Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE No Longer Works


  • This topic is locked This topic is locked
9 replies to this topic

#1 rodg12

rodg12

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 13 January 2009 - 04:05 PM

My sister's computer was infected with the SystemSecurity Malware. I followed the instructions on this page:

http://www.bleepingcomputer.com/malware-re...system-security

to remove it. However, now her Internet Explorer no longer works. When she clicks on the link to open IE, it says "C:\Program Files\Internet Explorer\iexplorer.exe Is Not Found." I've had here uninstall and reinstall IE, but that didn't solve the problem. Hopefully someone here can help. Here is the log from after running Malwarebytes Anti-Malware software referenced in the above article.

Malwarebytes' Anti-Malware 1.32
Database version: 1631
Windows 5.1.2600 Service Pack 3

1/8/2009 8:58:12 AM
mbam-log-2009-01-08 (08-58-12).txt

Scan type: Quick Scan
Objects scanned: 58590
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9bff62cc-31b6-340d-94ad-b370cbbfd352} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9bff62cc-31b6-340d-94ad-b370cbbfd352} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.ttb000000 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolband.ttb000000.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e476937a-d80b-39cf-86b8-068d6f59e8b9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a80aa56-7f80-32ce-9f5b-632adf091a38} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9bff62cc-31b6-340d-94ad-b370cbbfd352} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1135733207 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Pamela\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\xel88277.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\151917531\1135733207.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\el88277.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qnkfqvs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pamela\Start Menu\Programs\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pamela\Desktop\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 rodg12

rodg12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 13 January 2009 - 04:07 PM

I also had her run combofix to see if that would fix the IE problem. Unfortunately, it did not. Here is the log after running that....

ComboFix 09-01-07.02 - Administrator 2009-01-07 22:14:42.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.591 [GMT -6:00]
Running from: c:\mycombofix\ComboFix.exe
Command switches used :: c:\mycombofix\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\msiconf.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-07 22:11 . 2009-01-07 22:13 <DIR> d-------- C:\MyComboFix
2009-01-07 22:01 . 2009-01-07 22:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2009-01-07 12:12 . 2009-01-07 20:33 <DIR> d-------- c:\program files\a-squared Free
2009-01-07 11:10 . 2009-01-07 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\151917531
2009-01-07 11:06 . 2009-01-07 11:06 <DIR> d-------- c:\documents and settings\Pamela\Application Data\s_5849_OTl8fHx8OTl8fHwxMjQzOTc3Njk1fA_
2009-01-07 11:05 . 2009-01-07 11:05 <DIR> d-------- c:\windows\SYSTEM32\CONFIG\systemprofile\Application Data\alot
2009-01-07 11:00 . 2009-01-07 11:00 182,272 --a------ c:\program files\Common Files\Ndm399a2rL.exe
2009-01-07 11:00 . 2009-01-07 11:00 176,128 --a------ c:\windows\SYSTEM32\xel88277.dll
2009-01-07 11:00 . 2009-01-07 11:00 176,128 --a------ c:\windows\SYSTEM32\el88277.dll
2009-01-07 11:00 . 2008-04-13 18:12 61,440 --a------ c:\windows\SYSTEM32\svchost.exe
2009-01-07 08:06 . 2009-01-07 08:06 <DIR> d-------- c:\documents and settings\Pamela\Application Data\alot
2009-01-05 23:24 . 2009-01-05 23:24 <DIR> d-------- c:\program files\alot
2009-01-05 23:24 . 2009-01-05 23:25 <DIR> d-------- c:\documents and settings\Patricia\Application Data\alot
2009-01-05 22:36 . 2009-01-05 22:36 <DIR> d-------- c:\program files\Twighlightthemoviescreens
2009-01-03 23:06 . 2009-01-03 23:06 <DIR> d-------- c:\documents and settings\Pamela\Application Data\Sony Corporation
2009-01-03 22:40 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\SYSTEM32\D3DCompiler_33.dll
2009-01-03 22:40 . 2007-03-15 16:57 443,752 --a------ c:\windows\SYSTEM32\d3dx10_33.dll
2009-01-03 22:40 . 2007-04-04 18:55 261,480 --a------ c:\windows\SYSTEM32\xactengine2_7.dll
2009-01-03 22:40 . 2007-04-04 18:53 81,768 --a------ c:\windows\SYSTEM32\xinput1_3.dll
2009-01-03 22:28 . 2009-01-03 22:28 <DIR> d-------- c:\program files\Sony
2009-01-03 19:23 . 2009-01-03 19:23 <DIR> d-------- c:\documents and settings\Pamela\Application Data\Media Player Classic
2009-01-03 19:17 . 2009-01-03 19:17 <DIR> d-------- c:\program files\AviSynth 2.5
2009-01-03 19:16 . 2009-01-04 11:30 <DIR> d-------- c:\program files\DVD slideshow GUI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 20:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 17:59 --------- d-----w c:\documents and settings\Pamela\Application Data\InstallShield
2009-01-07 17:54 5,120 --sha-w c:\program files\Thumbs.db
2009-01-06 04:32 --------- d-----w c:\program files\Dl_cats
2009-01-04 01:17 --------- d-----w c:\program files\Xvid
2008-12-13 06:40 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-10 05:17 --------- d-----w c:\documents and settings\Patricia\Application Data\U3
2008-12-07 02:45 --------- d-----w c:\program files\Carmen Word Detective
2008-12-07 02:43 --------- d-----w c:\program files\Common Files\Intuit
2008-12-07 02:38 --------- d-----w c:\documents and settings\Pamela\Application Data\Download Manager
2008-12-07 02:14 --------- d-----w c:\program files\7-Zip
2008-12-05 18:17 --------- d-----w c:\documents and settings\Pamela\Application Data\U3
2008-12-04 18:21 --------- d-----w c:\program files\iTunes
2008-12-04 18:21 --------- d-----w c:\program files\iPod
2008-12-04 18:21 --------- d-----w c:\program files\Common Files\Apple
2008-12-04 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 18:16 --------- d-----w c:\program files\QuickTime
2008-12-04 17:59 --------- d-----w c:\program files\Safari
2008-11-14 19:50 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-02-20 01:07 43 ----a-w c:\program files\blank.gif
2008-02-20 01:07 277,616 ----a-w c:\program files\TheWeatherChannel_dw5_Stubweather2.exe
2005-05-11 18:28 94,208 ----a-w c:\program files\mozilla firefox\components\BrandRes.dll
2005-05-11 18:28 150,912 ----a-w c:\program files\mozilla firefox\components\fullsoft.dll
2005-05-11 18:28 41,573 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2005-05-11 18:28 48,223 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2005-05-11 18:28 8,813 ----a-w c:\program files\mozilla firefox\components\qfaservices.dll
2005-05-11 18:28 159,335 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BFF62CC-31B6-340D-94AD-B370CBBFD352}]
2009-01-07 11:00 176128 --a------ c:\windows\system32\xel88277.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-07 185896]
"WebrootClientUI"="c:\program files\Webroot\Client\SpySweeperUI.exe" [2008-07-16 435616]
"bncsaui.exe"="c:\program files\Bradford Networks\Persistent Agent\bncsaui.exe" [2008-06-29 2612616]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"1135733207"="c:\documents and settings\All Users\Application Data\151917531\1135733207.exe" [2009-01-07 1843746]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-05-14 156784]
Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04 238080]
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2006-12-22 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\wkgszvx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S3 RTL8187B;TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\SYSTEM32\DRIVERS\RTL8187B.sys [2007-07-02 189312]
S4 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [2008-06-29 2944392]
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2005-05-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2008-04-13 18:12]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SpySweeperEnterprise - c:\program files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mStart Page = hxxp://exchange.wartburg.edu/

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puzfsdcc.default\
FF - component: c:\program files\Mozilla Firefox\components\qfaservices.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 22:22:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\WRLogonNtf.DLL
.
Completion time: 2009-01-07 22:24:26
ComboFix-quarantined-files.txt 2009-01-08 04:23:39

Pre-Run: 3,182,108,672 bytes free
Post-Run: 4,784,529,408 bytes free

258 --- E O F --- 2009-01-06 05:40:19

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:20 PM

Posted 24 January 2009 - 11:46 PM

Hello, rodg12
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Running fixes by proxy is generally not a good idea. Is there any way the person in question can post?

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 rodg12

rodg12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 25 January 2009 - 10:01 PM

Billy,

Thanks so much for the reply. I have informed my sister that you recommended she check in and communicate with you directly. She will be doing so shortly. Her username is wartburgtrack33. I will keep checking in on the thread and help her if she has any questions.


ETA: Looks like she can't reply to this post with her username. So, I'm going to have her reply using mine. Her post will be coming shortly.

Edited by rodg12, 25 January 2009 - 11:34 PM.


#5 rodg12

rodg12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 26 January 2009 - 01:48 PM

Hi Billy, This is rodg12's sister. I will follow your suggestions and let you know what happens. Thank you for your help.

~wartburgtrack33

#6 rodg12

rodg12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 26 January 2009 - 01:52 PM

I ran the program and here are the two reports that you wanted to be pasted.


OTView.Txt:

OTViewIt logfile created on: 1/26/2009 12:49:23 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Pamela\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 265.99 Mb Available Physical Memory | 34.73% Memory free
1.83 Gb Paging File | 1.39 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.52 Gb Total Space | 4.37 Gb Free Space | 13.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAMANDTRISH
Current User Name: Pamela
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
[2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/06/29 14:23:18 | 02,944,392 | ---- | M] () -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[2009/01/09 08:36:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[2005/03/30 15:03:26 | 01,872,384 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
[2008/04/13 18:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
[2004/10/14 13:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2003/09/03 19:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[2005/03/15 07:58:08 | 00,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
[2004/12/06 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
[2005/03/15 07:58:08 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
[2003/05/21 00:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[2004/03/04 09:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe
[2003/12/22 07:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
[2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
[2009/01/09 08:36:39 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2005/06/06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[2005/10/21 09:40:26 | 00,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
[2008/04/07 06:25:21 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/07/16 10:19:00 | 00,435,616 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Client\SpySweeperUI.exe
[2008/06/29 14:23:18 | 02,612,616 | ---- | M] () -- C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
[2008/08/03 17:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2005/10/28 06:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\dlcccoms.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2005/03/30 15:03:44 | 00,212,992 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
[2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/07/20 06:29:07 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008/06/10 16:18:10 | 00,785,520 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
[2006/12/22 10:17:32 | 00,598,016 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008/12/02 14:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/26 12:48:53 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pamela\Desktop\OTViewIt.exe
[2006/09/11 03:40:30 | 00,992,176 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

========== (O23) Win32 Services ==========

[2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
[2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/06/29 14:23:18 | 02,944,392 | ---- | M] () -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2005/10/28 06:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
File not found -- -- (DM1Service [Auto | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2007/01/24 08:10:32 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/01/09 08:36:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
File not found -- -- (navapsvc [Auto | Stopped])
[2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2005/03/30 15:03:26 | 01,872,384 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe -- (WebrootCommAgentService [Auto | Running])
[2005/03/30 15:03:46 | 01,812,992 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/07/02 21:06:02 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/02/10 14:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/15 21:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2003/05/02 20:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Running])
[2003/05/02 20:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL [Auto | Running])
[2009/01/23 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090123.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2009/01/23 03:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090123.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2007/03/07 17:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2006/12/26 13:58:02 | 00,189,312 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8187B.sys -- (RTL8187B [On_Demand | Stopped])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 08:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
[2005/01/27 14:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2008/07/16 10:15:34 | 00,020,336 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssfs0BB9.sys -- (SSFS0BB9 [Boot | Running])
[2008/07/16 10:15:34 | 00,021,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\DRIVERS\SSHRMD.SYS -- (SSHRMD [Boot | Running])
[2008/07/16 10:15:36 | 00,163,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\DRIVERS\SSIDRV.SYS -- (SSIDRV [Boot | Running])
[2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2005/03/15 14:33:52 | 00,123,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2004/02/04 09:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\SYSTEM32\DRIVERS\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
[2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://exchange.wartburg.edu/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://exchange.wartburg.edu/

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (872 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 new
127.0.0.1 new
127.0.0.1 new
r3HQZ]'TA!HF& 7Zi2E 3'BM.˾2͘GY}!":}am5 # Webroot SpySweeper entry

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} (HKLM) -- C:\WINDOWS\SYSTEM32\TwcToolbarBho.dll ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (HKLM) -- C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" (HKLM) -- C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2E5E800E-6AC0-411E-940A-369530A35E43}" (HKLM) -- C:\WINDOWS\SYSTEM32\TwcToolbarIe7.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"bncsaui.exe"=%ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe ()
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 ()
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" (Musicmatch Inc.)
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" (Musicmatch, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
"Webroot Spy Sweeper, Enterprise Edition"=C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe (Webroot Software, Inc.)
"WebrootClientUI"="C:\Program Files\Webroot\Client\SpySweeperUI.exe" (Webroot Software, Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2004/09/01 10:56:34 | 00,156,784 | -H-- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
[2005/09/20 18:10:04 | 00,238,080 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
[2006/12/22 10:17:32 | 00,598,016 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoCDBurning"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&MSN Search: C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll [2005/06/15 20:02:08 | 00,577,232 | ---- | M] (Microsoft Corporation)
&Search: Reg Error: Value does not exist or could not be read. File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Open in new background tab: C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll [2005/08/01 16:18:58 | 00,078,848 | ---- | M] (Microsoft Corporation)
Open in new foreground tab: C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll [2005/08/01 16:18:58 | 00,078,848 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\Software\Microsoft\Internet Explorer\MenuExt\]
&MSN Search: C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll [2005/06/15 20:02:08 | 00,577,232 | ---- | M] (Microsoft Corporation)
&Search: Reg Error: Value does not exist or could not be read. File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Open in new background tab: C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll [2005/08/01 16:18:58 | 00,078,848 | ---- | M] (Microsoft Corporation)
Open in new foreground tab: C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll [2005/08/01 16:18:58 | 00,078,848 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2E5E800E-6AC0-411E-940A-369530A35E43}: Button: The Weather Channel -- Reg Error: Key does not exist or could not be opened. File not found
{2E5E800E-6AC0-411E-940A-369530A35E43}: Menu: The Weather Channel -- File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 -- Windows Genuine Advantage Validation Tool
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc2.cab -- Office Update Installation Engine
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab -- DLM Control
{5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/Facebo...otoUploader.cab -- Facebook Photo Uploader Control
{74C861A1-D548-4916-BC8A-FDE92EDFF62C}: http://mediaplayer.walmart.com/installer/install.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{A8F2B9BD-A6A0-486A-9744-18920D898429}: http://www.sibelius.com/download/software/...tiveXPlugin.cab -- ScorchPlugin Class
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab -- ZoneIntro Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_04
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1B9DDFCC-CF74-4172-AA8F-5A9586A6AEF9} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{44E86920-94C2-473A-BDE4-F3F35EB2E0AC} (Servers: | Description: TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\SYSTEM32\NavLogon.dll ()
WRNotifier: "DllName" = WRLogonNtf.DLL -- C:\WINDOWS\SYSTEM32\WRLogonNtf.DLL (Webroot Software, Inc.)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
iexplore.exe:"Debugger" = C:\WINDOWS\system32\wkgszvx.exe File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/11 16:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ff550be-bbe5-11dc-9eff-0014d1362be8}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ff550be-bbe5-11dc-9eff-0014d1362be8}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ff550be-bbe5-11dc-9eff-0014d1362be8}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ff550c0-bbe5-11dc-9eff-0014d1362be8}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ff550c0-bbe5-11dc-9eff-0014d1362be8}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ff550c0-bbe5-11dc-9eff-0014d1362be8}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2a55fe8-7e81-11db-9d90-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2a55fe8-7e81-11db-9d90-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2a55fe8-7e81-11db-9d90-00038a000015}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/26 12:48:52 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pamela\Desktop\OTViewIt.exe
[2009/01/24 23:02:38 | 00,000,121 | ---- | C] () -- C:\wallpaper_log.html
[2009/01/24 23:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\Animated Screensaver Maker
[2009/01/22 23:08:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\My Documents\Screensavers2
[2009/01/22 23:06:37 | 00,201,728 | ---- | C] (ScreenTime Media) -- C:\Documents and Settings\All Users\Documents\Harry Potter Order of the Phoenix.scr
[2009/01/22 23:06:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Harry Potter Order of the Phoenix dir
[2009/01/22 23:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HarryPotter_setup
[2009/01/22 23:03:09 | 00,471,040 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\HarryPotter_screensaver_pc.scr
[2009/01/22 23:03:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\HarryPotter_screensaver_pc dir
[2009/01/22 23:02:15 | 01,806,450 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\HarryPotter_setup.zip
[2009/01/22 19:57:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\My Documents\Temps
[2009/01/21 08:29:33 | 00,261,366 | ---- | C] () -- C:\Documents and Settings\Pamela\Desktop\obamainauguration012009.pdf
[2009/01/19 22:46:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/01/19 16:16:57 | 00,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Calculator.lnk
[2009/01/19 16:16:56 | 00,000,000 | ---D | C] -- C:\Program Files\Moffsoft FreeCalc
[2009/01/19 16:16:13 | 00,782,433 | ---- | C] (Moffsoft ) -- C:\Documents and Settings\All Users\Documents\MoffFreeCalcSetup.exe
[2009/01/18 17:37:41 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Pamela\Desktop\Windows Media Player.lnk
[2009/01/18 17:30:34 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/01/18 17:30:32 | 80,326,2464 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/18 17:12:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/01/18 17:08:26 | 16,710,688 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Pamela\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/01/13 09:04:38 | 00,001,754 | ---- | C] () -- C:\Documents and Settings\Pamela\Desktop\The Weather Channel Desktop.lnk
[2009/01/13 09:03:32 | 00,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2009/01/10 16:53:23 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/10 13:11:11 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/01/09 10:36:53 | 00,000,000 | ---D | C] -- C:\49672c618e1a2f641b2c
[2009/01/08 19:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\Local Settings\Application Data\Mozilla
[2009/01/08 19:15:05 | 07,518,240 | ---- | C] (Mozilla) -- C:\Documents and Settings\All Users\Documents\Firefox Setup 3.0.5.exe
[2009/01/08 12:56:35 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Pamela\Desktop\IE7-WindowsXP-x86-enu-2.exe
[2009/01/08 09:07:24 | 00,000,776 | ---- | C] () -- C:\Documents and Settings\Pamela\Desktop\Shortcut to SPYSWEEPER.lnk
[2009/01/08 09:07:16 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\Pamela\Desktop\Shortcut to SpySweeperUI.lnk
[2009/01/08 08:51:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\Application Data\Malwarebytes
[2009/01/08 08:51:11 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/08 08:51:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/08 08:51:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/08 08:51:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/08 08:51:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/07 22:24:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/01/07 22:11:49 | 00,000,000 | ---D | C] -- C:\MyComboFix
[2009/01/07 21:59:36 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/07 21:59:32 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/07 21:59:26 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/01/07 21:57:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/07 21:57:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/07 21:57:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/07 21:57:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/07 21:57:18 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/07 21:57:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/07 21:57:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/07 21:57:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/07 21:57:18 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/07 21:57:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/07 21:57:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/07 21:07:46 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Pamela\Application Data\61a44a292ee8cc98
[2009/01/07 21:07:27 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Pamela\Application Data\f80e9f63a882607b
[2009/01/07 12:12:50 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/01/07 12:12:40 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/01/07 12:12:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\My Documents\a-squared Free
[2009/01/07 11:54:53 | 00,005,120 | -HS- | C] () -- C:\Program Files\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Program Files\Thumbs.db:encryptable
[2009/01/07 11:20:34 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Pamela\Application Data\bc51dcd3ae0b201
[2009/01/07 11:10:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\151917531
[2009/01/07 11:06:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\Application Data\s_5849_OTl8fHx8OTl8fHwxMjQzOTc3Njk1fA_
[2009/01/07 11:01:22 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Pamela\Application Data\46da395f8f0ab0d
[2009/01/07 11:01:16 | 00,000,124 | -H-- | C] () -- C:\Documents and Settings\Pamela\Local Settings\Application Data\Thumbs.db
[2009/01/07 11:00:55 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\svchоst.exe
** - C:\WINDOWS\System32\svch?st.exe
[2009/01/07 11:00:52 | 00,182,272 | ---- | C] () -- C:\Program Files\Common Files\Ndm399a2rL.exe
[2009/01/07 08:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\Application Data\alot
[2009/01/05 23:24:27 | 00,000,000 | ---D | C] -- C:\Program Files\alot
[2009/01/05 23:24:08 | 00,575,504 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\movie.exe
[2009/01/05 22:36:17 | 00,000,000 | ---D | C] -- C:\Program Files\Twighlightthemoviescreens
[2009/01/05 22:35:00 | 06,044,845 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Twighlightthemoviescreens1.0.exe
[2009/01/05 21:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\My Documents\2009 Stuff
[2009/01/05 19:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\My Documents\World Religions
[2009/01/03 23:06:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\My Documents\Picture Motion Browser
[2009/01/03 22:40:25 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/01/03 22:40:17 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/01/03 22:40:08 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/01/03 22:40:08 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/01/03 22:39:54 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/01/03 22:39:53 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/01/03 22:39:52 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/01/03 22:39:51 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/01/03 22:39:49 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/01/03 22:39:49 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/01/03 22:39:48 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/01/03 22:39:47 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/01/03 22:39:46 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/01/03 22:39:46 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/01/03 22:39:45 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/01/03 22:39:44 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/01/03 22:39:28 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/01/03 22:39:27 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/01/03 22:39:27 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/01/03 22:39:26 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/01/03 22:39:25 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/01/03 22:39:24 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/01/03 22:39:23 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/01/03 22:39:21 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/01/03 22:39:20 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/01/03 22:39:17 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/01/03 22:28:03 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/01/03 19:23:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pamela\Application Data\Media Player Classic
[2009/01/03 19:17:16 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/01/03 19:17:05 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\Pamela\Desktop\DVD slideshow GUI.lnk
[2009/01/03 19:16:40 | 00,000,000 | ---D | C] -- C:\Program Files\DVD slideshow GUI

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/26 12:48:53 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pamela\Desktop\OTViewIt.exe
[2009/01/26 08:13:30 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\Pamela\My Documents\My Sharing Folders.lnk
[2009/01/26 08:11:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/01/26 08:06:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/26 08:06:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/01/26 08:06:36 | 80,326,2464 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/24 23:02:45 | 00,000,121 | ---- | M] () -- C:\wallpaper_log.html
[2009/01/22 23:23:07 | 00,000,874 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/22 23:10:52 | 00,012,288 | ---- | M] () -- C:\WINDOWS\impborl.dll
[2009/01/22 23:10:22 | 00,471,040 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\HarryPotter_screensaver_pc.scr
[2009/01/22 23:02:30 | 01,806,450 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\HarryPotter_setup.zip
[2009/01/22 20:13:14 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Pamela\Desktop\Word 2003.lnk
[2009/01/22 09:45:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/21 08:29:36 | 00,261,366 | ---- | M] () -- C:\Documents and Settings\Pamela\Desktop\obamainauguration012009.pdf
[2009/01/19 16:16:57 | 00,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Calculator.lnk
[2009/01/19 16:16:17 | 00,782,433 | ---- | M] (Moffsoft ) -- C:\Documents and Settings\All Users\Documents\MoffFreeCalcSetup.exe
[2009/01/18 21:23:52 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/01/18 21:23:51 | 00,000,728 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/01/18 17:37:42 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Pamela\Desktop\Windows Media Player.lnk
[2009/01/18 17:29:47 | 00,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/18 17:29:35 | 00,445,156 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/18 17:29:35 | 00,384,596 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/01/18 17:29:35 | 00,054,280 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/01/18 17:28:58 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2009/01/18 17:17:34 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Pamela\My Documents\DESKTOP.INI
[2009/01/18 17:08:46 | 16,710,688 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Pamela\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/01/13 09:04:38 | 00,001,754 | ---- | M] () -- C:\Documents and Settings\Pamela\Desktop\The Weather Channel Desktop.lnk
[2009/01/12 23:06:18 | 00,026,624 | -HS- | M] () -- C:\Documents and Settings\Pamela\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Pamela\My Documents\Thumbs.db:encryptable
[2009/01/09 19:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/08 19:16:34 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/01/08 19:15:37 | 07,518,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\All Users\Documents\Firefox Setup 3.0.5.exe
[2009/01/08 12:56:34 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Pamela\Desktop\IE7-WindowsXP-x86-enu-2.exe
[2009/01/08 09:07:24 | 00,000,776 | ---- | M] () -- C:\Documents and Settings\Pamela\Desktop\Shortcut to SPYSWEEPER.lnk
[2009/01/08 09:07:16 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\Pamela\Desktop\Shortcut to SpySweeperUI.lnk
[2009/01/08 08:51:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/07 21:08:27 | 04,278,026 | -H-- | M] () -- C:\Documents and Settings\Pamela\Local Settings\Application Data\IconCache.db
[2009/01/07 21:07:46 | 00,003,262 | ---- | M] () -- C:\Documents and Settings\Pamela\Application Data\61a44a292ee8cc98
[2009/01/07 21:07:27 | 00,003,262 | ---- | M] () -- C:\Documents and Settings\Pamela\Application Data\f80e9f63a882607b
[2009/01/07 14:45:00 | 00,000,124 | -H-- | M] () -- C:\Documents and Settings\Pamela\Local Settings\Application Data\Thumbs.db
[2009/01/07 12:12:51 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/01/07 11:20:34 | 00,003,262 | ---- | M] () -- C:\Documents and Settings\Pamela\Application Data\bc51dcd3ae0b201
[2009/01/07 11:10:51 | 00,108,424 | ---- | M] () -- C:\Documents and Settings\Pamela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/07 11:01:22 | 00,003,262 | ---- | M] () -- C:\Documents and Settings\Pamela\Application Data\46da395f8f0ab0d
[2009/01/07 11:00:55 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchоst.exe
** - C:\WINDOWS\System32\svch?st.exe
[2009/01/05 23:24:22 | 00,575,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\movie.exe
[2009/01/05 22:35:22 | 06,044,845 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Twighlightthemoviescreens1.0.exe
[2009/01/04 18:39:00 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:56 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 11:30:30 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Pamela\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/03 23:32:50 | 00,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/03 22:43:01 | 00,376,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/03 19:17:05 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\Pamela\Desktop\DVD slideshow GUI.lnk
< End of report >


Extras.txt:

OTViewIt Extras logfile created on: 1/26/2009 12:49:23 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Pamela\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 265.99 Mb Available Physical Memory | 34.73% Memory free
1.83 Gb Paging File | 1.39 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.52 Gb Total Space | 4.37 Gb Free Space | 13.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAMANDTRISH
Current User Name: Pamela
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
[2004/04/07 11:07:34 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2004/09/01 10:56:56 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
[2004/04/07 11:07:34 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2004/09/01 10:56:56 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2006/01/21 12:16:30 | 00,036,864 | ---- | M] () -- C:\Program Files\Maple 10\jre\bin\maple.exe:*:Enabled:maple
[2006/01/21 12:15:20 | 00,024,681 | ---- | M] () -- C:\Program Files\Maple 10\jre\bin\java.exe:*:Enabled:java
[2008/04/07 06:25:30 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2005/02/15 10:36:40 | 00,565,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client
[2006/12/15 01:31:06 | 00,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2007/03/13 23:31:28 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/06/29 14:23:18 | 02,944,392 | ---- | M] () -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe:*:Enabled:Bradford Persistent Agent
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/12/22 07:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}"=Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}"=Symantec AntiVirus Client
"{10C69612-017B-45F5-B986-7D113D5A2EA3}"=MSN Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160010}"=Java™ SE Development Kit 6 Update 1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{3414C7E8-F883-445E-9994-E410D7E5B1F4}"=Bradford Persistent Agent
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}"=Jasc Paint Shop Photo Album 5
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe Photoshop Album Starter Edition 3.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}"=Safari
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{697836DE-03BB-4C4C-9B06-CAFC93D0A506}"=Webroot Spy Sweeper Enterprise Client
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6E179C77-7335-458D-9537-4F4EAC0181ED}"=Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}"=EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}"=Python 2.4.3
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}"=Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7B478ACE-8512-4A46-ACB2-69D83DF2F6C7}"=Digital Voice Recorder
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}"=MSN Search Toolbar
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"=Musicmatch Jukebox
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}"=Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}"=WordPerfect Office 12
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B8A432E2-D541-4F48-B9E8-243BEEC3D158}"=Wal-Mart Music Downloads Store
"{C43421C0-0DCB-4F26-8A3B-BF16155F9879}"=TRENDnet TEW-424UB
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}"=Adobe Photoshop Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}"=HP Deskjet 3740
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FE7D7E78-B9FD-4CAE-B223-10C6E5B307E7}"=Webroot Client
"7-Zip"=7-Zip 4.62
"AC3Filter"=AC3Filter (remove only)
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"alotToolbar"=ALOT Toolbar
"America Online us"=America Online (Choose which version to remove)
"AOL Connectivity Services"=AOL Connectivity Services
"AOLCoach"=AOL Coach Version 1.0(Build:20040229.1 en)
"a-squared Free_is1"=a-squared Free 4.0
"AviSynth"=AviSynth 2.5
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1"=DVD slideshow GUI 0.9.0.9
"Bubblet!"=Bubblet!
"Coupon Printer for Windows4.0"=Coupon Printer for Windows
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Dell Photo AIO Printer 924"=Dell Photo AIO Printer 924
"HarryPotter_screensaver_pc"=HarryPotter_screensaver_pc Screen Saver
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ie8"=Windows Internet Explorer 8 Beta 2
"InstallShield_{C43421C0-0DCB-4F26-8A3B-BF16155F9879}"=TRENDnet TEW-424UB
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch"=Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
"LiveUpdate"=LiveUpdate 1.80 (Symantec Corporation)
"Mah Jong Medley"=Mah Jong Medley
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Maple 10"=Maple 10
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MoffFreeCalc_is1"=Moffsoft FreeCalc
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"MyEmo"=MyEmoticons
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Pirates of the Caribbean"=Pirates of the Caribbean Screen Saver
"PROSet"=Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0"=RealPlayer
"Shockwave"=Shockwave
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.3
"StreetPlugin"=Learn2 Player (Uninstall Only)
"The Oregon Trail"=The Oregon Trail
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6
"The Weather Channel Toolbar"=The Weather Channel Toolbar
"TheSky"=Software Bisque TheSky (Remove only)
"TightVNC_is1"=TightVNC 1.2.9
"Twighlightthemoviescreens 1.0_is1"=Twighlightthemoviescreens 1.0
"ViewpointMediaPlayer"=Viewpoint Media Player
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xena Season One"=Xena Season One Screen Saver
"Xvid_is1"=Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check"=ESPN Java Check
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2869354029-3859267071-476805174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check"=ESPN Java Check
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2009 10:37:38 AM | Computer Name = PAMANDTRISH | Source = WebrootSpySweeperService | ID = 0
Description =

Error - 1/23/2009 8:17:38 AM | Computer Name = PAMANDTRISH | Source = WebrootSpySweeperService | ID = 0
Description =

Error - 1/23/2009 10:15:33 PM | Computer Name = PAMANDTRISH | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\Documents and Settings\Patricia\Local
Settings\Temporary Internet Files\Content.IE5\6PGZI9I5\2_z[1].htm by: Defwatch
scan. Action: Leave Alone succeeded :

Error - 1/23/2009 10:15:33 PM | Computer Name = PAMANDTRISH | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\windows\ctfmon.exe
by: Defwatch scan. Action: Leave Alone succeeded :

Error - 1/23/2009 10:15:33 PM | Computer Name = PAMANDTRISH | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP647\A0066595.exe
by: Defwatch scan. Action: Leave Alone succeeded :

Error - 1/24/2009 7:02:50 AM | Computer Name = PAMANDTRISH | Source = WebrootSpySweeperService | ID = 0
Description =

Error - 1/24/2009 10:44:40 PM | Computer Name = PAMANDTRISH | Source = WebrootSpySweeperService | ID = 0
Description =

Error - 1/25/2009 11:21:28 AM | Computer Name = PAMANDTRISH | Source = WebrootSpySweeperService | ID = 0
Description =

Error - 1/26/2009 10:06:45 AM | Computer Name = PAMANDTRISH | Source = WebrootSpySweeperService | ID = 0
Description =

Error - 1/26/2009 2:50:00 PM | Computer Name = PAMANDTRISH | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: C:\Program Files\Common
Files\Ndm399a2rL.exe by: Realtime Protection scan. Action: Quarantine succeeded
: Access denied

[ System Events ]
Error - 1/26/2009 2:31:10 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:33:11 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:35:12 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:37:12 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:39:13 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:41:14 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:43:15 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:45:15 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:47:16 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.

Error - 1/26/2009 2:49:17 PM | Computer Name = PAMANDTRISH | Source = DCOM | ID = 10010
Description = The server {0BDEAA4D-0722-406F-BD43-10935AC25E0E} did not register
with DCOM within the required timeout.


< End of report >

#7 rodg12

rodg12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 26 January 2009 - 03:39 PM

Here is the gmer log file:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-26 14:37:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 837DD758 ZwAllocateVirtualMemory
SSDT 837E1488 ZwCreateKey
SSDT 837A6588 ZwCreateProcess
SSDT 837A6510 ZwCreateProcessEx
SSDT 837A6330 ZwCreateThread
SSDT 837A95A8 ZwDeleteKey
SSDT 837A7230 ZwDeleteValueKey
SSDT 837DD7D0 ZwQueueApcThread
SSDT 837DD668 ZwReadVirtualMemory
SSDT 837C8600 ZwRenameKey
SSDT 837A61C8 ZwSetContextThread
SSDT 837C8958 ZwSetInformationKey
SSDT 837A6420 ZwSetInformationProcess
SSDT 837A6240 ZwSetInformationThread
SSDT 837EB100 ZwSetValueKey
SSDT 837A63A8 ZwSuspendProcess
SSDT 837DD848 ZwSuspendThread
SSDT 837A6498 ZwTerminateProcess
SSDT 837A62B8 ZwTerminateThread
SSDT 837DD6E0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[220] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 837DD4F8
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 837DD5F0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 837DD5F0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 837DD4F8
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 837DD4F8
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 837DD5F0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 837DD5F0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 837DD4F8
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 837DD5F0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 837DD4F8
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 837DD5F0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 837DD5F0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 837DD4F8

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip 8334CC80
Device \Driver\Tcpip \Device\Ip 83234A18
Device \Driver\Tcpip \Device\Ip 831E21C0
Device \Driver\Tcpip \Device\Ip 836AB0B0
Device \Driver\Tcpip \Device\Ip 835E0108
Device \Driver\Tcpip \Device\Tcp 8334CC80
Device \Driver\Tcpip \Device\Tcp 83234A18
Device \Driver\Tcpip \Device\Tcp 831E21C0
Device \Driver\Tcpip \Device\Tcp 836AB0B0
Device \Driver\Tcpip \Device\Tcp 835E0108
Device \Driver\Tcpip \Device\Udp 8334CC80
Device \Driver\Tcpip \Device\Udp 83234A18
Device \Driver\Tcpip \Device\Udp 831E21C0
Device \Driver\Tcpip \Device\Udp 836AB0B0
Device \Driver\Tcpip \Device\Udp 835E0108
Device \Driver\Tcpip \Device\RawIp 8334CC80
Device \Driver\Tcpip \Device\RawIp 83234A18
Device \Driver\Tcpip \Device\RawIp 831E21C0
Device \Driver\Tcpip \Device\RawIp 836AB0B0
Device \Driver\Tcpip \Device\RawIp 835E0108
Device \Driver\Tcpip \Device\IPMULTICAST 8334CC80
Device \Driver\Tcpip \Device\IPMULTICAST 83234A18
Device \Driver\Tcpip \Device\IPMULTICAST 831E21C0
Device \Driver\Tcpip \Device\IPMULTICAST 836AB0B0
Device \Driver\Tcpip \Device\IPMULTICAST 835E0108
Device \FileSystem\Fastfat \Fat EC87ED20

AttachedDevice \FileSystem\Fastfat \Fat SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{4AF70395-A10B-3644-1705-89E9FC5BAE81}\InprocServer32@ C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\en-us\msn_slps.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{4AF70395-A10B-3644-1705-89E9FC5BAE81}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\DefaultIcon@ %SystemRoot%\system32\autodisc.dll,7
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InProcServer32@ %SystemRoot%\system32\autodisc.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ AutoDiscovery.Mail.1
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\TypeLib@ {4EAFB888-81CB-4eba-BAC9-DA254E5721F1}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\VersionIndependentProgID@ AutoDiscovery.Mail

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Pamela\Local Settings\Temporary Internet Files\Content.IE5\HMVBQDH5\videoByTag[1].aspx 0 bytes

---- EOF - GMER 1.0.14 ----

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:20 PM

Posted 26 January 2009 - 03:55 PM

Hello, rodg12
Please have wartburgtrack33 start a new thread, and I will take it immedately. Due to protections in the board software, your friend will not be able to directly reply to this thread.

Just reply here with a link to the topic to which he/she can reply so that he/she isn't waiting :thumbsup:

We need to repair your Hosts file
  • Download HostsXpert.zip
  • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click "Restore Microsoft's Hosts file" and then click "OK".
  • Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AF70395-A10B-3644-1705-89E9FC5BAE81}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}]
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply (In a new thread), please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 rodg12

rodg12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 26 January 2009 - 07:50 PM

Billy,
I had wartburgtrack33 start a new thread like you asked. Here's the link:

http://www.bleepingcomputer.com/forums/t/198412/ie-doesnt-work-2/

She will be posting everything to that thread now. Thanks for your help.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:20 PM

Posted 27 January 2009 - 08:56 PM

Hello, rodg12

You're welcome :thumbsup:

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users