Computer Name = JORDANDAYCUSTOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/19/2009 7:09:49 AM | Computer Name = JORDANDAYCUSTOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/19/2009 7:09:49 AM | Computer Name = JORDANDAYCUSTOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}


< End of report >

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

1/19/2009 4:27:09 PM
mbam-log-2009-01-19 (16-27-09).txt

Scan type: Quick Scan
Objects scanned: 78895
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-19 16:56:30
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 8A5A7140 ZwConnectPort

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C40 805044DC 2 Bytes [ 40, 71 ]
PAGE ntkrnlpa.exe!NtCreateSection + 3 805AB3B1 4 Bytes [ E5, 36, CC, CC ]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\SpyNoMore\SNM.exe[488] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 77, E7, C3, 83 ]
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 6CC1B328 C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 6CC1B360 C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 6CC1B2BC C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 6CC1B26B C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!AdjustWindowRectEx 7E42E7EA 5 Bytes JMP 6CC1B739 C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 6CC1B30D C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 6CC1B286 C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 6CC1B2D7 C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 6CC1B2A1 C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 6CC1B2F2 C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!AdjustWindowRect 7E431140 5 Bytes JMP 6CC1B65E C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[540] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 6CC1B250 C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.14 ----

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 19 January 2009 - 08:08 PM

Hello.

A few things I see in the OTViewIT logs and MBAM log

1) I still see remaints of the rogue program (XP anti-virus). MBAM should of removed the offending registry key.
2) MBAM is not updated.. I told you to update it. The current database version should be 1668. Please update it and re-scan with it.
3) There are also some sites in your trusted zone which shouldn't be, we will also remove that.

Norton still freezes and IE is still really slow. Oddly, this is only the case on one user profile, not the other. The Norton problem is for both profiles though.

Norton, I am not exactly sure what's wrong. IE slow I can't say much for that either because there are many reasons why IE may be slow and right now there isn't too much to be done. There are some things we need to take care of before we are done.

Your Java is outdated though.

Update Java to Version 6 Update 11

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Please post back with:
-New MBAM log
-OTViewIT log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 daze4

daze4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 20 January 2009 - 09:32 PM

Interesting, My IE problems were caused by Google Toolbar. I uninstalled it and now it works fine. Norton is still messed up though. It won't even let me uninstall it.

Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600 Service Pack 3

1/20/2009 7:35:59 PM
mbam-log-2009-01-20 (19-35-59).txt

Scan type: Quick Scan
Objects scanned: 77236
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTViewIt logfile created on: 1/20/2009 8:17:00 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Dan & Julie Day\Local Settings\Temporary Internet Files\Content.IE5\0SPFHXCG
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.36% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 231.29 Gb Free Space | 77.59% Space Free | Partition Type: NTFS
Drive D: | 518.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JORDANDAYCUSTOM
Current User Name: Dan & Julie Day
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/01/05 03:39:46 | 00,597,504 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
[2007/01/11 22:39:12 | 01,423,360 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
[2006/12/18 07:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006/07/13 06:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[2007/08/24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/12/03 02:00:18 | 01,064,400 | ---- | M] (Illysoft LLC) -- C:\Program Files\SpyNoMore\SNM.exe
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/05/17 15:22:26 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/12/09 04:12:30 | 00,234,856 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/02/21 16:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2007/05/29 15:29:36 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
[2007/05/29 15:29:42 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/04/07 16:26:10 | 01,421,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2008/10/05 00:07:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/01/20 20:11:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/10/15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/20 20:16:38 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Temporary Internet Files\Content.IE5\0SPFHXCG\OTViewIt[1].exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/21 16:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])
[2007/08/22 02:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
[2005/04/07 16:26:10 | 01,421,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/05 00:07:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])
[2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2007/08/24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/11/29 11:59:24 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2009/01/20 20:11:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2007/01/15 19:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006/08/06 16:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio [On_Demand | Running])
[2006/10/18 13:12:16 | 00,012,664 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2007/08/08 18:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
[2005/02/08 10:27:00 | 00,005,185 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2005/04/07 16:23:50 | 00,299,083 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2003/07/24 18:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2008/12/17 08:38:16 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/11/20 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[1996/04/03 13:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
[2009/01/19 16:29:20 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2004/10/27 14:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/02/07 05:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [Boot | Running])
[2006/10/29 21:31:58 | 00,043,648 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2004/08/12 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/11/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090104.020\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
[2008/11/20 03:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090104.020\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
[2008/10/07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/05/31 06:19:24 | 00,096,896 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
[2007/12/19 01:09:06 | 00,021,920 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2006/03/17 03:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService [On_Demand | Running])
[2008/09/05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2006/09/24 07:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
[2008/01/31 19:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Stopped])
[2008/01/31 19:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 19:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/12/03 16:05:59 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/11/21 02:01:06 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090113.002\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/06/13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005/01/26 04:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.wilottery.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.wilottery.com/

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290793 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
10016 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" ()
"AsusServiceProvider"=C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe ()
"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe ()
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"JMB36X Configure"=C:\WINDOWS\System32\JMRaidSetup.exe boot (JMicron Technology Corp.)
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup (Illysoft LLC)
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/04/07 16:26:14 | 01,425,424 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
[1998/06/06 09:33:30 | 00,325,632 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
[2008/08/28 12:03:54 | 00,448,864 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Dan & Julie Day\Start Menu\Programs\Startup\Norton 360.lnk = C:\Program Files\Norton 360\MAINSTUB.EXE
[2007/02/02 16:54:56 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
File not found -- C:\Documents and Settings\Kayla Day\Start Menu\Programs\Startup\IMVU.lnk = C:\Documents and Settings\Dan & Julie Day\Application Data\IMVUClient\IMVUClient.exe
[2007/02/02 16:54:56 | 00,393,216 | ---- | M] () -- C:\Documents and Settings\Kayla Day\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %SystemDrive%\Documents and Settings\Kayla Day\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1220945662-1592454029-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}: http://cam6.uat.edu/SysCamInst.cab -- Panasonic Network Camera
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab -- System Requirements Lab Class
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- Reg Error: Key does not exist or could not be opened.
{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1185611483578 -- MUWebControl Class
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}: http://picture.vzw.com/activex/VerizonWire...loadControl.cab -- Verizon Wireless Media Upload
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{44CE1FE7-7478-41F1-B397-33E4F6346446} (Servers: | Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC)
{82166929-92C9-4713-B82C-408487393349} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=mbnekp.dll
>File not found --

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/07/28 00:18:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[AutoRun] | open=setup.exe | icon=setup.exe,0 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |  | ]
[2003/03/31 06:00:00 | 00,000,110 | R--- | M] () -- D:\AUTORUN.INF -- [ CDFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=D:\OblivionLauncher.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/01/20 19:50:58 | 16,168,344 | ---- | C] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/20 19:40:39 | 00,030,864 | ---- | C] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\jre-6u11-windows-i586-p.htm
[2009/01/19 16:29:23 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/19 16:29:20 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/19 16:29:20 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/19 16:29:20 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/19 16:29:20 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/19 15:37:16 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/19 15:37:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/19 15:37:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/19 15:37:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/19 15:33:23 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan & Julie Day\Desktop\OTViewIt.exe
[2009/01/14 17:42:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/14 17:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Application Data\Mozilla
[2009/01/14 17:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Application Data\Deployment
[2009/01/10 12:48:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\HijackThis.lnk
[2009/01/10 12:48:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/06 15:45:17 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/01/06 15:45:17 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/01/06 15:45:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/01/06 15:45:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/01/06 15:27:49 | 00,001,632 | ---- | C] () -- C:\Documents and Settings\Dan & Julie Day\Start Menu\Programs\Startup\Norton 360.lnk
[2009/01/05 20:49:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/01/05 17:15:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Application Data\Malwarebytes
[2009/01/05 17:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/05 17:08:10 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/01/05 13:25:43 | 00,000,000 | ---D | C] -- C:\NSS
[2009/01/05 05:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/01/05 05:33:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/01/01 10:46:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\My Documents\TomTom
[2009/01/01 10:45:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/01 10:45:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Application Data\TomTom
[2009/01/01 10:45:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Julie Day\Application Data\TomTom
[2009/01/01 10:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2009/01/01 10:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/20 20:08:23 | 00,193,728 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/20 20:08:16 | 00,000,086 | -HS- | M] () -- C:\Documents and Settings\Dan & Julie Day\My Documents\desktop.ini
[2009/01/20 20:08:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/20 20:08:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/20 19:55:50 | 00,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/20 19:50:59 | 16,168,344 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/20 19:40:39 | 00,030,864 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\jre-6u11-windows-i586-p.htm
[2009/01/20 18:10:14 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/19 16:33:47 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/19 16:29:20 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/19 16:29:20 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/19 16:29:20 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/19 16:28:50 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2009/01/19 16:28:50 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\gmer.exe
[2009/01/19 15:37:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/19 15:33:40 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan & Julie Day\Desktop\OTViewIt.exe
[2009/01/16 16:04:10 | 00,000,024 | ---- | M] () -- C:\url_history.xml
[2009/01/14 17:42:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/14 04:15:38 | 00,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/13 21:07:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/10 19:27:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/10 19:27:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/01/10 12:48:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\HijackThis.lnk
[2009/01/10 12:39:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/10 12:39:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/09 19:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/06 15:45:17 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/01/06 15:45:17 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/01/06 05:27:40 | 00,075,576 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/06 04:16:32 | 00,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/05 19:42:43 | 00,014,239 | ---- | M] () -- C:\Documents and Settings\Dan & Julie Day\Desktop\Jordan Finaces.xlsx
[2009/01/05 10:19:47 | 00,290,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/28 08:57:45 | 00,001,714 | -H-- | M] () -- C:\Documents and Settings\Dan & Julie Day\My Documents\Default.rdp
< End of report >

OTViewIt Extras logfile created on: 1/20/2009 8:17:00 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Dan & Julie Day\Local Settings\Temporary Internet Files\Content.IE5\0SPFHXCG
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.36% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 231.29 Gb Free Space | 77.59% Space Free | Partition Type: NTFS
Drive D: | 518.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JORDANDAYCUSTOM
Current User Name: Dan & Julie Day
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2008/08/30 08:38:29 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
File not found -- C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}"=Backup
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}"=AI Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=JMB36X Raid Configurer
"{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}"=OpenOffice.org 2.2
"{40C03514-89C3-41BA-0090-3B440256DB87}"=The Sims 2
"{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls
"{4817189D-1785-4627-A33C-39FD90919300}"=The Sims 2 Pets
"{4F34DA70-F8E1-4ED6-A939-2A8CD7D2794F}"=SymNet
"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}"=VPN Client
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{587178E7-B1DF-494E-9838-FA4DD36E873C}"=ASUSUpdate
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}"=The Sims 2 Family Fun Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}"=The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8795CBED-55E2-4693-9F14-84EC446935BE}"=SpeechRedist
"{88D5B052-13BF-44FE-8C17-AC416B323BFE}"=UT2004 Editor's Choice Edition Mod Installer
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}"=The Sims 2 University
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-800000000003}"=Chinese Traditional Fonts Support For Adobe Reader 8
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BC6D69DB-724A-4B12-A3AC-B54645F91395}"=MorphVOX Junior
"{C9BED750-1211-4480-B1A5-718A3BE15525}"=REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}"=Black & White 2
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims 2 Seasons
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}"=The Sims 2 Bon Voyage
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}"=PC Probe II
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"American Greetings Art & More Store"=American Greetings Art & More Store
"ENTERPRISER"=Microsoft Office Enterprise 2007
"Free YouTube to iPhone Converter_is1"=Free YouTube to iPhone Converter version 2.1
"Free YouTube to iPod Converter_is1"=Free YouTube to iPod Converter version 3.1
"Free YouTube to Mp3 Converter_is1"=Free YouTube to Mp3 Converter version 3.1
"Google Updater"=Google Updater
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PrintMaster 7.00"=PrintMaster 7.00
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"SecondLife"=SecondLife (remove only)
"Serif DrawPlus 3.0"=Serif DrawPlus 3.0
"SpeedFan"=SpeedFan (remove only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation)
"SystemRequirementsLab"=System Requirements Lab
"TomTom HOME"=TomTom HOME 2.5.2.60
"Uninstall_is1"=Uninstall 1.0.0.1
"WebPost"=Microsoft Web Publishing Wizard 1.52
"WIC"=Windows Imaging Component
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2009 5:57:19 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/9/2009 4:14:15 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x001b56c0.

Error - 1/13/2009 10:34:52 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2009 7:09:53 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6316.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2009 7:35:30 PM | Computer Name = JORDANDAYCUSTOM | Source = Google Update | ID = 20
Description =

Error - 1/14/2009 7:37:32 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2009 5:08:50 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2009 5:08:50 PM | Computer Name = JORDANDAYCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2009 9:38:00 AM | Computer Name = JORDANDAYCUSTOM | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 1/19/2009 7:09:50 AM | Computer Name = JORDANDAYCUSTOM | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041F from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 1/20/2009 9:45:23 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:23 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:23 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:23 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:23 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:23 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:23 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:23 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:24 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/20/2009 9:45:24 PM | Computer Name = JORDANDAYCUSTOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 21 January 2009 - 03:37 PM

Hello.

Not much to do.. What seems to be the problem? Norton can be removed using the Norton removal tool.

Download and Run Norton Removal Tool

Please download the appropriate file package for removing Norton. The download links can be found here.

Follow the instructions on that page on selecting the appopriate download package and run it. You are using Norton 360, so please slect the "I have Norton 360" link.

Tell me how it goes.

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with:
-Answers to my question
-OTMoveIT log
-Kaspersky log
-What are the problems you still have?

note: I will be away after tomorrow but I may still be able to reply but expect some delays

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 24 January 2009 - 02:06 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 31 January 2009 - 02:18 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users