Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log: Please Help Diagnose


  • This topic is locked This topic is locked
23 replies to this topic

#1 rerun6177

rerun6177

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 10 March 2009 - 03:33 PM

Before I post the log, I will give a brief run down of what has been going on. On a monthly basis, since Dec... I have been getting various Trojan Viruses. They quarentine in Norton 360, but a different version always seems to come back anout a month apart. Since Dec, I have had 4. I don't surf any crazy websites, just well known ones. I don't open up any crazy emails, I scan attachments from even those I trust. So I figure first and foremost, something malicious must be on my computer that is enabling these viruses to get in.

Second problem, happened last week. There was a session in which I browsed the internet that will not allow me to delete in the address bar. I have gone to Internet Options and deleted the Temp and History files. I have even gone to Regedit in Typed Urls and no sites are listed. I also washed it with windows washers and the sites are still there. The sites are trusted sites. The sites that will not disappear from my address bar are well known news websites and a few google searches. And finally, I have scanned my compter with Spybot S & D and Malwarebytes.

Here is my log and thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:41 PM, on 3/10/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\PFU\Error Recovery Guide\FTErGuid.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Keller\WinLog\jlcmain.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Office 2002\Office10\OUTLOOK.EXE
C:\Program Files\Office 2002\Office10\WINWORD.EXE
C:\Documents and Settings\Robert\Desktop\New Folder\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.kelleronline.com/home/member.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.i--search.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe /Station
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Outlook.lnk = C:\Program Files\Office 2002\Office10\OUTLOOK.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Error Recovery Guide.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol hijack: mhtml -
O18 - Filter hijack: text/html - {3b63c0bc-f067-4218-a293-8463d3a57ef5} - C:\WINDOWS\system32\mst123.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: (no name) - http://f.screensavers.com/migration/wp/cast_215.gif

--
End of file - 12107 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:58 AM

Posted 22 March 2009 - 12:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 23 March 2009 - 04:12 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 14:07:36.70 on Mon 03/23/09
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.631.193 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0

\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\PFU\Error Recovery Guide\FTErGuid.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Keller\WinLog\jlcmain.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Office 2002\Office10\EXCEL.EXE
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.kelleronline.com/home/member.aspx
uSearch Page =

hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yaho

o.com
uSearch Bar =

hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yaho

o.com/search/ie.html
uDefault_Search_URL =
uDefault_Page_URL =
mDefault_Search_URL =

hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yaho

o.com
mSearch Page =
mStart Page = about:blank
mSearch Bar =

hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yaho

o.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -

c:\windows\system32\dla\tfswshx.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program

files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} -

c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -

c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-

0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -

c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} -

c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program

files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {90222687-F593-4738-B738-FBEE9C7B26DF} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program

files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program

files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\simple~1\photos~1

\data\xtras\mssysmgr.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0

\acrobat\AdobeUpdateManager.exe" AcStd7_0_8 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe

irprops.cpl,,BluetoothAuthenticationAgent
mRun: [UC_Start] c:\ibmtools\updater\ucstartup.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0

\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [HPLJ Config] c:\program files\hewlett-packard\hp laserjet 1010

series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l

1033 -sl 120000
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwSetup.exe /Station
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0

\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [SnoopFreeUI] SnoopFreeUI.exe
StartupFolder: c:\docume~1\robert\startm~1\programs\startup\micros~1.lnk -

c:\program files\office 2002\office10\OUTLOOK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk -

c:\windows\installer\{ac76ba86-1033-f400-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\errorr~1.lnk -

c:\program files\pfu\error recovery guide\FTErGuid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk -

c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk -

c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\office~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-

206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/1.4.0/jinstall-140-win.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/html - {3b63c0bc-f067-4218-a293-8463d3a57ef5} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program

files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2009-3-9

9472]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30

18232]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2007-3-30

17848]
R2 awhost32;Symantec pcAnywhere Host Service;c:\program

files\symantec\pcanywhere\awhost32.exe [2007-5-11 132728]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec

shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec

shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec

shared\CCSVCHST.EXE [2008-2-18 149352]
R2 MSSQL$JJKA_KDS;MSSQL$JJKA_KDS;c:\program files\microsoft sql

server\mssql$jjka_kds\binn\sqlservr.exe -sjjka_kds --> c:\program files\microsoft sql

server\mssql$jjka_kds\binn\sqlservr.exe -sJJKA_KDS [?]
R2 SnoopFreeSvc;SnoopFree Service;System32\SnoopFreeSvc.exe --> System32

\SnoopFreeSvc.exe [?]
R2 wwEngineSvc;Window Washer Engine;c:\program

files\webroot\washer\WasherSvc.exe [2008-9-11 598856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090323.003

\NAVENG.SYS [2009-3-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090323.003

\NAVEX15.SYS [2009-3-23 876144]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2004-5

-4 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys

[2004-5-4 9216]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2005-9-1

11520]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec

shared\ccpd-lc\symlcsvc.exe [2006-5-10 1245064]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12

23888]
S3 SQLAgent$JJKA_KDS;SQLAgent$JJKA_KDS;c:\program files\microsoft sql

server\mssql$jjka_kds\binn\sqlagent.exe -i jjka_kds --> c:\program files\microsoft

sql server\mssql$jjka_kds\binn\sqlagent.EXE -i JJKA_KDS [?]

=============== Created Last 30 ================

2009-03-10 14:34 <DIR> --d----- C:\HJT
2009-03-09 12:57 <DIR> --d----- c:\docume~1\User\applic~1

\Malwarebytes
2009-03-09 12:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-09 12:57 38,496 a------- c:\windows\system32

\drivers\mbamswissarmy.sys
2009-03-09 12:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1

\Malwarebytes
2009-03-09 12:57 <DIR> --d----- c:\program files\Malwarebytes' Anti

-Malware
2009-03-09 11:33 221,184 a------- c:\windows\SnoopFreeUI.exe
2009-03-09 11:33 90,112 a------- c:\windows\system32\SnoopFreeSvc.exe
2009-03-09 11:33 45,056 a------- c:\windows\SnoopFreeDll.dll
2009-03-09 11:33 9,472 a------- c:\windows\system32\drivers\SnopFree.sys
2009-03-09 09:40 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-09 09:40 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-09 09:40 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-09 09:40 806 a------- c:\windows\system32\drivers\SYMEVENT.INF

==================== Find3M ====================

2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 11:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 11:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 11:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 11:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 11:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 11:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 11:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 11:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 11:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 11:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32

\dllcache\win32k.sys
2008-12-12 14:00 48,840 ac------ c:\docume~1\robert\applic~1

\GDIPFONTCACHEV1.DAT

============= FINISH: 14:08:57.09 ===============

Edited by rerun6177, 23 March 2009 - 04:17 PM.


#4 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 23 March 2009 - 04:13 PM

Thanks, hope I did it right. If I am missing something let me know...

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:58 PM

Posted 23 March 2009 - 04:16 PM

Hello, rerun6177

You did it right :thumbup2: After this step, we'll start fixin stuff, I promise! :)

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 23 March 2009 - 04:25 PM

OTListIt logfile created on: 3/23/09 2:18:08 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

630.98 Mb Total Physical Memory | 173.94 Mb Available Physical Memory | 27.57% Memory free
812.25 Mb Paging File | 263.14 Mb Available in Paging File | 32.40% Paging File free
Paging file location(s): C:\pagefile.sys 180 360;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.13 Gb Total Space | 40.50 Gb Free Space | 56.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 18.81 Gb Total Space | 13.27 Gb Free Space | 70.54% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT_N
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/02/21 15:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/05/11 12:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
PRC - [2008/12/15 10:15:07 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe
PRC - [2001/08/17 23:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [2009/03/09 11:33:05 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
PRC - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2003/11/20 14:08:14 | 00,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ICO.EXE
PRC - [2002/12/16 16:51:24 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2008/12/15 10:15:08 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2003/12/19 11:26:16 | 00,212,992 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2004/09/01 11:45:00 | 00,126,976 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe
PRC - [2006/01/12 20:52:32 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2009/03/09 11:33:05 | 00,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/11/26 14:47:30 | 01,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2005/01/21 17:04:42 | 00,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2003/11/06 15:51:32 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2003/11/06 19:24:32 | 00,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\Pelmiced.exe
PRC - [2004/07/10 21:16:58 | 00,225,280 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\Error Recovery Guide\FTErGuid.exe
PRC - [1997/07/11 01:00:00 | 00,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
PRC - [2002/12/17 18:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
PRC - [2004/02/12 14:57:28 | 05,896,704 | ---- | M] (J. J. Keller & Associates, Inc.) -- C:\Program Files\Keller\WinLog\jlcmain.exe
PRC - [2008/09/22 12:02:33 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/02/06 12:39:50 | 09,358,016 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Office 2002\Office10\EXCEL.EXE
PRC - [2007/08/22 01:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
PRC - [2006/05/16 22:12:59 | 00,075,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
PRC - [2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/23 14:18:05 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/02/21 15:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2007/05/11 12:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32 [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/08/22 01:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Running])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - File not found -- -- (iPod Service [On_Demand | Stopped])
SRV - [2008/12/15 10:15:07 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe -- (MSSQL$JJKA_KDS [Auto | Running])
SRV - [2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2001/08/17 23:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk [Auto | Running])
SRV - [2002/08/01 10:22:40 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/03/09 11:33:05 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe -- (SnoopFreeSvc [Auto | Running])
SRV - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlagent.EXE -- (SQLAgent$JJKA_KDS [On_Demand | Stopped])
SRV - [2008/09/22 12:02:33 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 13:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2002/08/22 18:57:02 | 00,098,752 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2003/12/05 14:51:58 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
DRV - [2007/03/30 20:46:50 | 00,013,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho [System | Running])
DRV - [2007/03/30 20:47:22 | 00,017,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy [System | Running])
DRV - [2007/03/30 20:48:02 | 00,018,232 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\aw_host5.sys -- (AW_HOST [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2007/08/08 17:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/04/29 04:21:00 | 00,084,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2003/03/24 03:56:00 | 00,040,416 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2003/03/04 13:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/02/25 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/02/25 02:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/03/30 20:44:22 | 00,020,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa [Boot | Running])
DRV - [2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Stopped])
DRV - [2003/07/22 13:49:28 | 00,091,419 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/08/17 20:44:50 | 00,049,867 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys -- (MaRdPnp [On_Demand | Stopped])
DRV - [2005/08/17 20:44:44 | 00,011,473 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\MaVc2K.sys -- (MaVctrl [Auto | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009/02/19 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090323.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/02/19 02:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090323.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 22:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2003/01/10 13:55:32 | 00,016,384 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\DRIVERS\pelmouse.sys -- (pelmouse [On_Demand | Running])
DRV - [2003/02/11 13:25:14 | 00,009,216 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\DRIVERS\pelusblf.sys -- (pelusblf [On_Demand | Running])
DRV - [2001/09/13 08:58:02 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])
DRV - [2001/08/18 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 14:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\System32\DRIVERS\ptserlp.sys -- (Ptserlp [On_Demand | Running])
DRV - [2004/05/19 12:33:44 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2001/08/23 12:00:00 | 00,022,400 | ---- | M] () -- C:\WINDOWS\system32\Drivers\SbcpHid.sys -- (SbcpHid [On_Demand | Stopped])
DRV - [2008/04/13 11:45:33 | 00,011,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\scsiscan.sys -- (scsiscan [On_Demand | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2002/11/25 14:37:40 | 00,537,152 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2009/03/09 11:33:05 | 00,009,472 | ---- | M] () -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree [Boot | Running])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008/09/05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2008/01/31 18:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2008/01/31 18:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2008/01/31 18:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2003/05/02 18:18:58 | 00,005,589 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2003/05/02 18:18:24 | 00,023,059 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009/02/19 11:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/03/09 10:03:55 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/09 15:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090318.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2009/02/19 11:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/19 11:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2006/05/10 11:47:16 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2009/02/19 11:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2009/02/19 11:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2003/05/05 02:04:00 | 00,023,957 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2003/05/05 02:04:00 | 00,034,773 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2003/05/05 02:04:00 | 00,004,053 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2003/05/05 02:04:00 | 00,002,169 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2003/05/05 02:04:00 | 00,083,220 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2003/05/05 02:04:00 | 00,014,133 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2003/05/05 02:04:00 | 00,006,293 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2003/05/05 02:04:00 | 00,097,428 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2003/05/05 02:04:00 | 00,099,317 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 11:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2001/08/17 14:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem [Boot | Running])
DRV - [2001/08/17 14:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom [Boot | Running])
DRV - [2001/08/17 14:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice [Boot | Running])
DRV - [2003/07/22 13:50:32 | 00,120,062 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
DRV - [2003/07/22 13:50:26 | 00,096,858 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.kelleronline.com/home/member.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/15 10:15:10 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe /Station (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000 (Hewlett-Packard Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SnoopFreeUI] SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe ()
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_8 -reboot 1 (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Error Recovery Guide.lnk = C:\Program Files\PFU\Error Recovery Guide\FTErGuid.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Microsoft Outlook.lnk = C:\Program Files\Office 2002\Office10\OUTLOOK.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.0/...all-140-win.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\system32\PCANotify.dll (Symantec Corporation)
O24 - Desktop Components:0 () - http://f.screensavers.com/migration/wp/cast_215.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/18 16:11:43 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##Ptserver#NIS2006\Shell - "" = AutoRun
O33 - MountPoints2\##Ptserver#NIS2006\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Ptserver#NIS2006\Shell\AutoRun\command - "" = Z:\CDSTART.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/23 14:17:48 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTListIt2.exe
[2009/03/23 14:07:03 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\dds.scr
[2009/03/23 11:15:39 | 00,184,832 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Mar - Intake Counter.xls
[2009/03/23 11:15:23 | 00,184,832 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Intake Counter.xls
[2009/03/18 11:27:00 | 00,139,264 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Driver Accident Log.xls
[2009/03/17 17:19:47 | 06,947,235 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\lcbackup.zip
[2009/03/12 11:06:06 | 00,000,977 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Spybot - Search & Destroy.lnk
[2009/03/12 10:50:31 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Robert\Desktop\setup-spybotsd162.exe
[2009/03/10 14:47:24 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Shortcut to HijackThis.exe.lnk
[2009/03/10 14:34:32 | 00,000,000 | ---D | C] -- C:\HJT
[2009/03/09 14:45:54 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Robert\Desktop\spybotsd162.exe
[2009/03/09 12:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Malwarebytes
[2009/03/09 12:57:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/09 12:57:13 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/09 12:57:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/09 12:57:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/09 12:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/09 12:53:44 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robert\Desktop\mbam-setup.exe
[2009/03/09 11:33:05 | 00,221,184 | ---- | C] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
[2009/03/09 11:33:05 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
[2009/03/09 11:33:05 | 00,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2009/03/09 11:33:05 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2009/03/09 11:32:14 | 00,350,279 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\PSHLD100.ZIP
[2009/03/09 11:02:17 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Robert\Desktop\IE7-WindowsXP-x86-enu.exe
[2009/03/09 10:00:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/09 09:46:15 | 00,001,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[2009/03/09 09:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/03/09 09:40:41 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/09 09:40:41 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/03/09 09:40:41 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/09 09:40:41 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/02/27 15:20:05 | 00,726,253 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\IRP Extension.pdf
[2009/02/24 14:42:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Desktop\Policies in Progress
[2009/02/24 14:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Desktop\Softball

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/23 14:18:05 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTListIt2.exe
[2009/03/23 14:07:31 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\dds.scr
[2009/03/23 13:41:08 | 00,000,170 | ---- | M] () -- C:\WINDOWS\jjkeller.ini
[2009/03/23 11:44:46 | 00,184,832 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Mar - Intake Counter.xls
[2009/03/23 11:15:23 | 00,184,832 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Intake Counter.xls
[2009/03/23 09:14:58 | 00,004,136 | ---- | M] () -- C:\WINDOWS\SetScan.Ini
[2009/03/23 09:06:12 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/23 09:04:33 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/03/23 09:04:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/23 09:03:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/20 17:10:01 | 00,000,309 | ---- | M] () -- C:\WINDOWS\PROMILES.INI
[2009/03/18 13:37:37 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Driver Accident Log.xls
[2009/03/17 17:20:03 | 06,947,235 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\lcbackup.zip
[2009/03/12 11:06:06 | 00,000,977 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Spybot - Search & Destroy.lnk
[2009/03/12 11:05:04 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Robert\Desktop\setup-spybotsd162.exe
[2009/03/12 09:01:43 | 00,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 16:37:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 14:47:24 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Shortcut to HijackThis.exe.lnk
[2009/03/09 16:46:07 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Robert\Desktop\spybotsd162.exe
[2009/03/09 12:57:13 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/09 12:53:44 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robert\Desktop\mbam-setup.exe
[2009/03/09 11:33:05 | 00,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
[2009/03/09 11:33:05 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
[2009/03/09 11:33:05 | 00,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
[2009/03/09 11:33:05 | 00,009,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2009/03/09 11:32:16 | 00,350,279 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\PSHLD100.ZIP
[2009/03/09 11:02:17 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Robert\Desktop\IE7-WindowsXP-x86-enu.exe
[2009/03/09 10:03:55 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/09 10:03:55 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/03/09 10:03:55 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/09 10:03:55 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/03/09 09:46:16 | 00,001,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[2009/03/09 09:16:31 | 00,398,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 09:16:31 | 00,060,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/09 09:16:29 | 00,465,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/27 15:20:05 | 00,726,253 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\IRP Extension.pdf
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


OTListIt Extras logfile created on: 3/23/09 2:18:08 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

630.98 Mb Total Physical Memory | 173.94 Mb Available Physical Memory | 27.57% Memory free
812.25 Mb Paging File | 263.14 Mb Available in Paging File | 32.40% Paging File free
Paging file location(s): C:\pagefile.sys 180 360;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.13 Gb Total Space | 40.50 Gb Free Space | 56.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 18.81 Gb Total Space | 13.27 Gb Free Space | 70.54% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT_N
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw
[2002/09/02 09:53:50 | 00,032,768 | ---- | M] () -- C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Disabled:javaw
[2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
[2007/05/11 12:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Disabled:pcAnywhere Host Service
[2007/05/11 12:10:00 | 00,136,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2004/04/23 11:34:23 | 07,899,252 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion
File not found -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002F1258-FAEB-4C2C-B537-CB65E9679C70}" = Keller's Alcohol & Drug Testing Software Product Install
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{12118183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{13EB4BEC-7DB4-44C3-A46A-459E35999448}" = QuickScan 3.0
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{80380166-A872-4B78-B98A-33447A032BDF}" = ThinkCentre Wallpaper
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9DD19562-CB7B-45E3-8041-58070274FB78}" = Error Recovery Guide
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}" = IBM 32-bit Runtime Environment for Java 2, v1.4.0
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEFF1CC5-2774-4EAE-A19F-8A86F2E9EFDB}" = ScandAll 21
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B32367FA-BD6B-4F82-AB3C-FD3F57356622}" = DMS 3rd Quarter 2005 Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{BD31292B-D01D-4F5A-8DC4-4D5963E4A229}" = SymNet
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = Access IBM Cleanup Utility
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (JJKA_KDS)
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.0.8 Standard - English, Franšais, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Fujitsu ISIS Drivers" = Fujitsu ISIS Drivers
"HijackThis" = HijackThis 2.0.2
"IBM Access Support" = IBM Access Support
"InstallShield_{002F1258-FAEB-4C2C-B537-CB65E9679C70}" = Keller's Alcohol & Drug Testing Software
"InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}" = IBM 32-bit Runtime Environment for Java 2, v1.4.0
"KellerMILES Ver. 8 powered by ProMiles«" = KellerMILES Ver. 8 powered by ProMiles«
"Keller's Mileage Database" = Keller's Mileage Database
"KellerSCAN for Log Auditing" = KellerSCAN for Log Auditing
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LiveReg" = LiveReg (Symantec Corporation)
"Madden NFL 08" = Madden NFL 08 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Office8.0" = Microsoft Office 97, Professional Edition
"PhotoShow Express" = PhotoShow Express
"PROSet" = Intel® PRO Network Adapters and Drivers
"PSNPMONV1" = Network Print Monitor for Windows 2000/XP
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"Software Operation Panel" = Software Operation Panel
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"Support.com" = Support.com Software
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/09 1:30:22 PM | Computer Name = ROBERT_N | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/17/09 1:30:22 PM | Computer Name = ROBERT_N | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/19/09 8:42:48 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/25/09 9:28:45 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.31, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/09 7:47:48 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application DMS.WinUI.exe, version 5.0.1724.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/09 7:47:49 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application DMS.WinUI.exe, version 5.0.1724.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/09 2:46:05 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6775.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/09 5:13:47 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application jlcmain.exe, version 4.0.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/16/09 8:24:14 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application jlcmain.exe, version 4.0.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/09 8:11:07 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application DMS.WinUI.exe, version 5.0.1724.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/23/09 5:15:49 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:16:22 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:16:54 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:17:27 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:18:01 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:18:34 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:19:07 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:19:40 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:20:13 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:20:45 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.


< End of report >

#7 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 23 March 2009 - 04:30 PM

Here is the Extras List but it looks the same as the OTLIstIt to me...

OTListIt Extras logfile created on: 3/23/09 2:18:08 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

630.98 Mb Total Physical Memory | 173.94 Mb Available Physical Memory | 27.57% Memory free
812.25 Mb Paging File | 263.14 Mb Available in Paging File | 32.40% Paging File free
Paging file location(s): C:\pagefile.sys 180 360;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.13 Gb Total Space | 40.50 Gb Free Space | 56.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 18.81 Gb Total Space | 13.27 Gb Free Space | 70.54% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT_N
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2001/05/06 11:14:22 | 00,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw
[2002/09/02 09:53:50 | 00,032,768 | ---- | M] () -- C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Disabled:javaw
[2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
[2007/05/11 12:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Disabled:pcAnywhere Host Service
[2007/05/11 12:10:00 | 00,136,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2004/04/23 11:34:23 | 07,899,252 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion
File not found -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002F1258-FAEB-4C2C-B537-CB65E9679C70}" = Keller's Alcohol & Drug Testing Software Product Install
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{12118183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{13EB4BEC-7DB4-44C3-A46A-459E35999448}" = QuickScan 3.0
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{80380166-A872-4B78-B98A-33447A032BDF}" = ThinkCentre Wallpaper
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9DD19562-CB7B-45E3-8041-58070274FB78}" = Error Recovery Guide
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}" = IBM 32-bit Runtime Environment for Java 2, v1.4.0
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEFF1CC5-2774-4EAE-A19F-8A86F2E9EFDB}" = ScandAll 21
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B32367FA-BD6B-4F82-AB3C-FD3F57356622}" = DMS 3rd Quarter 2005 Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{BD31292B-D01D-4F5A-8DC4-4D5963E4A229}" = SymNet
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = Access IBM Cleanup Utility
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (JJKA_KDS)
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.0.8 Standard - English, Franšais, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Fujitsu ISIS Drivers" = Fujitsu ISIS Drivers
"HijackThis" = HijackThis 2.0.2
"IBM Access Support" = IBM Access Support
"InstallShield_{002F1258-FAEB-4C2C-B537-CB65E9679C70}" = Keller's Alcohol & Drug Testing Software
"InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}" = IBM 32-bit Runtime Environment for Java 2, v1.4.0
"KellerMILES Ver. 8 powered by ProMiles«" = KellerMILES Ver. 8 powered by ProMiles«
"Keller's Mileage Database" = Keller's Mileage Database
"KellerSCAN for Log Auditing" = KellerSCAN for Log Auditing
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LiveReg" = LiveReg (Symantec Corporation)
"Madden NFL 08" = Madden NFL 08 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Office8.0" = Microsoft Office 97, Professional Edition
"PhotoShow Express" = PhotoShow Express
"PROSet" = Intel® PRO Network Adapters and Drivers
"PSNPMONV1" = Network Print Monitor for Windows 2000/XP
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"Software Operation Panel" = Software Operation Panel
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"Support.com" = Support.com Software
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/09 1:30:22 PM | Computer Name = ROBERT_N | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/17/09 1:30:22 PM | Computer Name = ROBERT_N | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/19/09 8:42:48 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/25/09 9:28:45 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.31, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/09 7:47:48 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application DMS.WinUI.exe, version 5.0.1724.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/09 7:47:49 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application DMS.WinUI.exe, version 5.0.1724.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/09 2:46:05 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6775.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/09 5:13:47 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application jlcmain.exe, version 4.0.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/16/09 8:24:14 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application jlcmain.exe, version 4.0.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/09 8:11:07 PM | Computer Name = ROBERT_N | Source = Application Hang | ID = 1002
Description = Hanging application DMS.WinUI.exe, version 5.0.1724.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/23/09 5:15:49 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:16:22 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:16:54 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:17:27 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:18:01 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:18:34 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:19:07 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:19:40 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:20:13 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.

Error - 3/23/09 5:20:45 PM | Computer Name = ROBERT_N | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer PAM using any of
the configured protocols.


< End of report >

#8 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 23 March 2009 - 07:10 PM

Sorry, it's taken me so long to post the Gmer log. During the first run the computer crashed. Windows said something about the soundcard being behind the error. At any rate, I ran it again and it's been going for like 2 hours.... so if it doesn't complete in the next 10 minutes or so, I am gonna have to post the Gmer log tomorrow.

Thanks.

#9 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 24 March 2009 - 12:27 PM

I am having a problem obtaining a Gmer log. I have run three scans and in the middle of all three my computer has crashed. Upon rebooting it says "Windows has recovered from a serious error". I think I was able to find the files that the error occured in, according to their reports. And actually, it may coencide with the issue I am having. The two files are in the temp folder... which may be part of my issue not being able to delete websites from the address bar? At any rate, where do I go from here?

Thanks.

#10 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 24 March 2009 - 03:06 PM

Nevermind! Fourth time is a charm, I guess.

GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-24 13:03:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8320D9F8 ZwAlertResumeThread
SSDT 8323E138 ZwAlertThread
SSDT 834A5008 ZwAllocateVirtualMemory
SSDT 833BE870 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF02D2020]
SSDT 83208380 ZwCreateMutant
SSDT SnopFree.sys ZwCreateProcessEx [0xF8FD69E4]
SSDT 832521A0 ZwCreateThread
SSDT 8323F030 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF02D22A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF02D2800]
SSDT 834A4058 ZwFreeVirtualMemory
SSDT 834A5058 ZwImpersonateAnonymousToken
SSDT 829902F0 ZwImpersonateThread
SSDT 83740090 ZwMapViewOfSection
SSDT 832082A0 ZwOpenEvent
SSDT 834940D8 ZwOpenProcessToken
SSDT 8323F0D0 ZwOpenSection
SSDT 83364750 ZwOpenThreadToken
SSDT 834947F0 ZwResumeThread
SSDT 833A7A30 ZwSetContextThread
SSDT 83364820 ZwSetInformationProcess
SSDT 83404B50 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF02D2A50]
SSDT 832630A8 ZwSuspendProcess
SSDT 832102F0 ZwSuspendThread
SSDT 8366A910 ZwTerminateProcess
SSDT 8320D4D0 ZwTerminateThread
SSDT 8323E2C0 ZwUnmapViewOfSection
SSDT 834A4008 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + C8 804E2724 4 Bytes CALL A040AA64
? C:\WINDOWS\system32\drivers\SnopFree.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\Washer\WasherSvc.exe[1220] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!VirtualProtect + 1C 7C801AF0 7 Bytes JMP 02FD0034
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 02FD00B8
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 02FD013F
.text C:\Program Files\Webroot\Washer\wwDisp.exe[3852] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0008F31D C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer Client Executable/Webroot Software, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Direct Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:58 PM

Posted 24 March 2009 - 03:54 PM

Hello, rerun6177

I am having a problem obtaining a Gmer log. I have run three scans and in the middle of all three my computer has crashed. Upon rebooting it says "Windows has recovered from a serious error". I think I was able to find the files that the error occured in, according to their reports. And actually, it may coencide with the issue I am having. The two files are in the temp folder... which may be part of my issue not being able to delete websites from the address bar? At any rate, where do I go from here?

Please give RootRepeal a shot instead :thumbup2:

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop:
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all six boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
In your next reply, please include the following:
  • RootRepeal Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:58 PM

Posted 24 March 2009 - 04:05 PM

Hello, rerun6177
Nevermind then I guess :thumbup2:

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otli
    O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [] File not found
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTListIt2 Fix Log
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 25 March 2009 - 12:03 PM

========== OTLISTIT ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

OTListIt2 by OldTimer - Version 2.0.7.1 log created on 03242009_144239

#14 rerun6177

rerun6177
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 25 March 2009 - 12:06 PM

ESET LOG:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3958 (20090324)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=ded43f367292f74188969a1e40672d12
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-25 12:59:03
# local_time=2009-03-24 05:59:03 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=458673
# found=4
# scan_time=7195
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP1289\A0141434.dll a variant of Win32/TrojanDownloader.Small.OLN trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP1289\A0141437.dll a variant of Win32/TrojanDownloader.Small.OLN trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP1304\A0142272.dll Win32/TrojanDownloader.Small.OLL trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP1305\A0142339.dll Win32/TrojanDownloader.Small.OLL trojan (unable to clean - deleted) 00000000000000000000000000000000

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:58 PM

Posted 25 March 2009 - 07:59 PM

Hello, rerun6177
Congratulations! You now appear clean! :thumbup2:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

We need to enable Spybot S&D's "TeaTimer"
Now that we're done with the fix, we should reenable TeaTimer.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click on Posted Image
  • Click on Posted Image
  • Check this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.
  • Push the large "Cleanup" button
  • Allow your system to reboot
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users