Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All of a sudden I have multiple administrator accounts


  • Please log in to reply
18 replies to this topic

#1 bsgranpa

bsgranpa

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 15 February 2009 - 05:48 PM

When I was looking for a particular file, I noticed that there were new Administrator accounts. I don't know where they came from and I don't know if they are a problem. Any guidance will be appreciated. The "Documents & Settings" folder has the following folders: (Without the "quotes")

"Administrator"
"Administrator.TOSHIBA-USER"
"Administrator.TOSHIBA-USER.000"
"Administrator.TOSHIBA-USER.001"
"All Users"
"Bill"
"Owner"

Per Boopme's instructions, follows the DDS and zipped "Attach" is attached.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Bill at 14:39:50.91 on Sun 02/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1382 [GMT -8:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.toshiba.com/search
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [WFXSwtch] c:\progra~1\winfax\WFXSWTCH.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TFNF5] TFNF5.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [B'sCLiP] c:\progra~1\b'scli~1\win2k\BSCLIP.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\batter~1.lnk - c:\program files\dachshund software\battery doubler\Battery Doubler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\contro~1.lnk - c:\program files\winfax\WFXCTL32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216949824097
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\ivvhdqnx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\bill\application data\mozilla\firefox\profiles\ivvhdqnx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-2-9 10112]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2004-2-17 395008]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-2-6 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-11-5 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090215.002\NAVENG.SYS [2009-2-15 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090215.002\NAVEX15.SYS [2009-2-15 876112]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-7-25 1251720]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S2 mrtRate;mrtRate; [x]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-1-7 30946]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-7-26 58240]

=============== Created Last 30 ================

2009-02-03 09:33 <DIR> --d----- c:\windows\system32\NtmsData
2009-01-26 16:06 <DIR> --d----- c:\program files\REFN
2009-01-26 16:05 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-25 16:09 <DIR> --d----- c:\program files\Carbonite
2009-01-25 16:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Carbonite

==================== Find3M ====================

2009-01-07 21:33 30,946 a------- c:\windows\system32\drivers\Partizan.sys
2009-01-07 21:33 28,672 a------- c:\windows\system32\Partizan.exe
2009-01-07 16:17 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-07 16:17 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-07 16:17 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-07 16:17 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-09-23 18:22 2 a--shrot c:\windows\winstart.bat

============= FINISH: 14:40:16.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:02 AM

Posted 27 February 2009 - 11:12 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:02 AM

Posted 03 March 2009 - 09:11 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:02 AM

Posted 08 March 2009 - 10:51 PM

Thread opened at originators request.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 bsgranpa

bsgranpa
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 09 March 2009 - 09:38 AM

DDS Notepad follows, Zipped "Attach" is attached. Thanks in advance.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Bill at 7:34:08.62 on Mon 03/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1386 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\Integrator.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.toshiba.com/search
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [WFXSwtch] c:\progra~1\winfax\WFXSWTCH.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TFNF5] TFNF5.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [B'sCLiP] c:\progra~1\b'scli~1\win2k\BSCLIP.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\batter~1.lnk - c:\program files\dachshund software\battery doubler\Battery Doubler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\contro~1.lnk - c:\program files\winfax\WFXCTL32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216949824097
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\ivvhdqnx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\bill\application data\mozilla\firefox\profiles\ivvhdqnx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-2-9 10112]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2004-2-17 395008]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-2-6 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090308.003\NAVENG.SYS [2009-3-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090308.003\NAVEX15.SYS [2009-3-8 876144]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-7-25 1251720]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S2 mrtRate;mrtRate; [x]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-1-7 30946]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-7-26 58240]

=============== Created Last 30 ================


==================== Find3M ====================

2009-01-07 22:33 28,672 a------- c:\windows\system32\Partizan.exe
2009-01-07 17:17 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-09-23 19:22 2 a--shrot c:\windows\winstart.bat

============= FINISH: 7:34:20.61 ===============

Attached Files



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:02 AM

Posted 09 March 2009 - 09:52 PM

Hello, bsgranpa
We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 bsgranpa

bsgranpa
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 10 March 2009 - 09:44 PM

Thanks in advance: Please note, I am posting GMER in the next reply so that I can close all programs for the GMER scan.


OTListIt logfile created on: 3/10/2009 7:36:04 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.33% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 32.89 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: Off

========== Processes (SafeList) ==========

PRC - [2003/12/16 16:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2003/12/16 16:47:42 | 00,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2003/12/02 18:05:54 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2003/05/23 14:38:26 | 00,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2008/01/19 20:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2003/09/24 19:00:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/12/16 16:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2003/10/21 11:26:14 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
PRC - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE
PRC - [2001/11/27 13:14:14 | 00,541,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2007/12/20 17:13:46 | 01,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2003/12/16 16:43:06 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\System32\1XConfig.exe
PRC - [2001/11/27 13:14:14 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wfxsnt40.exe
PRC - [2001/11/27 13:14:14 | 00,027,648 | ---- | M] () -- C:\Program Files\WinFax\WFXSWTCH.exe
PRC - [2003/09/25 11:19:40 | 00,278,528 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2003/01/21 19:00:06 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
PRC - [2003/09/25 11:19:10 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2003/07/18 18:41:26 | 00,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2003/05/30 20:25:02 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/05/30 20:23:14 | 00,614,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2003/08/03 17:01:14 | 00,086,073 | ---- | M] (SigmaTel Inc.) -- C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
PRC - [2008/01/19 20:01:08 | 02,245,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2003/01/02 17:16:38 | 00,172,032 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2002/08/20 11:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\System32\ezSP_Px.exe
PRC - [2007/01/09 22:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/02/04 06:43:00 | 01,409,024 | ---- | M] () -- C:\Program Files\B's CLiP\Win2K\BsCLiP.exe
PRC - [2003/04/18 12:20:10 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2003/04/15 21:01:28 | 00,258,048 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\System32\00THotkey.exe
PRC - [2004/02/06 18:31:13 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2003/09/05 04:24:46 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2007/09/17 16:37:22 | 00,228,352 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2001/10/11 17:35:02 | 00,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/11/27 13:14:12 | 00,549,376 | ---- | M] () -- C:\Program Files\WinFax\WFXCTL32.EXE
PRC - [2003/03/14 12:38:12 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2003/01/15 11:46:24 | 00,151,552 | ---- | M] (Dachshund Software) -- C:\WINDOWS\Integrator.exe
PRC - [2008/07/25 13:41:51 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/06/10 04:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/09 16:13:26 | 00,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/01/09 16:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
PRC - [2009/03/08 22:20:37 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2003/10/20 09:37:58 | 00,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\toshiba\ivp\ism\ivpsvmgr.exe
PRC - [2009/03/10 19:33:32 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/01/09 16:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2003/12/02 18:05:54 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/01/12 20:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2003/05/23 14:38:26 | 00,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2008/01/19 20:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2003/09/24 19:00:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/12/16 16:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2003/12/16 16:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2003/10/21 11:26:14 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
SRV - [2008/07/25 13:41:51 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2007/12/20 17:13:46 | 01,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService [On_Demand | Running])
SRV - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/12/20 14:07:34 | 01,164,576 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2003/08/28 23:20:44 | 00,323,296 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2004/02/04 02:08:00 | 00,010,112 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\BsStor.sys -- (BsStor [Boot | Running])
DRV - [2004/02/02 20:05:46 | 00,395,008 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\BsUDF.sys -- (BsUDF [Auto | Running])
DRV - [2007/11/16 19:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/02/25 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/02/25 02:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2002/11/18 18:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gv3.sys -- (gv3 [On_Demand | Stopped])
DRV - [2008/07/24 19:34:19 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2003/10/24 14:53:14 | 00,090,416 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2009/03/08 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090310.017\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/08 02:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090310.017\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2003/01/29 15:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2003/09/24 19:00:00 | 01,370,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009/01/07 22:33:13 | 00,030,946 | ---- | M] (Greatis Software) -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan [On_Demand | Stopped])
DRV - [2003/02/12 10:03:54 | 00,015,143 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
DRV - [2002/10/01 10:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2007/04/01 03:45:22 | 00,027,520 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCBus.sys -- (PTDCBus [On_Demand | Stopped])
DRV - [2007/04/01 03:45:26 | 00,041,728 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys -- (PTDCMdm [On_Demand | Stopped])
DRV - [2007/04/01 03:45:30 | 00,039,808 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys -- (PTDCVsp [On_Demand | Stopped])
DRV - [2007/04/30 17:30:14 | 00,058,240 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys -- (PTDCWWAN [On_Demand | Stopped])
DRV - [2003/03/31 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/10 17:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/09/15 10:20:18 | 00,011,258 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/09/11 12:54:32 | 00,038,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
DRV - [2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2003/07/17 19:19:32 | 00,230,416 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/07 17:17:31 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2008/09/12 00:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090303.001\symidsco.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,035,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/12/20 17:13:54 | 00,136,416 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap [Boot | Running])
DRV - [2007/01/09 15:32:13 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2003/05/30 19:56:22 | 00,271,728 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2003/06/11 09:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\TBiosDrv.sys -- (TBiosDrv [Auto | Running])
DRV - [2003/05/14 18:38:32 | 00,025,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Running])
DRV - [2003/08/07 16:52:00 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ [Boot | Running])
DRV - [2008/01/19 19:45:40 | 00,038,112 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\v2imount.sys -- (v2imount [Auto | Running])
DRV - [2008/01/19 19:40:16 | 00,015,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
DRV - [2004/01/02 03:52:34 | 01,646,720 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys -- (w22n51 [On_Demand | Running])
DRV - [2003/03/27 15:57:24 | 02,379,776 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w70n51.sys -- (w70n51 [On_Demand | Stopped])
DRV - [2008/01/19 20:12:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/10 19:33:31 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe
[2009/03/10 17:27:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/02/27 07:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Colvin Ranch
[2009/02/25 19:51:03 | 21,464,22784 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/15 22:31:11 | 14,173,572 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Blog pix.zip
[2009/02/15 22:30:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Blog pix
[2009/02/15 20:22:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Orders & Confirmations
[2009/02/15 20:18:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\TurboTax Home&Business 2008
[2009/02/15 19:40:54 | 15,648,8132 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\TTHB.rar
[2009/02/14 21:02:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Tissot
[2009/02/13 19:26:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Kuhn Pictures

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/10 19:33:32 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe
[2009/03/10 07:52:57 | 00,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Backup Drive.lnk
[2009/03/10 07:25:02 | 00,000,928 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/10 07:22:55 | 00,000,078 | ---- | M] () -- C:\WINDOWS\battery.dat
[2009/03/10 07:22:32 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/10 07:20:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/10 07:20:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/10 07:20:43 | 21,464,22784 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/09 07:43:03 | 00,068,096 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/08 19:03:45 | 00,476,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 19:03:45 | 00,404,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 19:03:45 | 00,064,454 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 19:01:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/26 08:09:37 | 00,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2009/02/25 19:44:29 | 00,000,226 | -HS- | M] () -- C:\boot.ini
[2009/02/25 19:44:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/15 22:31:14 | 14,173,572 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Blog pix.zip
[2009/02/15 20:06:45 | 15,648,8132 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\TTHB.rar
< End of report >


Extras.Txt follows:

OTListIt Extras logfile created on: 3/10/2009 7:36:04 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.33% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 32.89 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: Off

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1028389966-4210244197-1746441282-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{1754526F-3874-453F-9C34-C8C4E4AB6C02}" = Symantec Real Time Storage Protection Component
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = B's CLiP
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = GearDrvs
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel® PROSet for Wireless
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82}" = SurfHere by Toshiba
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F658AA94-DAA4-4984-80E7-0EB2A10D816C}" = Battery Doubler 1.2.1
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AT&T Connection Services Software" = AT&T Connection Services Manager
"Carbonite Backup" = Carbonite
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.2
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Power Saver" = TOSHIBA Power Saver
"PROSet" = Intel® Network Connections Drivers
"QuickTime" = QuickTime
"RealAlt_is1" = Real Alternative 1.9.0
"RegistryFix_is1" = RegistryFix v6.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = Toshiba Hotkey Utility for Display Devices
"TOSHIBA Access" = TOSHIBA Access
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.05.00
"UnHackMe_is1" = UnHackMe 4.80 release
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinFax" = Symantec WinFax PRO
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2009 10:47:51 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3306, faulting module
unknown, version 0.0.0.0, fault address 0x04000000.

Error - 2/28/2009 1:22:31 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2009 1:25:26 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:05:44 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:06:01 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:09:03 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:09:07 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:11:17 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:11:23 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:24:09 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 2/25/2009 10:47:51 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3306, faulting module
unknown, version 0.0.0.0, fault address 0x04000000.

Error - 2/28/2009 1:22:31 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2009 1:25:26 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:05:44 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:06:01 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:09:03 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:09:07 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:11:17 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:11:23 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:24:09 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/9/2009 10:06:11 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/9/2009 10:06:11 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D

Error - 3/9/2009 6:37:22 PM | Computer Name = TOSHIBA-USER | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.

Error - 3/10/2009 12:36:14 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/10/2009 12:36:14 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D

Error - 3/10/2009 1:44:33 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/10/2009 1:44:41 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D

Error - 3/10/2009 10:20:55 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 3/10/2009 10:22:31 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/10/2009 10:22:31 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D


< End of report >

#8 bsgranpa

bsgranpa
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 March 2009 - 12:27 AM

GMER log

GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-10 22:26:15
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 8A53EB98 ZwAlertResumeThread
SSDT 8A55EBE0 ZwAlertThread
SSDT 8A5624F8 ZwAllocateVirtualMemory
SSDT 8A3B0068 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB8E32020]
SSDT 8A4097C0 ZwCreateMutant
SSDT 8A42A190 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB8E322A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB8E32800]
SSDT 8A60EBE8 ZwFreeVirtualMemory
SSDT 8A47E620 ZwImpersonateAnonymousToken
SSDT 8A4F3CE8 ZwImpersonateThread
SSDT 8A427CC8 ZwMapViewOfSection
SSDT 8A464B00 ZwOpenEvent
SSDT 8A5570A8 ZwOpenProcessToken
SSDT 8A47B990 ZwOpenThreadToken
SSDT 89D765E8 ZwResumeThread
SSDT 8A539148 ZwSetContextThread
SSDT 8A47D380 ZwSetInformationProcess
SSDT 8A4609B0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB8E32A50]
SSDT 8A45ED58 ZwSuspendProcess
SSDT 8A55B9C0 ZwSuspendThread
SSDT 8A552B20 ZwTerminateProcess
SSDT 8A55B460 ZwTerminateThread
SSDT 8A53C678 ZwUnmapViewOfSection
SSDT 8A55D5E0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 90 804E26EC 2 Bytes [F8, 24]
.text ntoskrnl.exe!_abnormal_termination + 93 804E26EF 1 Byte [8A]
.text ntoskrnl.exe!_abnormal_termination + 198 804E27F4 4 Bytes CALL 19D888E4
.text ntoskrnl.exe!_abnormal_termination + 1B8 804E2814 4 Bytes CALL B1D87755
.text ntoskrnl.exe!_abnormal_termination + 384 804E29E0 4 Bytes CALL F9D8014A

---- EOF - GMER 1.0.15 ----

#9 bsgranpa

bsgranpa
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 March 2009 - 06:51 AM

I thought that I might have done the GMER scan incorrectly so I did it again.

GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-10 22:26:15
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 8A53EB98 ZwAlertResumeThread
SSDT 8A55EBE0 ZwAlertThread
SSDT 8A5624F8 ZwAllocateVirtualMemory
SSDT 8A3B0068 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB8E32020]
SSDT 8A4097C0 ZwCreateMutant
SSDT 8A42A190 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB8E322A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB8E32800]
SSDT 8A60EBE8 ZwFreeVirtualMemory
SSDT 8A47E620 ZwImpersonateAnonymousToken
SSDT 8A4F3CE8 ZwImpersonateThread
SSDT 8A427CC8 ZwMapViewOfSection
SSDT 8A464B00 ZwOpenEvent
SSDT 8A5570A8 ZwOpenProcessToken
SSDT 8A47B990 ZwOpenThreadToken
SSDT 89D765E8 ZwResumeThread
SSDT 8A539148 ZwSetContextThread
SSDT 8A47D380 ZwSetInformationProcess
SSDT 8A4609B0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB8E32A50]
SSDT 8A45ED58 ZwSuspendProcess
SSDT 8A55B9C0 ZwSuspendThread
SSDT 8A552B20 ZwTerminateProcess
SSDT 8A55B460 ZwTerminateThread
SSDT 8A53C678 ZwUnmapViewOfSection
SSDT 8A55D5E0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 90 804E26EC 2 Bytes [F8, 24]
.text ntoskrnl.exe!_abnormal_termination + 93 804E26EF 1 Byte [8A]
.text ntoskrnl.exe!_abnormal_termination + 198 804E27F4 4 Bytes CALL 19D888E4
.text ntoskrnl.exe!_abnormal_termination + 1B8 804E2814 4 Bytes CALL B1D87755
.text ntoskrnl.exe!_abnormal_termination + 384 804E29E0 4 Bytes CALL F9D8014A

---- EOF - GMER 1.0.15 ----

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:02 AM

Posted 11 March 2009 - 08:22 PM

Hello :thumbup2:

Please take a new OTLI, but make sure both registry sections are set to "SafeList"... these important sections are missing from your log.

Company Name Whitelist: Off

Please recheck the box that says "Company Name Whitelist"... makes the log a lot easier to read.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 bsgranpa

bsgranpa
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 March 2009 - 09:52 PM

Thanks Billy3, I certainly appreciate any help.

OTListIt logfile created on: 3/11/2009 7:48:34 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.02% Memory free
3.85 Gb Paging File | 2.16 Gb Available in Paging File | 56.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 32.00 Gb Free Space | 25.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2003/12/16 16:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2003/12/16 16:47:42 | 00,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2003/12/02 18:05:54 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2003/05/23 14:38:26 | 00,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2008/01/19 20:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2003/09/24 19:00:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/12/16 16:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2003/10/21 11:26:14 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
PRC - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE
PRC - [2001/11/27 13:14:14 | 00,541,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2007/12/20 17:13:46 | 01,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2003/12/16 16:43:06 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\System32\1XConfig.exe
PRC - [2001/11/27 13:14:14 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wfxsnt40.exe
PRC - [2001/11/27 13:14:14 | 00,027,648 | ---- | M] () -- C:\Program Files\WinFax\WFXSWTCH.exe
PRC - [2003/09/25 11:19:40 | 00,278,528 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2003/01/21 19:00:06 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
PRC - [2003/09/25 11:19:10 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2003/07/18 18:41:26 | 00,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2003/05/30 20:25:02 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/05/30 20:23:14 | 00,614,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2003/08/03 17:01:14 | 00,086,073 | ---- | M] (SigmaTel Inc.) -- C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
PRC - [2008/01/19 20:01:08 | 02,245,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2003/01/02 17:16:38 | 00,172,032 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2002/08/20 11:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\System32\ezSP_Px.exe
PRC - [2007/01/09 22:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/02/04 06:43:00 | 01,409,024 | ---- | M] () -- C:\Program Files\B's CLiP\Win2K\BsCLiP.exe
PRC - [2003/04/18 12:20:10 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2003/04/15 21:01:28 | 00,258,048 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\System32\00THotkey.exe
PRC - [2004/02/06 18:31:13 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2003/09/05 04:24:46 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2007/09/17 16:37:22 | 00,228,352 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2001/10/11 17:35:02 | 00,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/11/27 13:14:12 | 00,549,376 | ---- | M] () -- C:\Program Files\WinFax\WFXCTL32.EXE
PRC - [2003/03/14 12:38:12 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2003/01/15 11:46:24 | 00,151,552 | ---- | M] (Dachshund Software) -- C:\WINDOWS\Integrator.exe
PRC - [2008/07/25 13:41:51 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/06/10 04:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/09 16:13:26 | 00,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/01/09 16:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
PRC - [2003/10/20 09:37:58 | 00,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\toshiba\ivp\ism\ivpsvmgr.exe
PRC - [2009/03/08 22:20:37 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/10 19:33:32 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/01/09 16:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2003/12/02 18:05:54 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/01/12 20:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2003/05/23 14:38:26 | 00,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2008/01/19 20:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2003/09/24 19:00:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/12/16 16:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2003/12/16 16:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2003/10/21 11:26:14 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
SRV - [2008/07/25 13:41:51 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2007/12/20 17:13:46 | 01,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService [On_Demand | Running])
SRV - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/12/20 14:07:34 | 01,164,576 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2003/08/28 23:20:44 | 00,323,296 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2004/02/04 02:08:00 | 00,010,112 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\BsStor.sys -- (BsStor [Boot | Running])
DRV - [2004/02/02 20:05:46 | 00,395,008 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\BsUDF.sys -- (BsUDF [Auto | Running])
DRV - [2007/11/16 19:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/02/25 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/02/25 02:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2002/11/18 18:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gv3.sys -- (gv3 [On_Demand | Stopped])
DRV - [2008/07/24 19:34:19 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2003/10/24 14:53:14 | 00,090,416 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2009/03/08 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090311.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/08 02:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090311.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2003/01/29 15:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2003/09/24 19:00:00 | 01,370,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009/01/07 22:33:13 | 00,030,946 | ---- | M] (Greatis Software) -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan [On_Demand | Stopped])
DRV - [2003/02/12 10:03:54 | 00,015,143 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
DRV - [2002/10/01 10:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2007/04/01 03:45:22 | 00,027,520 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCBus.sys -- (PTDCBus [On_Demand | Stopped])
DRV - [2007/04/01 03:45:26 | 00,041,728 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys -- (PTDCMdm [On_Demand | Stopped])
DRV - [2007/04/01 03:45:30 | 00,039,808 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys -- (PTDCVsp [On_Demand | Stopped])
DRV - [2007/04/30 17:30:14 | 00,058,240 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys -- (PTDCWWAN [On_Demand | Stopped])
DRV - [2003/03/31 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/10 17:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/09/15 10:20:18 | 00,011,258 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/09/11 12:54:32 | 00,038,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
DRV - [2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2003/07/17 19:19:32 | 00,230,416 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/07 17:17:31 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2008/09/12 00:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090303.001\symidsco.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,035,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/12/20 17:13:54 | 00,136,416 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap [Boot | Running])
DRV - [2007/01/09 15:32:13 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2003/05/30 19:56:22 | 00,271,728 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2003/06/11 09:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\TBiosDrv.sys -- (TBiosDrv [Auto | Running])
DRV - [2003/05/14 18:38:32 | 00,025,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Running])
DRV - [2003/08/07 16:52:00 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ [Boot | Running])
DRV - [2008/01/19 19:45:40 | 00,038,112 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\v2imount.sys -- (v2imount [Auto | Running])
DRV - [2008/01/19 19:40:16 | 00,015,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
DRV - [2004/01/02 03:52:34 | 01,646,720 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys -- (w22n51 [On_Demand | Running])
DRV - [2003/03/27 15:57:24 | 02,379,776 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w70n51.sys -- (w70n51 [On_Demand | Stopped])
DRV - [2008/01/19 20:12:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.406
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/08 22:20:43 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/08 22:20:42 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Extensions [2008/07/25 14:25:40 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/07/25 14:25:40 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\ivvhdqnx.default\extensions [2009/03/11 08:04:28 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\ivvhdqnx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/03/09 21:58:06 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\ivvhdqnx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}-trash [2009/03/09 21:58:06 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\ivvhdqnx.default\extensions\LogMeInClient@logmein.com [2009/02/18 07:26:57 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2008/07/25 14:25:27 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/08 22:20:42 00,000,000 | ---D | M]

O1 HOSTS File: (48402 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [000StTHK] 000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe ()
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet (NVIDIA Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFNF5] TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe ()
O4 - HKLM..\Run: [WinFaxAppPortStarter] wfxsnt40.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Sites: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1216949824097 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\System32\LgNotify.dll - c:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WfxSeh32.Dll (Symantec Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/10 19:45:05 | 00,285,184 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\gmer.exe
[2009/03/10 19:40:29 | 00,276,983 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\gmer.zip
[2009/03/10 19:33:31 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe
[2009/03/10 17:27:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/02/27 07:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Colvin Ranch
[2009/02/25 19:51:03 | 21,464,22784 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/15 22:31:11 | 14,173,572 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Blog pix.zip
[2009/02/15 22:30:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Blog pix
[2009/02/15 20:22:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Orders & Confirmations
[2009/02/15 20:18:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\TurboTax Home&Business 2008
[2009/02/15 19:40:54 | 15,648,8132 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\TTHB.rar
[2009/02/14 21:02:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Tissot
[2009/02/13 19:26:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Kuhn Pictures

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/11 10:21:20 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 19:40:29 | 00,276,983 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\gmer.zip
[2009/03/10 19:33:32 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe
[2009/03/10 07:52:57 | 00,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Backup Drive.lnk
[2009/03/10 07:25:02 | 00,000,928 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/10 07:22:55 | 00,000,078 | ---- | M] () -- C:\WINDOWS\battery.dat
[2009/03/10 07:22:32 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/10 07:20:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/10 07:20:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/10 07:20:43 | 21,464,22784 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/08 19:03:45 | 00,476,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 19:03:45 | 00,404,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 19:03:45 | 00,064,454 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 19:01:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/08 08:43:44 | 00,285,184 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\gmer.exe
[2009/02/26 08:09:37 | 00,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2009/02/25 19:44:29 | 00,000,226 | -HS- | M] () -- C:\boot.ini
[2009/02/25 19:44:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/15 22:31:14 | 14,173,572 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Blog pix.zip
[2009/02/15 20:06:45 | 15,648,8132 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\TTHB.rar
< End of report >

OTListIt Extras logfile created on: 3/11/2009 7:48:34 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.02% Memory free
3.85 Gb Paging File | 2.16 Gb Available in Paging File | 56.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 32.00 Gb Free Space | 25.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{1754526F-3874-453F-9C34-C8C4E4AB6C02}" = Symantec Real Time Storage Protection Component
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = B's CLiP
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = GearDrvs
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel® PROSet for Wireless
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82}" = SurfHere by Toshiba
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F658AA94-DAA4-4984-80E7-0EB2A10D816C}" = Battery Doubler 1.2.1
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AT&T Connection Services Software" = AT&T Connection Services Manager
"Carbonite Backup" = Carbonite
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.2
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Power Saver" = TOSHIBA Power Saver
"PROSet" = Intel® Network Connections Drivers
"QuickTime" = QuickTime
"RealAlt_is1" = Real Alternative 1.9.0
"RegistryFix_is1" = RegistryFix v6.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = Toshiba Hotkey Utility for Display Devices
"TOSHIBA Access" = TOSHIBA Access
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.05.00
"UnHackMe_is1" = UnHackMe 4.80 release
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinFax" = Symantec WinFax PRO
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2009 10:47:51 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3306, faulting module
unknown, version 0.0.0.0, fault address 0x04000000.

Error - 2/28/2009 1:22:31 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2009 1:25:26 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:05:44 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:06:01 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:09:03 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:09:07 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:11:17 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:11:23 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:24:09 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 2/25/2009 10:47:51 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3306, faulting module
unknown, version 0.0.0.0, fault address 0x04000000.

Error - 2/28/2009 1:22:31 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2009 1:25:26 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:05:44 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:06:01 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:09:03 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:09:07 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:11:17 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2009 10:11:23 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1001
Description = Fault bucket 20271770.

Error - 3/8/2009 10:24:09 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/11/2009 11:47:53 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/11/2009 11:48:00 AM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D

Error - 3/11/2009 1:17:07 PM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/11/2009 1:17:15 PM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D

Error - 3/11/2009 1:20:55 PM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/11/2009 1:21:02 PM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D

Error - 3/11/2009 1:21:28 PM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/11/2009 1:21:35 PM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D

Error - 3/11/2009 10:35:39 PM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Dynamic -> Performance 3D

Error - 3/11/2009 10:35:40 PM | Computer Name = TOSHIBA-USER | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition: Performance 3D -> LowPower
3D


< End of report >

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:02 AM

Posted 11 March 2009 - 10:35 PM

Hello, bsgranpa
I believe those Docs n' Settings folders are actually legit -- no malware is showing in your logs. The next steps are more housekeeping than anything else, as well as a second opinion from ESET.

We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otli
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
    O15 - HKLM\..Trusted Sites: localhost ([]http in Local intranet)
    :commands
    [EmptyTemp]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 12.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

We need to run an OTListIt2 Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    C:\Documents and Settings\
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTListIt2 Fix Log
  • OTListIt2 Scan Log (With custom scan)
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 bsgranpa

bsgranpa
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 12 March 2009 - 10:20 AM

========== OTLISTIT ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ ProxyEnable| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\localhost not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Bill\Local Settings\Temp\etilqs_aJQcvkCl4cV9DcAbWzUm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Temp\Perflib_Perfdata_244.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Temp\Perflib_Perfdata_82c.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Temp\Perflib_Perfdata_fe4.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Temp\~DF1A0A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Temp\~DF3E25.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Temp\~DF3E3F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETD441.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETD4EB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_308.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_504.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a5c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_dcc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.3.5 log created on 03112009_210851

Files moved on Reboot...
File C:\Documents and Settings\Bill\Local Settings\Temp\etilqs_aJQcvkCl4cV9DcAbWzUm not found!
File C:\Documents and Settings\Bill\Local Settings\Temp\Perflib_Perfdata_244.dat not found!
File C:\Documents and Settings\Bill\Local Settings\Temp\Perflib_Perfdata_82c.dat not found!
File C:\Documents and Settings\Bill\Local Settings\Temp\Perflib_Perfdata_fe4.dat not found!
C:\Documents and Settings\Bill\Local Settings\Temp\~DF1A0A.tmp moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\~DF3E25.tmp moved successfully.
File C:\Documents and Settings\Bill\Local Settings\Temp\~DF3E3F.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\JETD441.tmp not found!
File C:\WINDOWS\temp\JETD4EB.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_308.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_504.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_a5c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_dcc.dat not found!
File move failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\urlclassifier3.sqlite scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Bill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivvhdqnx.default\XUL.mfl scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTListIt logfile created on: 3/12/2009 6:44:29 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.24% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 33.52 Gb Free Space | 26.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2003/12/16 16:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2003/12/16 16:47:42 | 00,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2009/01/09 16:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
PRC - [2003/12/02 18:05:54 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2003/05/23 14:38:26 | 00,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2008/01/19 20:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2003/09/24 19:00:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/12/16 16:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2003/10/21 11:26:14 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
PRC - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE
PRC - [2001/11/27 13:14:14 | 00,541,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2007/12/20 17:13:46 | 01,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2003/12/16 16:43:06 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\System32\1XConfig.exe
PRC - [2001/11/27 13:14:14 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wfxsnt40.exe
PRC - [2001/11/27 13:14:14 | 00,027,648 | ---- | M] () -- C:\Program Files\WinFax\WFXSWTCH.exe
PRC - [2003/09/25 11:19:40 | 00,278,528 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2003/09/25 11:19:10 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2003/01/21 19:00:06 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
PRC - [2003/07/18 18:41:26 | 00,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2003/05/30 20:25:02 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/05/30 20:23:14 | 00,614,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2003/08/03 17:01:14 | 00,086,073 | ---- | M] (SigmaTel Inc.) -- C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
PRC - [2008/01/19 20:01:08 | 02,245,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2003/01/02 17:16:38 | 00,172,032 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2002/08/20 11:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\System32\ezSP_Px.exe
PRC - [2007/01/09 22:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/02/04 06:43:00 | 01,409,024 | ---- | M] () -- C:\Program Files\B's CLiP\Win2K\BsCLiP.exe
PRC - [2003/04/18 12:20:10 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2003/04/15 21:01:28 | 00,258,048 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\System32\00THotkey.exe
PRC - [2004/02/06 18:31:13 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2009/01/09 16:13:26 | 00,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2003/09/05 04:24:46 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2007/09/17 16:37:22 | 00,228,352 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2001/10/11 17:35:02 | 00,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/11/27 13:14:12 | 00,549,376 | ---- | M] () -- C:\Program Files\WinFax\WFXCTL32.EXE
PRC - [2003/03/14 12:38:12 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2003/01/15 11:46:24 | 00,151,552 | ---- | M] (Dachshund Software) -- C:\WINDOWS\Integrator.exe
PRC - [2009/03/12 06:36:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/10/20 09:37:58 | 00,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\toshiba\ivp\ism\ivpsvmgr.exe
PRC - [2008/07/25 13:41:51 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2004/08/04 00:56:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/03/08 22:20:37 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/10 19:33:32 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/01/09 16:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2003/12/02 18:05:54 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/01/12 20:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2003/05/23 14:38:26 | 00,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2008/01/19 20:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2003/09/24 19:00:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/12/16 16:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2003/12/16 16:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2003/10/21 11:26:14 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
SRV - [2008/07/25 13:41:51 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2007/12/20 17:13:46 | 01,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService [On_Demand | Running])
SRV - [2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/03/12 06:36:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2002/12/20 14:07:34 | 01,164,576 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2003/08/28 23:20:44 | 00,323,296 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2004/02/04 02:08:00 | 00,010,112 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\BsStor.sys -- (BsStor [Boot | Running])
DRV - [2004/02/02 20:05:46 | 00,395,008 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\BsUDF.sys -- (BsUDF [Auto | Running])
DRV - [2007/11/16 19:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/02/25 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/02/25 02:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2002/11/18 18:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gv3.sys -- (gv3 [On_Demand | Stopped])
DRV - [2008/07/24 19:34:19 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2003/10/24 14:53:14 | 00,090,416 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2009/03/08 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090311.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/08 02:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090311.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2003/01/29 15:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2003/09/24 19:00:00 | 01,370,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009/01/07 22:33:13 | 00,030,946 | ---- | M] (Greatis Software) -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan [On_Demand | Stopped])
DRV - [2003/02/12 10:03:54 | 00,015,143 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
DRV - [2002/10/01 10:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2007/04/01 03:45:22 | 00,027,520 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCBus.sys -- (PTDCBus [On_Demand | Stopped])
DRV - [2007/04/01 03:45:26 | 00,041,728 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys -- (PTDCMdm [On_Demand | Stopped])
DRV - [2007/04/01 03:45:30 | 00,039,808 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys -- (PTDCVsp [On_Demand | Stopped])
DRV - [2007/04/30 17:30:14 | 00,058,240 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys -- (PTDCWWAN [On_Demand | Stopped])
DRV - [2003/03/31 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/10 17:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/09/15 10:20:18 | 00,011,258 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/09/11 12:54:32 | 00,038,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
DRV - [2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2003/07/17 19:19:32 | 00,230,416 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/07 17:17:31 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2008/09/12 00:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090303.001\symidsco.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,035,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2007/01/09 15:32:13 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/12/20 17:13:54 | 00,136,416 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap [Boot | Running])
DRV - [2007/01/09 15:32:13 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2003/05/30 19:56:22 | 00,271,728 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2003/06/11 09:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\TBiosDrv.sys -- (TBiosDrv [Auto | Running])
DRV - [2003/05/14 18:38:32 | 00,025,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Running])
DRV - [2003/08/07 16:52:00 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ [Boot | Running])
DRV - [2008/01/19 19:45:40 | 00,038,112 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\v2imount.sys -- (v2imount [Auto | Running])
DRV - [2008/01/19 19:40:16 | 00,015,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
DRV - [2004/01/02 03:52:34 | 01,646,720 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys -- (w22n51 [On_Demand | Running])
DRV - [2003/03/27 15:57:24 | 02,379,776 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w70n51.sys -- (w70n51 [On_Demand | Stopped])
DRV - [2008/01/19 20:12:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.406
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/03/12 06:36:03 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/08 22:20:43 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/12 06:36:20 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Extensions [2008/07/25 14:25:40 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/07/25 14:25:40 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\ivvhdqnx.default\extensions [2009/03/12 06:37:12 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\ivvhdqnx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/03/09 21:58:06 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\ivvhdqnx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}-trash [2009/03/09 21:58:06 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Bill\Application Data\mozilla\Firefox\Profiles\ivvhdqnx.default\extensions\LogMeInClient@logmein.com [2009/02/18 07:26:57 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/12 06:37:12 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/08 22:20:42 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/03/12 06:36:22 00,000,000 | ---D | M]

O1 HOSTS File: (610711 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 www.a9rhiwa.cn
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16252 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [000StTHK] 000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe ()
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet (NVIDIA Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFNF5] TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe ()
O4 - HKLM..\Run: [WinFaxAppPortStarter] wfxsnt40.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Sites: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1216949824097 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\System32\LgNotify.dll - c:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WfxSeh32.Dll (Symantec Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1

========== Files/Folders - Created Within 30 Days ==========

[2009/03/11 21:15:41 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/11 21:15:41 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/03/11 21:11:42 | 16,278,936 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\jre-6u12-windows-i586-p.exe
[2009/03/11 21:08:51 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/11 21:02:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/03/11 21:00:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\My Albums
[2009/03/11 21:00:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\ArcSoft
[2009/03/10 19:45:05 | 00,285,184 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\gmer.exe
[2009/03/10 19:40:29 | 00,276,983 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\gmer.zip
[2009/03/10 19:33:31 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe
[2009/02/27 07:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Colvin Ranch
[2009/02/25 19:51:03 | 21,464,22784 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/15 22:31:11 | 14,173,572 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Blog pix.zip
[2009/02/15 22:30:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Blog pix
[2009/02/15 20:22:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Orders & Confirmations
[2009/02/15 20:18:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\TurboTax Home&Business 2008
[2009/02/15 19:40:54 | 15,648,8132 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\TTHB.rar
[2009/02/14 21:02:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Tissot
[2009/02/13 19:26:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Kuhn Pictures

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/12 06:36:49 | 00,000,928 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/12 06:36:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/12 06:36:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/03/12 06:34:47 | 00,000,078 | ---- | M] () -- C:\WINDOWS\battery.dat
[2009/03/12 06:32:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/12 06:32:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/12 06:32:17 | 21,464,22784 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/11 21:12:10 | 16,278,936 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\jre-6u12-windows-i586-p.exe
[2009/03/11 20:22:53 | 00,146,771 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\hosts.zip
[2009/03/11 10:21:20 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 19:40:29 | 00,276,983 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\gmer.zip
[2009/03/10 19:33:32 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTListIt2.exe
[2009/03/10 07:52:57 | 00,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Backup Drive.lnk
[2009/03/08 19:03:45 | 00,476,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 19:03:45 | 00,404,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 19:03:45 | 00,064,454 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 19:01:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/08 08:43:44 | 00,285,184 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\gmer.exe
[2009/02/26 08:09:37 | 00,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2009/02/25 19:44:29 | 00,000,226 | -HS- | M] () -- C:\boot.ini
[2009/02/25 19:44:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/15 22:31:14 | 14,173,572 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Blog pix.zip
[2009/02/15 20:06:45 | 15,648,8132 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\TTHB.rar
[2009/02/11 01:29:44 | 00,610,711 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

========== Custom Scans ==========


< C:\Documents and Settings\ >
< End of report >

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3930 (20090312)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=406d6c1a221f3c40aebe7dec39b4e565
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-12 03:18:07
# local_time=2009-03-12 08:18:07 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=458304
# found=0
# scan_time=4533

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:02 AM

Posted 12 March 2009 - 07:45 PM

Hello, bsgranpa
You Need to Update Windows (And other Microsoft Software)
Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista
  • Click the "Start Menu" (or Windows Orb)
  • Click "All Programs"
  • Click "Windows Update"
  • On the left, choose "Change Settings"
  • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
  • Press OK and accept the UAC prompt.
    Note: You shouldn't need to check this checkbox every single time you update, only the first time.
  • Click "Check for Updates" in the upper left corner.
  • Follow the instructions to install the latest updates.
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
In your next reply, please include the following:
  • A new OTListIt2 log (Scan Mode Again)

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 bsgranpa

bsgranpa
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 12 March 2009 - 09:29 PM

BillyIII, I have tried a couple of times in the past to update Windows. Twice now, I have had to fresh install and restore programs, settings and data. I'm not sure why it's been that way. I've tried to Google my specific hardware setup and Toshiba model to see if this is a common experience for others. It doesn't seem to be. So, I've slowly added some of the recommended updates only after "Ghosting". Once I get to the point where I experience operating problems, I reformat and install the last good working copy. Not too scientific an approach I know, but it has gotten me through so far. I was just concerned when I noticed the new administrator accounts. As you might imagine, I'm pretty paranoid so I knew that Bleeping Computer has some real great folks who could help see if I had a problem or not. Thanks very much for your help. I will be very happy to contribute to help you in your work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users