Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Signal Desktop Leaves Message Decryption Key in Plain Sight

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

Task Manager shows iexplore.exe running even when program is closed, PC is really slow!

Started by resse , Feb 26 2009 12:36 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 resse

resse

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:08:15 AM

Posted 26 February 2009 - 12:36 PM

Hello,

I'm having an issue with my PC in which the PC runs extremely slow. I was going over all running programs in task manager and noticed that iexplore.exe was running even when I had internet explorer closed. This also took about 60% of my CPU. So my original thought was that I had an issue with Viruses and Malware. I tried shutting down the iexplore.exe and it wont close out. I have provided all that was asked, so if anyone can help me, I'd greatly appreciate it!

Thanks!


DDS (Ver_09-02-01.01) - NTFSx86
Run by will at 9:27:13.90 on Thu 02/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.108 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k TapiSrv
C:\Program Files\Microsoft Office2k3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office2k\Office\WINWORD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\will\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://qben/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\reminder.lnk - \\nt1\userdata\home\everyone\checkin\Chklogin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi9191~1\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158362099517
DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} - hxxps://www6.wirelesssync.vzw.com/en/SyncInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://benefitstreet.webex.com/client/T23L/webex/ieatgpc.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R2 TvWksSvc;TeleVantage Workstation Service;c:\program files\common files\artisoft\televantage\TvWksSvc.exe [2007-3-28 102400]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090225.021\NAVENG.sys [2009-2-26 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090225.021\NAVEX15.sys [2009-2-26 876144]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]

=============== Created Last 30 ================

2009-02-25 11:11 <DIR> --d----- C:\HijackThis
2009-02-24 09:52 <DIR> --d----- c:\documents and settings\will\Contacts
2009-02-24 09:49 <DIR> --d----- c:\program files\MSN Messenger
2009-02-23 11:50 16,031 a------- c:\windows\system32\SETUP.INI
2009-02-23 11:50 99,656 a------- c:\windows\system32\KMPJLMN.DLL
2009-02-23 11:50 512,000 a------- c:\windows\system32\KCINST32.DLL
2009-02-23 11:50 46,877 a------- c:\windows\system32\KM-PMKN.DLL
2009-02-23 08:13 <DIR> --d----- c:\documents and settings\will

==================== Find3M ====================

2009-02-23 08:19 83,208 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-23 08:19 73,496 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 01:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 01:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 21:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 21:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 03:57 333,184 -------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 9:27:55.21 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 March 2009 - 10:44 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Download and Run OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTListIt2.exe and select Run As Administrator.
Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTListIt.txt where OTListIt.exe is located.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#3 resse

resse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:08:15 AM

Posted 10 March 2009 - 01:35 PM

Hello Panda,

I appreciate you taking out the time to help me with the issues I'm having. The computer is still having the same symptoms, running really slow and showing iexplore.exe running even when I have it closed. If I open up Internet Explorer it shows it running twice. I can shut down the one I opened through task manager but the one that was already running cant be shut down.

The only changes I have made are to some of my work documents in Word and Excel, other then that everything is exactly the same as was in my initial post.

I have attached the log you asked for and will paste the OTList logs. Thanks again!

-Resse

OTListIt logfile created on: 3/10/2009 9:27:41 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\will\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 132.31 Mb Available Physical Memory | 26.35% Memory free
1.20 Gb Paging File | 0.84 Gb Available in Paging File | 69.90% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 61.52 Gb Free Space | 82.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 136.66 Gb Total Space | 76.37 Gb Free Space | 55.88% Space Free | Partition Type: NTFS
Drive G: | 108.40 Gb Total Space | 1.26 Gb Free Space | 1.16% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 136.66 Gb Total Space | 76.37 Gb Free Space | 55.88% Space Free | Partition Type: NTFS
Drive J: | 61.68 Gb Total Space | 12.04 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
Drive L: | 29.26 Gb Total Space | 2.37 Gb Free Space | 8.10% Space Free | Partition Type: NTFS

Computer Name: WILLEMAXP
Current User Name: will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/13 08:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/29 17:44:06 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
PRC - [2007/03/28 15:18:40 | 00,102,400 | ---- | M] (Vertical Communications, Inc.) -- C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2003/05/21 01:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2007/07/08 15:05:39 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2004/08/04 03:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/18 22:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2003/07/14 22:45:18 | 00,196,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office2k3\OFFICE11\OUTLOOK.EXE
PRC - [2000/02/25 07:34:56 | 07,155,757 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office2k\Office\EXCEL.EXE
PRC - [2000/02/24 10:23:44 | 08,810,548 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office2k\Office\WINWORD.EXE
PRC - [2007/03/28 15:45:14 | 01,208,382 | ---- | M] (Vertical Communications, Inc.) -- C:\Program Files\TeleVantage\Client\TVClient.exe
PRC - [2009/03/10 09:27:14 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\will\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2009/02/24 18:23:30 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2004/02/13 08:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap [Auto | Running])
SRV - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/29 17:44:06 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/03/28 15:18:40 | 00,102,400 | ---- | M] (Vertical Communications, Inc.) -- C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe -- (TvWksSvc [Auto | Running])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/10/14 06:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/08/12 15:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/10/14 15:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2003/05/02 21:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Running])
DRV - [2003/05/02 21:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/02/12 17:04:35 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090309.003\naveng.sys -- (NAVENG [On_Demand | Running])
DRV - [2009/02/12 17:04:42 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090309.003\navex15.sys -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/02/13 08:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/08/17 04:41:08 | 01,022,040 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009/02/23 09:19:19 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2005/10/20 18:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://bsd.officedepot.com/;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qben/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reminder.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office2k3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1158362099517 (WUWebControl Class)
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} https://www6.wirelesssync.vzw.com/en/SyncInstall.cab (Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://benefitstreet.webex.com/client/T23L...bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/04/06 19:22:29 | 00,003,211 | ---- | M] () - I:\autoLogin.txt -- [ NTFS ]
O32 - AutoRun File - [2001/01/04 12:47:45 00,000,000 | ---D | M] - J:\Autodoc -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/03/10 09:28:29 | 00,276,983 | ---- | C] () -- C:\Documents and Settings\will\Desktop\gmer.zip
[2009/03/10 09:27:08 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\will\Desktop\OTListIt2.exe
[2009/03/09 16:18:41 | 00,512,000 | ---- | C] () -- C:\Documents and Settings\will\Desktop\QBI LLC EXPENSE REPORT_InWork.xls
[2009/03/06 18:41:59 | 00,067,072 | ---- | C] () -- C:\Documents and Settings\will\Desktop\401kStorageSetList.xls
[2009/03/04 11:26:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\AdobeUM
[2009/03/04 11:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\Adobe
[2009/03/04 11:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\My Documents\My eBooks
[2009/02/26 10:24:43 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\will\Desktop\dds.scr
[2009/02/25 12:47:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Desktop\LSPfix
[2009/02/25 12:46:38 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/02/25 12:36:25 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Shortcut to HijackThis.lnk
[2009/02/25 12:11:02 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/02/25 10:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Desktop\currentproposal
[2009/02/25 10:34:19 | 00,001,090 | ---- | C] () -- C:\Documents and Settings\will\Desktop\DCWIN_Scanners.lnk
[2009/02/24 10:56:23 | 00,000,588 | ---- | C] () -- C:\Documents and Settings\will\My Documents\My Sharing Folders.lnk
[2009/02/24 10:50:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\My Documents\My Received Files
[2009/02/24 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2009/02/24 10:15:40 | 00,000,300 | ---- | C] () -- C:\Documents and Settings\will\Desktop\will - 'qbidc1home_nt1' (F).lnk
[2009/02/23 13:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\Macromedia
[2009/02/23 13:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\Google
[2009/02/23 13:26:19 | 00,002,327 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2009/02/23 13:25:48 | 00,000,435 | ---- | C] () -- C:\Documents and Settings\will\Desktop\401kScanner.lnk
[2009/02/23 12:50:43 | 00,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2009/02/23 12:50:42 | 00,099,656 | ---- | C] (KYOCERA MITA Corporation) -- C:\WINDOWS\System32\KMPJLMN.DLL
[2009/02/23 12:50:38 | 00,512,000 | ---- | C] (Kyocera Technology Development) -- C:\WINDOWS\System32\KCINST32.DLL
[2009/02/23 12:50:38 | 00,046,877 | ---- | C] (KYOCERA MITA) -- C:\WINDOWS\System32\KM-PMKN.DLL
[2009/02/23 12:47:46 | 00,002,533 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Microsoft Office Outlook 2003.lnk
[2009/02/23 12:47:29 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\will\Desktop\WinZip 8.1 .lnk
[2009/02/23 12:47:17 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\will\Desktop\TeleVantage ViewPoint.lnk
[2009/02/23 12:47:01 | 00,002,529 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Microsoft Access.lnk
[2009/02/23 12:46:56 | 00,002,481 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Microsoft Word.lnk
[2009/02/23 12:46:52 | 00,002,479 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Microsoft Excel.lnk
[2009/02/23 09:15:57 | 00,000,320 | -H-- | C] () -- C:\Documents and Settings\will\My Documents\SWWATER.INI
[2009/02/23 09:14:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\Symantec
[2009/02/23 09:14:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\will\Application Data\desktop.ini
[2009/02/23 09:14:00 | 05,551,596 | -H-- | C] () -- C:\Documents and Settings\will\Local Settings\Application Data\IconCache.db
[2009/02/23 09:14:00 | 00,000,075 | -HS- | C] () -- C:\Documents and Settings\will\My Documents\desktop.ini
[2009/02/23 09:13:59 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\will\Start Menu\Programs\Startup\desktop.ini
[2009/02/23 09:13:59 | 00,000,000 | --SD | C] -- C:\Documents and Settings\will\Application Data\Microsoft
[2009/02/23 09:13:59 | 00,000,000 | R--D | C] -- C:\Documents and Settings\will\My Documents\My Pictures
[2009/02/23 09:13:59 | 00,000,000 | R--D | C] -- C:\Documents and Settings\will\My Documents\My Music
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\Microsoft
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\Google
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\ApplicationHistory
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\Identities
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/10 09:28:31 | 00,276,983 | ---- | M] () -- C:\Documents and Settings\will\Desktop\gmer.zip
[2009/03/10 09:27:14 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\will\Desktop\OTListIt2.exe
[2009/03/10 09:12:57 | 00,002,533 | ---- | M] () -- C:\Documents and Settings\will\Desktop\Microsoft Office Outlook 2003.lnk
[2009/03/10 09:12:57 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\will\Desktop\Microsoft Word.lnk
[2009/03/10 09:12:57 | 00,002,479 | ---- | M] () -- C:\Documents and Settings\will\Desktop\Microsoft Excel.lnk
[2009/03/10 09:09:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/10 09:07:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/10 09:07:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/10 00:33:16 | 05,551,596 | -H-- | M] () -- C:\Documents and Settings\will\Local Settings\Application Data\IconCache.db
[2009/03/09 16:23:55 | 00,512,000 | ---- | M] () -- C:\Documents and Settings\will\Desktop\QBI LLC EXPENSE REPORT_InWork.xls
[2009/03/09 11:38:16 | 00,428,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 11:38:15 | 00,072,626 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/09 11:38:14 | 00,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/06 18:41:59 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\will\Desktop\401kStorageSetList.xls
[2009/03/06 10:16:11 | 00,000,588 | ---- | M] () -- C:\Documents and Settings\will\My Documents\My Sharing Folders.lnk
[2009/02/26 10:24:46 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\will\Desktop\dds.scr
[2009/02/25 12:46:38 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/02/25 12:36:25 | 00,000,546 | ---- | M] () -- C:\Documents and Settings\will\Desktop\Shortcut to HijackThis.lnk
[2009/02/24 10:15:40 | 00,000,300 | ---- | M] () -- C:\Documents and Settings\will\Desktop\will - 'qbidc1home_nt1' (F).lnk
[2009/02/23 13:25:48 | 00,000,435 | ---- | M] () -- C:\Documents and Settings\will\Desktop\401kScanner.lnk
[2009/02/23 09:19:19 | 00,124,167 | ---- | M] () -- C:\WINDOWS\System32\SYMEVNT.386
[2009/02/23 09:19:19 | 00,083,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/02/23 09:19:19 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/02/23 09:15:57 | 00,000,320 | -H-- | M] () -- C:\Documents and Settings\will\My Documents\SWWATER.INI
[2009/02/23 09:14:17 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\will\My Documents\desktop.ini
[2009/02/23 09:08:46 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 21:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

Attached Files


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 March 2009 - 02:31 PM

Hello.

Let's see if running some updates fixes it.

Install From Windows Updates
Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please reboot and repeat this process until there are no more updates to install.

Take a new OTLIstIt log after please.

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#5 resse

resse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:08:15 AM

Posted 11 March 2009 - 04:12 PM

Hello,

I have taken your advice and installed what I could from the Windows update page. However I'm having an issue with Service Pack 3. Everything was downloaded and installed except this service pack. When the installation process of this service pack starts up it just doesnt advance. I left the PC on over night to attempt to finish the installation and when I got up this morning it was still at the same percent as it was the night before. Every other update that came up through windows updated seemed to complete just fine. I have taken the new OTlist logs from the last update that completed.


OTListIt logfile created on: 3/11/2009 1:58:42 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\will\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 69.60 Mb Available Physical Memory | 13.86% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.64% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 60.43 Gb Free Space | 81.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 136.66 Gb Total Space | 76.09 Gb Free Space | 55.68% Space Free | Partition Type: NTFS
Drive G: | 108.40 Gb Total Space | 1.22 Gb Free Space | 1.12% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 136.66 Gb Total Space | 76.09 Gb Free Space | 55.68% Space Free | Partition Type: NTFS
Drive J: | 61.68 Gb Total Space | 12.04 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
Drive L: | 29.26 Gb Total Space | 2.35 Gb Free Space | 8.03% Space Free | Partition Type: NTFS

Computer Name: WILLEMAXP
Current User Name: will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/13 08:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/29 17:44:06 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
PRC - [2007/03/28 15:18:40 | 00,102,400 | ---- | M] (Vertical Communications, Inc.) -- C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2003/05/21 01:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2007/07/08 15:05:39 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/08/04 03:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007/08/10 20:46:20 | 00,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\update\update.exe
PRC - [2008/12/18 22:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/10 09:27:14 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\will\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/24 18:23:30 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2004/02/13 08:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/29 17:44:06 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/03/28 15:18:40 | 00,102,400 | ---- | M] (Vertical Communications, Inc.) -- C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe -- (TvWksSvc [Auto | Running])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/10/14 06:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/08/12 15:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/10/14 15:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2003/05/02 21:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Running])
DRV - [2003/05/02 21:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/02/12 17:04:35 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090310.017\naveng.sys -- (NAVENG [On_Demand | Running])
DRV - [2009/02/12 17:04:42 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090310.017\navex15.sys -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/02/13 08:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/08/17 04:41:08 | 01,022,040 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009/02/23 09:19:19 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2005/10/20 18:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://bsd.officedepot.com/;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qben/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> %SystemRoot%\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/03/11 10:17:41 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reminder.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office2k3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1158362099517 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236804719460 (MUWebControl Class)
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} https://www6.wirelesssync.vzw.com/en/SyncInstall.cab (Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://benefitstreet.webex.com/client/T23L...bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/04/06 19:22:29 | 00,003,211 | ---- | M] () - I:\autoLogin.txt -- [ NTFS ]
O32 - AutoRun File - [2001/01/04 12:47:45 00,000,000 | ---D | M] - J:\Autodoc -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/11 13:34:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/03/11 10:15:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/03/11 10:15:06 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/03/11 10:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/03/11 10:13:07 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/03/11 10:13:07 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/03/11 10:13:07 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/03/11 10:13:07 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/03/11 10:13:07 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/03/11 10:13:06 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/03/11 10:13:06 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/03/11 10:13:05 | 00,000,000 | ---D | C] -- C:\8f25ad8eafe965046256e8008a30c7f5
[2009/03/11 10:12:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/11 10:05:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/03/10 16:41:43 | 00,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2009/03/10 16:41:43 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2009/03/10 09:39:57 | 00,285,184 | ---- | C] () -- C:\Documents and Settings\will\Desktop\gmer.exe
[2009/03/10 09:27:08 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\will\Desktop\OTListIt2.exe
[2009/03/09 16:18:41 | 00,512,000 | ---- | C] () -- C:\Documents and Settings\will\Desktop\QBI LLC EXPENSE REPORT_InWork.xls
[2009/03/06 18:41:59 | 00,067,072 | ---- | C] () -- C:\Documents and Settings\will\Desktop\401kStorageSetList.xls
[2009/03/04 11:26:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\AdobeUM
[2009/03/04 11:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\Adobe
[2009/03/04 11:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\My Documents\My eBooks
[2009/02/26 10:24:43 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\will\Desktop\dds.scr
[2009/02/25 12:47:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Desktop\LSPfix
[2009/02/25 12:46:38 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/02/25 12:36:25 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Shortcut to HijackThis.lnk
[2009/02/25 12:11:02 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/02/25 10:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Desktop\currentproposal
[2009/02/25 10:34:19 | 00,001,090 | ---- | C] () -- C:\Documents and Settings\will\Desktop\DCWIN_Scanners.lnk
[2009/02/24 10:56:23 | 00,000,588 | ---- | C] () -- C:\Documents and Settings\will\My Documents\My Sharing Folders.lnk
[2009/02/24 10:50:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\My Documents\My Received Files
[2009/02/24 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2009/02/24 10:15:40 | 00,000,300 | ---- | C] () -- C:\Documents and Settings\will\Desktop\will - 'qbidc1home_nt1' (F).lnk
[2009/02/23 13:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\Macromedia
[2009/02/23 13:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\Google
[2009/02/23 13:26:19 | 00,002,327 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2009/02/23 13:25:48 | 00,000,435 | ---- | C] () -- C:\Documents and Settings\will\Desktop\401kScanner.lnk
[2009/02/23 12:50:43 | 00,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2009/02/23 12:50:42 | 00,099,656 | ---- | C] (KYOCERA MITA Corporation) -- C:\WINDOWS\System32\KMPJLMN.DLL
[2009/02/23 12:50:38 | 00,512,000 | ---- | C] (Kyocera Technology Development) -- C:\WINDOWS\System32\KCINST32.DLL
[2009/02/23 12:50:38 | 00,046,877 | ---- | C] (KYOCERA MITA) -- C:\WINDOWS\System32\KM-PMKN.DLL
[2009/02/23 12:47:46 | 00,002,533 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Microsoft Office Outlook 2003.lnk
[2009/02/23 12:47:29 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\will\Desktop\WinZip 8.1 .lnk
[2009/02/23 12:47:17 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\will\Desktop\TeleVantage ViewPoint.lnk
[2009/02/23 12:47:01 | 00,002,529 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Microsoft Access.lnk
[2009/02/23 12:46:56 | 00,002,481 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Microsoft Word.lnk
[2009/02/23 12:46:52 | 00,002,479 | ---- | C] () -- C:\Documents and Settings\will\Desktop\Microsoft Excel.lnk
[2009/02/23 09:15:57 | 00,000,320 | -H-- | C] () -- C:\Documents and Settings\will\My Documents\SWWATER.INI
[2009/02/23 09:14:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\Symantec
[2009/02/23 09:14:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\will\Application Data\desktop.ini
[2009/02/23 09:14:00 | 05,555,046 | -H-- | C] () -- C:\Documents and Settings\will\Local Settings\Application Data\IconCache.db
[2009/02/23 09:14:00 | 00,000,075 | -HS- | C] () -- C:\Documents and Settings\will\My Documents\desktop.ini
[2009/02/23 09:13:59 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\will\Start Menu\Programs\Startup\desktop.ini
[2009/02/23 09:13:59 | 00,000,000 | --SD | C] -- C:\Documents and Settings\will\Application Data\Microsoft
[2009/02/23 09:13:59 | 00,000,000 | R--D | C] -- C:\Documents and Settings\will\My Documents\My Pictures
[2009/02/23 09:13:59 | 00,000,000 | R--D | C] -- C:\Documents and Settings\will\My Documents\My Music
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\Microsoft
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\Google
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\ApplicationHistory
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\Identities
[2009/02/23 09:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\will\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/11 14:03:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/11 11:05:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/11 11:05:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/11 11:05:02 | 00,316,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 11:04:17 | 05,555,046 | -H-- | M] () -- C:\Documents and Settings\will\Local Settings\Application Data\IconCache.db
[2009/03/11 10:23:05 | 00,533,104 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/11 10:23:05 | 00,463,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/11 10:23:05 | 00,080,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/11 09:44:13 | 00,002,533 | ---- | M] () -- C:\Documents and Settings\will\Desktop\Microsoft Office Outlook 2003.lnk
[2009/03/11 09:41:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/11 08:56:23 | 00,000,588 | ---- | M] () -- C:\Documents and Settings\will\My Documents\My Sharing Folders.lnk
[2009/03/10 16:41:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/10 16:41:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/10 09:43:46 | 00,285,184 | ---- | M] () -- C:\Documents and Settings\will\Desktop\gmer.exe
[2009/03/10 09:27:14 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\will\Desktop\OTListIt2.exe
[2009/03/10 09:12:57 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\will\Desktop\Microsoft Word.lnk
[2009/03/10 09:12:57 | 00,002,479 | ---- | M] () -- C:\Documents and Settings\will\Desktop\Microsoft Excel.lnk
[2009/03/09 16:23:55 | 00,512,000 | ---- | M] () -- C:\Documents and Settings\will\Desktop\QBI LLC EXPENSE REPORT_InWork.xls
[2009/03/06 18:41:59 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\will\Desktop\401kStorageSetList.xls
[2009/02/26 10:24:46 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\will\Desktop\dds.scr
[2009/02/25 13:54:59 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/25 12:46:38 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/02/25 12:36:25 | 00,000,546 | ---- | M] () -- C:\Documents and Settings\will\Desktop\Shortcut to HijackThis.lnk
[2009/02/24 10:15:40 | 00,000,300 | ---- | M] () -- C:\Documents and Settings\will\Desktop\will - 'qbidc1home_nt1' (F).lnk
[2009/02/23 13:25:48 | 00,000,435 | ---- | M] () -- C:\Documents and Settings\will\Desktop\401kScanner.lnk
[2009/02/23 09:19:19 | 00,124,167 | ---- | M] () -- C:\WINDOWS\System32\SYMEVNT.386
[2009/02/23 09:19:19 | 00,083,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/02/23 09:19:19 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/02/23 09:15:57 | 00,000,320 | -H-- | M] () -- C:\Documents and Settings\will\My Documents\SWWATER.INI
[2009/02/23 09:14:17 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\will\My Documents\desktop.ini
< End of report >

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:15 AM

Posted 12 March 2009 - 07:01 AM

Hello.

Please try using the SP3 Package here.

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:15 AM

Posted 27 March 2009 - 07:11 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·