Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware or Something else.


  • This topic is locked This topic is locked
10 replies to this topic

#1 dgibs

dgibs

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 04 March 2009 - 07:27 PM

I have read to post Hijack this on here. I'm not much for chitchat so here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:11 PM, on 3/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...t<mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ALLTEL Internet Accelerator Client.lnk = C:\Program Files\ALLTEL Communications\ALLTEL Internet Accelerator Client\NGSpawner.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,c:\program files\relevantknowledge\rlai.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10636 bytes

Thank you

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 PM

Posted 11 March 2009 - 08:15 PM

Hi dgibs,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you :)
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 PM

Posted 12 March 2009 - 07:09 AM

Hi dgibs,

First, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

I want a better look at your PC so please Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Finally, post a new HijackThis log.

Just to recap:
  • The OTViewIt logs
  • The MBAM log
  • A fresh Hijackthis log


Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 PM

Posted 14 March 2009 - 01:01 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#5 dgibs

dgibs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 14 March 2009 - 09:58 PM

Sorry for the wait. I was away for a couple of days. I finally bit the bullet and did a whole system recovery, figured it wouldn't hurt anything. Here is my new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:15 AM, on 3/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T3512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T3512
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236831604960
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 4838 bytes

Please let me know if this one looks fine.
Again sorry for the wait.
Thank you

#6 dgibs

dgibs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 14 March 2009 - 10:17 PM

The last reply was before I deleted the Viewpoint manager, so it is no longer on my computer. Here is my new log and OTView it.

OT VIEW IT:

OTViewIt logfile created on: 3/14/2009 10:05:54 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

381.59 Mb Total Physical Memory | 70.39 Mb Available Physical Memory | 18.45% Memory free
916.92 Mb Paging File | 447.52 Mb Available in Paging File | 48.81% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.52 Gb Total Space | 83.24 Gb Free Space | 94.04% Space Free | Partition Type: NTFS
Drive D: | 4.63 Gb Total Space | 2.23 Gb Free Space | 48.29% Space Free | Partition Type: FAT32
Drive E: | 531.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 452.83 Gb Free Space | 97.22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DUSTIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2009/03/11 15:27:02 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
[2005/05/03 15:17:08 | 05,208,576 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
[2009/03/11 23:00:39 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2009/03/14 08:25:33 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
[2009/03/14 08:25:33 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
[2008/12/18 23:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/08/04 09:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2009/03/14 10:04:45 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 09:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/01/26 10:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2005/09/23 09:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2009/03/11 23:00:38 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2009/03/11 15:27:02 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
File not found -- -- (WMP54Gv4SVC [Auto | Running])
[2009/03/14 08:25:33 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe -- (Norton AntiVirus [Auto | Running])

========== Driver Services ==========

[2009/03/11 21:02:20 | 00,019,915 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/08/04 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2004/08/03 17:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Boot | Running])
[2004/08/04 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2004/08/04 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2006/01/15 08:48:08 | 01,477,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/11/10 19:27:34 | 00,044,288 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2004/11/10 19:30:18 | 00,024,832 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2004/08/04 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2004/08/04 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/03/16 18:50:36 | 00,221,440 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2005/03/16 18:51:16 | 01,033,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/10/12 14:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
[2006/04/06 01:20:44 | 04,258,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/03/16 21:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/08/04 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2001/08/17 07:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic [On_Demand | Stopped])
[2004/08/03 16:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/04 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2004/08/04 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2004/08/04 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2005/10/27 16:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61 [On_Demand | Running])
[2006/01/18 05:41:00 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2004/08/04 13:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 17:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Boot | Running])
[2004/08/04 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2004/08/04 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2004/08/04 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2004/08/04 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2004/08/04 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2004/08/04 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])
[2005/03/16 18:50:32 | 00,705,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2009/03/14 02:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090314.020\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2009/03/14 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090314.020\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2009/03/14 08:25:34 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys -- (BHDrvx86 [System | Running])
[2009/03/14 08:25:36 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\SymEFA.sys -- (SymEFA [Boot | Running])
[2009/01/29 15:50:18 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSxpx86.sys -- (IDSxpx86 [System | Running])
[2009/03/14 08:25:36 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symtdi.sys -- (SYMTDI [System | Running])
[2009/03/14 08:25:36 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\srtspx.sys -- (SRTSPX [System | Running])
[2009/03/14 08:25:35 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\srtsp.sys -- (SRTSP [On_Demand | Running])
[2009/03/14 08:25:34 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys -- (ccHP [System | Running])
[2009/03/14 08:25:46 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2009/03/14 08:25:36 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2009/03/14 08:25:36 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2009/03/14 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3512

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- c:\WINDOWS\system32\bae.dll (Gateway Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

========== (O4) Run Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2000/01/21 02:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 09:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 09:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 09:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1236831604960 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_02
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_02

========== (O17) DNS Name Servers ==========

{33E0DEBA-E839-40FA-BF54-8905AEC12CB3} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{49DBE619-3D1F-4F8B-96AD-9F7111CA82A1} (Servers: | Description: Linksys Wireless-G PCI Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/26 12:04:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\autorun.inf -- [ FAT32 ]

AUTORUN.INF [[autorun] | OPEN=setup.EXE /AUTORUN | ICON=setup.EXE,1 | | shell\configure=&Configure... | shell\configure\command=setup.EXE | | shell\install=&Install... | shell\install\command=setup.EXE | | [ProductFeatures] | Feature1=ACCESSFiles | Feature2=ProductFiles | Feature3=WORDFiles | Feature4=EXCELFiles | Feature5=PPTFiles | Feature6=OUTLOOKFiles | | [ProductInformation] | ProductCode={00010409-78E1-11D2-B60F-006097C998E7} | DisplayName=Microsoft Office 2000 SR-1 Professional | Version=9.0 | ;Make this be 1 to do autorun even if the product is installed. Default for Office | ;is to not autorun maintenance mode setup if the product is installed. | ;AutorunIfInstalled=1 | | [ServicePack] | NTVersion=4 | ; 0x300 as a decimal number. | SPLevel=768 | MessageText=%s cannot be installed on this computer. This product requires Microsoft Windows NT Version 4.0 Service Pack 3 or higher. Please download the service pack from www.microsoft.com prior to installing. | | [InstallFont] | Font=Tahoma (TrueType) | FontAlt=Tahoma(TrueType) | FontAlt2=Tahoma | Version=Version 2.30 | Path=Windows\Fonts\Tahoma.TTF | Force=No | | [InstallFontBold] | Font=Tahoma Bold (TrueType) | FontAlt=Tahoma Bold(TrueType) | FontAlt2=Tahoma Bold | Version=Version 2.30 | Path=Windows\Fonts\TahomaBD.TTF | Force=No | | [InstallMSI] | ;Make this be zero to aways suppress installing Windows installer | ;If this is missing or one, we upgrade Windows installer only on systems | ;prior to NT 5. | ;Make this be 2 to upgrade Windows installer even on NT 5 and later. | InstMsi=2 | | [IE] | ;before 5.00.0909.1400, IE uses msls3.dll 317. After 5.00.0909.1400, IE uses msls3.dll 325 | Version=5.00.0909.1400 | MessageText=This beta version of Microsoft Windows 2000 must be upgraded to install %s. | ]
[2000/04/24 23:01:56 | 00,001,726 | R--- | M] () -- E:\AUTORUN.INF -- [ CDFS ]

autorun.inf [07EF:0001:0001:0000 | [autorun] | open=InstallSeagateManager.exe | icon=InstallSeagateManager.exe | action=Install Seagate Manager | ]
[2008/10/28 01:29:30 | 00,000,126 | ---- | M] () -- F:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff137b10-0e89-11de-9bbb-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff137b10-0e89-11de-9bbb-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff137b10-0e89-11de-9bbb-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.EXE -- [2000/02/22 19:21:34 | 00,273,079 | R--- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff137b10-0e89-11de-9bbb-806d6172696f}\Shell\configure\command]
""=E:\setup.EXE -- [2000/02/22 19:21:34 | 00,273,079 | R--- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff137b10-0e89-11de-9bbb-806d6172696f}\Shell\install\command]
""=E:\setup.EXE -- [2000/02/22 19:21:34 | 00,273,079 | R--- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/14 10:04:39 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTViewIt.exe
[2009/03/14 09:56:30 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/03/14 09:56:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/14 09:04:32 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/03/14 09:03:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/03/14 09:03:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/03/14 09:02:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
[2009/03/14 08:52:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2009/03/14 08:26:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec
[2009/03/14 08:26:17 | 00,534,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\Cat.DB
[2009/03/14 08:25:53 | 00,035,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/03/14 08:25:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/03/14 08:25:47 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/14 08:25:47 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/03/14 08:25:47 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/14 08:25:47 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/03/14 08:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/03/14 08:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/03/14 08:25:38 | 00,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/03/14 08:25:36 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.sys
[2009/03/14 08:25:36 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symtdi.sys
[2009/03/14 08:25:36 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symfw.sys
[2009/03/14 08:25:36 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.sys
[2009/03/14 08:25:36 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndisv.sys
[2009/03/14 08:25:36 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndis.sys
[2009/03/14 08:25:36 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symids.sys
[2009/03/14 08:25:36 | 00,024,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symredrv.sys
[2009/03/14 08:25:36 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symdns.sys
[2009/03/14 08:25:35 | 00,305,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.sys
[2009/03/14 08:25:34 | 00,254,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.sys
[2009/03/14 08:25:20 | 00,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.inf
[2009/03/14 08:25:20 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.inf
[2009/03/14 08:25:20 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.inf
[2009/03/14 08:25:20 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.inf
[2009/03/14 08:25:20 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.inf
[2009/03/14 08:25:20 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\isolate.ini
[2009/03/14 08:25:14 | 00,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.cat
[2009/03/14 08:25:14 | 00,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.cat
[2009/03/14 08:25:13 | 00,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.cat
[2009/03/14 08:25:13 | 00,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.cat
[2009/03/14 08:25:13 | 00,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.CAT
[2009/03/14 08:25:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1000000.07D
[2009/03/14 08:25:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/03/14 08:25:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/03/14 08:25:11 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/03/14 08:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/03/14 08:23:22 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/03/14 08:23:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/03/13 10:57:10 | 06,031,962 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WMP54Gv4_20050503a.exe
[2009/03/13 03:01:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/03/12 11:13:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009/03/12 11:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2009/03/12 11:10:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/03/12 10:10:30 | 02,142,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/03/12 10:10:29 | 02,185,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/03/12 10:10:28 | 02,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/03/12 10:10:28 | 02,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/03/12 10:08:06 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/03/12 10:06:47 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/03/12 10:06:47 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/03/12 10:06:46 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/03/12 10:06:46 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/03/12 10:06:46 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/03/12 10:06:46 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/03/12 10:06:45 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/03/12 10:06:45 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/03/12 10:06:43 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/03/11 23:19:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/03/11 22:50:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/11 22:49:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/03/11 22:20:55 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/03/11 22:20:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/03/11 22:01:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/03/11 22:01:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/03/11 22:00:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2009/03/11 21:59:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/03/11 21:59:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/03/11 21:58:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/03/11 21:58:15 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/03/11 21:49:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\WMP54Gv4_20050503
[2009/03/11 21:48:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2009/03/11 21:48:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2009/03/11 21:11:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/03/11 21:02:20 | 00,242,176 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt2500.sys
[2009/03/11 21:02:20 | 00,007,870 | ---- | C] () -- C:\WINDOWS\System32\rt2500.cat
[2009/03/11 21:02:14 | 00,001,155 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/03/11 21:02:14 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
[2009/03/11 20:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3
[2009/03/11 16:49:48 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/03/11 16:49:48 | 00,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2009/03/11 16:49:48 | 00,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2009/03/11 16:49:15 | 00,000,000 | ---D | C] -- C:\Linksys Driver
[2009/03/11 16:48:35 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/03/11 16:48:35 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/03/11 16:48:18 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/03/11 16:48:18 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/03/11 16:48:10 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009/03/11 16:48:10 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2009/03/11 16:22:46 | 00,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/03/11 16:22:45 | 00,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/03/11 16:22:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/03/11 16:21:54 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2009/03/11 16:21:08 | 00,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 3.job
[2009/03/11 16:21:08 | 00,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 2.job
[2009/03/11 16:16:05 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/03/11 16:13:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\GATEWAY_T3512__GRC6670009589.MRK
[2009/03/11 16:13:45 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/11 16:13:41 | 00,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2009/03/11 16:11:35 | 40,019,1488 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/11 16:11:29 | 00,002,752 | ---- | C] () -- C:\WINDOWS\System32\Status.MPF
[2009/03/11 16:05:03 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/03/11 15:59:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AOL
[2009/03/11 15:54:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/03/11 15:50:08 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/03/11 15:50:05 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/03/11 15:49:02 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/03/11 15:48:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/03/11 15:48:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/03/11 15:47:43 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/03/11 15:46:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/03/11 15:46:50 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\POWERCFG.EXE
[2009/03/11 15:46:41 | 00,080,512 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2009/03/11 15:45:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2009/03/11 15:45:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2009/03/11 15:45:12 | 00,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2009/03/11 15:45:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2009/03/11 15:45:06 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/11 15:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/03/11 15:45:02 | 00,000,000 | ---D | C] -- C:\My Music
[2009/03/11 15:44:59 | 00,157,696 | ---- | C] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/03/11 15:44:58 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/03/11 15:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/03/11 15:44:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/03/11 15:44:50 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSComCt2.ocx
[2009/03/11 15:44:50 | 00,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RichTx32.ocx
[2009/03/11 15:44:50 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/03/11 15:44:50 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSInet.ocx
[2009/03/11 15:44:50 | 00,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
[2009/03/11 15:44:50 | 00,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2009/03/11 15:44:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/03/11 15:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2009/03/11 15:44:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2009/03/11 15:44:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/03/11 15:44:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/03/11 15:44:03 | 00,001,115 | -H-- | C] () -- C:\IPH.PH
[2009/03/11 15:44:02 | 00,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/11 15:44:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/03/11 15:43:52 | 00,010,280 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2009/03/11 15:43:51 | 00,000,000 | ---D | C] -- C:\Program Files\BigFix
[2009/03/11 15:42:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2009/03/11 15:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/03/11 15:42:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/03/11 15:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\Napster
[2009/03/11 15:41:54 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2009/03/11 15:41:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/03/11 15:41:12 | 00,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2009/03/11 15:40:24 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/03/11 15:40:24 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2009/03/11 15:40:21 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/03/11 15:40:21 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2009/03/11 15:40:20 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2009/03/11 15:40:20 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2009/03/11 15:40:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2009/03/11 15:40:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/03/11 15:40:13 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/03/11 15:40:13 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/03/11 15:39:52 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/03/11 15:39:52 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2009/03/11 15:39:50 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/03/11 15:39:50 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2009/03/11 15:39:49 | 00,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/03/11 15:39:49 | 00,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2009/03/11 15:39:49 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/03/11 15:39:49 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2009/03/11 15:39:48 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/03/11 15:39:48 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2009/03/11 15:39:46 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys
[2009/03/11 15:39:46 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2009/03/11 15:39:46 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys
[2009/03/11 15:39:46 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2009/03/11 15:39:44 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
[2009/03/11 15:39:44 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2009/03/11 15:39:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2009/03/11 15:39:29 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/03/11 15:39:29 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2009/03/11 15:39:29 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/03/11 15:39:29 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2009/03/11 15:39:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/03/11 15:39:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2009/03/11 15:38:50 | 00,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/03/11 15:38:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/11 15:38:26 | 02,809,344 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2009/03/11 15:38:25 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/03/11 15:38:08 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/03/11 15:37:13 | 00,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2009/03/11 15:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/03/11 15:36:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/03/11 15:36:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2009/03/11 15:36:30 | 00,002,238 | ---- | C] () -- C:\WINDOWS\System32\32-aol.ico
[2009/03/11 15:36:30 | 00,001,406 | ---- | C] () -- C:\WINDOWS\System32\16-aol.ico
[2009/03/11 15:34:17 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/03/11 15:33:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/03/11 15:33:26 | 00,094,208 | ---- | C] (Gateway Inc.) -- C:\WINDOWS\System32\bae.dll
[2009/03/11 15:33:25 | 00,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2009/03/11 15:33:25 | 00,030,056 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2009/03/11 15:31:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/03/11 15:31:34 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\60 day trial - Office 2003.exe
[2009/03/11 15:31:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/11 15:31:28 | 00,024,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2009/03/11 15:30:25 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/03/11 15:29:09 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/03/11 15:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/03/11 15:29:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/03/11 15:27:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\McAfee.com Personal Firewall
[2009/03/11 15:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2009/03/11 15:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\New Boundary
[2009/03/11 15:24:34 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/11 15:22:52 | 00,000,002 | RHS- | C] () -- C:\USER
[2009/03/11 15:21:22 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2009/03/11 15:21:06 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2009/03/11 15:21:06 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2009/03/11 15:21:03 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbohci.sys
[2009/03/11 15:18:41 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/03/11 15:17:23 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/03/11 15:17:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\creator
[2009/03/11 15:15:21 | 00,133,221 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2009/03/11 15:15:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2009/03/11 15:15:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\I386
[2009/03/11 15:14:58 | 00,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll
[2009/03/11 15:14:58 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsapi.dll
[2009/03/11 15:14:55 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wowfaxui.dll
[2009/03/11 15:14:51 | 00,003,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wowfax.dll
[2009/03/11 15:14:46 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv
[2009/03/11 15:14:46 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2009/03/11 15:14:38 | 00,049,211 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrvpa.dll
[2009/03/11 15:14:35 | 00,045,116 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrvoica.dll
[2009/03/11 15:14:32 | 00,049,209 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrv80a.dll
[2009/03/11 15:14:29 | 00,102,457 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrv42a.dll
[2009/03/11 15:14:26 | 00,041,019 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrsvpia.dll
[2009/03/11 15:14:23 | 00,069,700 | ---- | C] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrshuta.exe
[2009/03/11 15:14:20 | 00,049,211 | ---- | C] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrsdpia.dll
[2009/03/11 15:14:17 | 00,077,883 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrrtosa.dll
[2009/03/11 15:14:14 | 00,061,508 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrprbda.exe
[2009/03/11 15:14:11 | 00,077,891 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrmlnka.exe
[2009/03/11 15:14:08 | 00,053,305 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrlbva.dll
[2009/03/11 15:14:05 | 00,086,073 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrfaxa.dll
[2009/03/11 15:14:02 | 00,323,641 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrdtea.dll
[2009/03/11 15:13:58 | 00,077,890 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrdpa.dll
[2009/03/11 15:13:55 | 00,069,699 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrcoina.dll
[2009/03/11 15:13:52 | 00,061,500 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrcntra.dll
[2009/03/11 15:13:51 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/03/11 15:13:48 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsbyuv.dll
[2009/03/11 15:13:44 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/03/11 15:13:44 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\streamci.dll
[2009/03/11 15:13:41 | 00,072,192 | ---- | C] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\sprio800.dll
[2009/03/11 15:13:38 | 00,070,656 | ---- | C] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\sprio600.dll
[2009/03/11 15:13:33 | 00,069,632 | ---- | C] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\spnike.dll
[2009/03/11 15:13:24 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pid.dll
[2009/03/11 15:13:24 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pjlmon.dll
[2009/03/11 15:13:18 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2009/03/11 15:13:11 | 02,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2009/03/11 15:13:09 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msyuv.dll
[2009/03/11 15:13:05 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh263.drv
[2009/03/11 15:13:01 | 00,147,968 | ---- | C] (RioPort) -- C:\WINDOWS\System32\mdwmdmsp.dll
[2009/03/11 15:12:58 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iyuv_32.dll
[2009/03/11 15:12:56 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hid.dll
[2009/03/11 15:12:52 | 00,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2009/03/11 15:12:49 | 00,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys
[2009/03/11 15:12:48 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2009/03/11 15:12:45 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2009/03/11 15:12:42 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2009/03/11 15:12:42 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2009/03/11 15:12:36 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys
[2009/03/11 15:12:35 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2009/03/11 15:12:35 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2009/03/11 15:12:35 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/03/11 15:12:35 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2009/03/11 15:12:34 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2009/03/11 15:12:32 | 00,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys
[2009/03/11 15:12:29 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/03/11 15:12:29 | 00,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys
[2009/03/11 15:12:28 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/03/11 15:12:28 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2009/03/11 15:12:27 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2009/03/11 15:12:27 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2009/03/11 15:12:24 | 00,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys
[2009/03/11 15:12:23 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2009/03/11 15:12:22 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2009/03/11 15:12:19 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\drivers\mxnic.sys
[2009/03/11 15:12:19 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2009/03/11 15:12:18 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2009/03/11 15:12:17 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2009/03/11 15:12:17 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2009/03/11 15:12:16 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2009/03/11 15:12:16 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2009/03/11 15:12:14 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys
[2009/03/11 15:12:13 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2009/03/11 15:12:12 | 00,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys
[2009/03/11 15:12:12 | 00,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys
[2009/03/11 15:12:11 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2009/03/11 15:12:11 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2009/03/11 15:12:11 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys
[2009/03/11 15:12:11 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009/03/11 15:12:10 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VIAAGP.SYS
[2009/03/11 15:12:10 | 00,036,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2009/03/11 15:12:09 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\AGPCPQ.SYS
[2009/03/11 15:12:09 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ALIM1541.SYS
[2009/03/11 15:12:09 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\AGP440.SYS
[2009/03/11 15:12:08 | 00,052,224 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmutil.dll
[2009/03/11 15:11:58 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termdd.sys
[2009/03/11 15:11:56 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\storprop.dll
[2009/03/11 15:11:48 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpdr.sys
[2009/03/11 15:11:07 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cnbjmon.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/14 10:04:45 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTViewIt.exe
[2009/03/14 09:56:30 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/03/14 09:05:30 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/03/14 09:04:33 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/03/14 08:26:27 | 00,534,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\Cat.DB
[2009/03/14 08:25:46 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/14 08:25:46 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/03/14 08:25:46 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/14 08:25:46 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/03/14 08:25:38 | 00,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/03/14 08:25:36 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.sys
[2009/03/14 08:25:36 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symtdi.sys
[2009/03/14 08:25:36 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symfw.sys
[2009/03/14 08:25:36 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.sys
[2009/03/14 08:25:36 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndisv.sys
[2009/03/14 08:25:36 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndis.sys
[2009/03/14 08:25:36 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/03/14 08:25:36 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symids.sys
[2009/03/14 08:25:36 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symredrv.sys
[2009/03/14 08:25:36 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symdns.sys
[2009/03/14 08:25:35 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.sys
[2009/03/14 08:25:34 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.sys
[2009/03/14 08:25:20 | 00,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.inf
[2009/03/14 08:25:20 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.inf
[2009/03/14 08:25:20 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.inf
[2009/03/14 08:25:20 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.inf
[2009/03/14 08:25:20 | 00,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.inf
[2009/03/14 08:25:20 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\isolate.ini
[2009/03/14 08:25:14 | 00,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.cat
[2009/03/14 08:25:14 | 00,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.cat
[2009/03/14 08:25:14 | 00,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.cat
[2009/03/14 08:25:13 | 00,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.cat
[2009/03/14 08:25:13 | 00,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.CAT
[2009/03/14 07:29:36 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/03/14 07:14:02 | 00,458,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/14 07:14:02 | 00,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/14 07:14:02 | 00,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/14 07:12:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 07:12:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 07:12:07 | 40,019,1488 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/13 10:57:22 | 06,031,962 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WMP54Gv4_20050503a.exe
[2009/03/13 03:10:59 | 00,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/13 03:04:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/11 22:50:03 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/11 22:04:45 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\desktop.ini
[2009/03/11 21:19:04 | 04,841,840 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/03/11 21:13:16 | 00,000,129 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/03/11 21:02:14 | 00,001,155 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2009/03/11 16:22:46 | 00,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/03/11 16:22:46 | 00,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/03/11 16:21:17 | 00,000,097 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/03/11 16:21:08 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 3.job
[2009/03/11 16:21:08 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 2.job
[2009/03/11 16:16:05 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/03/11 16:13:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\GATEWAY_T3512__GRC6670009589.MRK
[2009/03/11 16:13:41 | 00,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2009/03/11 15:49:57 | 00,000,488 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2009/03/11 15:47:40 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/03/11 15:47:40 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/03/11 15:47:17 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/03/11 15:45:42 | 00,001,115 | -H-- | M] () -- C:\IPH.PH
[2009/03/11 15:45:03 | 00,157,696 | ---- | M] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/03/11 15:44:58 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/03/11 15:44:02 | 00,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/03/11 15:41:12 | 00,000,004 | ---- | M] () -- C:\WINDOWS\Pix11.dat
[2009/03/11 15:40:05 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2009/03/11 15:39:01 | 00,000,486 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/11 15:39:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/11 15:39:01 | 00,000,199 | RHS- | M] () -- C:\boot.ini
[2009/03/11 15:27:34 | 00,002,752 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/03/11 15:24:34 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2009/03/11 15:22:56 | 00,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2009/03/11 15:22:52 | 00,000,002 | RHS- | M] () -- C:\USER
[2009/03/11 15:17:23 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
< End of report >

HIGHJACK THIS LOG:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:33 AM, on 3/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\OTViewIt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T3512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T3512
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236831604960
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 4979 bytes

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 PM

Posted 15 March 2009 - 06:14 AM

Don't forget the Malwarebytes Anti-malware full scan, dgibs. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 dgibs

dgibs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 15 March 2009 - 09:26 PM

Here is the MBAM
Malwarebytes' Anti-Malware 1.34
Database version: 1853
Windows 5.1.2600 Service Pack 2

3/15/2009 9:22:07 AM
mbam-log-2009-03-15 (09-22-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102046
Time elapsed: 1 hour(s), 25 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 PM

Posted 16 March 2009 - 02:22 PM

Hi dgibs,

As you have carried out a system recovery you are now clean.

Please download OTCleanIt and save it to Desktop.

Make sure you have internet connection.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#10 dgibs

dgibs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 16 March 2009 - 10:02 PM

Thank you for helping Me!!

#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:03 PM

Posted 24 March 2009 - 12:05 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users