Virtumonde on laptop and external hard drive

Hi,

I contracted several Trojan Vundo/Virtumonde on my laptop--somehow my firewall was disabled, unsure if this was the Trojan's doing or my own accident. Then, by connecting my friend's WD My Book 500gb hard drive into the laptop, I think I may have transmitted the virus to the hard drive (unsure if I did as the laptop denies me access to the drive). Then, thinking the laptop was the problem, I tried connecting the hard drive to my desktop to see if I could access it. Now I think my desktop is infected with Vundo as well.

If there is any more information I can give just let me know. Here is the DDS:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Scholar at 22:51:34.79 on Sat 05/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1240 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\ld08.exe
C:\windows\pp06.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\DL32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Scholar\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.library.gsu.edu/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
BHO: {4f8a4978-1b8a-44cb-898a-f025a33a07c2} - c:\windows\system32\hbrxjowf.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: : {54d40bec-b45d-40fb-b57b-75ba37621aac} - c:\windows\system32\rwbjkmt.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {b2ba40a2-74f0-42bd-f434-12345a2c8953} -
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: 796525 Class: {e7f15ac4-e0a9-43f0-921b-70dfea621220} - c:\windows\system32\796525\796525.dll
BHO: {e9c18478-c948-4323-9276-e44b26f86661} - c:\windows\system32\vubebiye.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [<NO NAME>] c:\docume~1\scholar\locals~1\temp\eus40g.exe
uRun: [DL32] DL32
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ccApp] -
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxdpmon.exe] "c:\program files\lexmark z2300 series\lxdpmon.exe"
mRun: [lxdpamon] "c:\program files\lexmark z2300 series\lxdpamon.exe"
mRun: [sysldtray] c:\windows\ld08.exe
mRun: [pp] c:\windows\pp06.exe
StartupFolder: c:\docume~1\scholar\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: DisallowRun = 0 (0x0)
dPolicies-explorer: DisallowRun = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: amwzhdlh - rwbjkmt.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\woyohipo.dll c:\windows\system32\gipunowe.dll c:\windows\system32\ c:\windows\system32\bofigaro.dll c:\windows\system32\beyofaji.dll c:\windows\system32\jotogeni.dll c:\windows\system32\wuwogola.dll c:\windows\system32\bujasojo.dll,c:\windows\system32\,c:\windows\system32\gogiyajo.dll,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli wmgrv16.dll c:\windows\system32\gogiyajo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scholar\applic~1\mozilla\firefox\profiles\gpkd4l1v.default\
FF - prefs.js: browser.startup.homepage - www.library.gsu.edu
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\scholar\application data\mozilla\firefox\profiles\gpkd4l1v.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: XUL Cache: {80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913} - c:\documents and settings\scholar\local settings\application data\{80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913}

============= SERVICES / DRIVERS ===============

R0 atiide;ATI SATA Controller IDE mode;c:\windows\system32\drivers\atiide.sys [2008-5-1 3456]
R0 ejkcclji;ejkcclji;c:\windows\system32\drivers\ejkcclji.sys [2001-8-22 23424]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
R2 sgozfaty;Remote Access Auto Connection Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-4-30 2521880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-22 101936]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [2009-2-24 98984]
S2 YjeybopaO;YjeybopaO;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090422.005\naveng.sys [2009-4-22 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090422.005\navex15.sys [2009-4-22 876144]
S4 ccEvtMgr;Symantec Event Manager;- --> - [?]
S4 SAVRT;SAVRT;- --> - [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-05-02 22:43 <DIR> --d----- c:\program files\Trend Micro
2009-05-02 21:50 24,576 a------- c:\windows\system32\VundoFixSVC.exe
2009-05-02 19:58 <DIR> -cd----- C:\VundoFix Backups
2009-05-02 18:12 2 ----h--- c:\windows\t55ft2692f44.dat
2009-05-02 01:25 <DIR> --d----- c:\docume~1\scholar\applic~1\hswylizx
2009-05-02 00:05 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-02 00:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-01 23:49 <DIR> --dsh--- c:\windows\system32\lowsec
2009-04-29 17:00 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-04-29 17:00 10,752 ----h--- c:\windows\pp06.exe
2009-04-29 16:56 14,848 a------- c:\windows\system32\DL32.exe
2009-04-29 16:56 <DIR> --d----- c:\windows\system32\796525
2009-04-29 16:55 16,384 ----h--- c:\windows\ld08.exe
2009-04-29 16:55 101,884 a------- c:\windows\system32\drivers\7161cf21.sys
2009-04-29 16:55 101,888 ac------ C:\wwmeoblk.exe
2009-04-29 16:55 205,824 ac------ C:\pdtivk.exe
2009-04-29 16:55 2 ac------ C:\-2138545180
2009-04-29 16:55 113,664 a------- c:\windows\system32\azton.mt
2009-04-29 16:55 7,680 ac------ C:\celkadaa.exe
2009-04-29 16:54 113,664 ac------ C:\kggi.exe
2009-04-29 16:54 33,792 a------- c:\documents and settings\scholar\khgyrdte.dll
2009-04-26 23:41 1,407,011 ---sh--- c:\windows\system32\iguzojut.tmp
2009-04-24 16:32 2,713 ---sh--- c:\windows\system32\numuligi.dll
2009-04-22 22:32 0 a------- c:\windows\Ggamobomagifinos.binGgamobomagifinos.bin
2009-04-22 22:23 0 a------- c:\windows\Ggamobomagifinos.bin
2009-04-22 22:23 300 a------- c:\windows\Urecafuvahohilof.dat
2009-04-16 20:38 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-05 23:08 <DIR> --d----- c:\program files\BitPim

==================== Find3M ====================

2009-05-01 22:56 47,104 a--sh--- c:\windows\system32\feyagaso.exe
2009-04-27 19:02 47,616 a--sh--- c:\windows\system32\zekazide.exe
2009-04-26 23:19 46,592 a--sh--- c:\windows\system32\libodame.exe
2009-04-23 13:32 47,616 a--sh--- c:\windows\system32\tanovivo.exe
2009-04-22 22:08 47,616 a--sh--- c:\windows\system32\niniyifu.exe
2009-04-22 22:08 46,592 a--sh--- c:\windows\system32\hesuwopa.exe
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 06:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 13:22 2,136,064 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 13:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 12:49 2,015,744 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2008-05-01 12:25 14,080 a------- c:\windows\inf\uiu\ACPIFnKy.sys
2008-05-01 12:24 1,503,232 a------- c:\windows\inf\uiu\a9\igfxress.dll
2008-05-01 12:23 1,041,664 a------- c:\windows\inf\uiu\a15\HSF_DP.sys
2008-05-01 12:22 294,912 a------- c:\windows\inf\uiu\b_20422\atiiiexx.dll
2008-05-01 12:15 352,256 a------- c:\windows\inf\uiu\b_53633\atidemgx.dll
2008-05-01 12:14 28,160 a------- c:\windows\inf\uiu\a9\postproc.dll
2008-05-01 12:13 8,845,312 a------- c:\windows\inf\uiu\a10\RTLCPL.EXE
2008-04-30 16:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-01-25 20:28 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012520090126\index.dat

============= FINISH: 22:51:52.82 ===============

Hello!
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTListIt2 Report

• Please download OTListIt2 from here
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the "Run Scan" button.
• The scan should take just a few minutes.
• Copy the log that opens up and paste it back here in your next reply.

OK. Here's my MBAM log:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

5/3/2009 3:21:27 PM
mbam-log-2009-05-03 (15-21-20).txt

Scan type: Quick Scan
Objects scanned: 85732
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54d40bec-b45d-40fb-b57b-75ba37621aac} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\amwzhdlh (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54d40bec-b45d-40fb-b57b-75ba37621aac} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\rwbjkmt.dll (Trojan.Vundo.H) -> No action taken.


_____

And here's the OTListIt2 log:

OTListIt logfile created on: 5/3/2009 3:09:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Scholar\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.16% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 86.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 8.76 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCHOLAR-DGHWWG1
Current User Name: Scholar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2003/08/29 09:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/08/29 09:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/12 17:09:16 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/01/25 19:25:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/06/12 17:09:14 | 00,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/02/27 19:06:27 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2008/05/01 12:26:23 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe
PRC - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/12 17:09:16 | 02,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/03 09:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/03/14 19:49:02 | 00,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2007/05/14 13:49:33 | 00,151,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/08/17 09:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/09/17 11:56:08 | 00,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/25 19:25:45 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/05/14 13:49:28 | 00,057,344 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
PRC - [2008/05/01 12:26:24 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
PRC - [2008/05/01 12:26:28 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/05/01 12:26:28 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2008/05/01 12:26:28 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/05/01 12:26:28 | 00,245,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/27 11:15:23 | 00,656,040 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
PRC - [2009/01/29 15:01:36 | 23,975,720 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/03/27 11:15:19 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/28 11:20:00 | 00,415,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2009/01/29 15:01:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/02/17 19:35:27 | 05,425,664 | ---- | M] (Pamela-Systems) -- C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
PRC - [2009/04/27 23:57:36 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/03 15:09:04 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/12 17:09:16 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])
SRV - [2007/07/17 14:13:28 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2007/07/17 13:29:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - File not found -- -- (ccEvtMgr [Disabled | Stopped])
SRV - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2009/01/09 21:23:58 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/03 09:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/01/25 19:25:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/08/29 09:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2006/09/02 16:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/06/12 17:09:14 | 00,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])
SRV - [2008/02/27 19:06:12 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdpserv.exe -- (lxdpCATSCustConnectService [Auto | Stopped])
SRV - [2008/02/27 19:06:27 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe -- (lxdp_device [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - File not found -- -- (SNDSrvc [Disabled | Stopped])
SRV - [2007/01/10 16:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2008/05/01 12:26:23 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe -- (STacSV [Auto | Running])
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/06/12 17:09:16 | 02,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])
SRV - [2004/08/03 09:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 00:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Stopped])
DRV - [2007/07/17 14:22:22 | 02,156,032 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008/05/01 12:18:40 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide [Boot | Stopped])
DRV - [2004/08/04 00:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2008/05/01 12:26:14 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2003/03/08 15:51:50 | 00,121,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Stopped])
DRV - [2007/04/13 13:33:34 | 00,254,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/22 16:00:00 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ejkcclji.sys -- (ejkcclji [Boot | Running])
DRV - [2009/04/15 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/05/01 12:25:57 | 00,056,576 | ---- | M] (O2Micro) -- C:\WINDOWS\System32\Drivers\oz776.sys -- (guardian2 [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/06/12 17:05:50 | 00,045,056 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\HECI.sys -- (HECI [On_Demand | Stopped])
DRV - [2008/05/01 12:25:42 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2008/05/01 12:25:42 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2008/05/01 12:26:29 | 05,776,928 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/05/01 12:18:40 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor [Boot | Stopped])
DRV - [2008/05/01 12:25:40 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/04 00:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090502.002\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090502.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/05/01 12:26:00 | 02,206,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
DRV - [2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2001/08/22 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/06 04:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/09/06 14:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Stopped])
DRV - [2007/01/10 16:27:26 | 00,390,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2008/05/01 12:26:24 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2007/05/14 12:27:49 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/02/12 17:22:36 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2007/02/12 17:22:40 | 00,196,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI [Disabled | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/05/01 12:25:42 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/11/02 08:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2008/11/10 13:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]

IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]

IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.library.gsu.edu/
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\s-1-5-21-3488255955-569481763-3380988986-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\s-1-5-21-3488255955-569481763-3380988986-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.library.gsu.edu"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/25 19:25:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913}: C:\DOCUMENTS AND SETTINGS\SCHOLAR\LOCAL SETTINGS\APPLICATION DATA\{80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913} [2009/04/22 22:23:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/27 23:57:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/27 23:57:44 | 00,000,000 | ---D | M]

[2008/09/09 15:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Extensions
[2008/09/09 15:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/02 18:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Firefox\Profiles\gpkd4l1v.default\extensions
[2009/04/14 23:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Firefox\Profiles\gpkd4l1v.default\extensions\moveplayer@movenetworks.com
[2009/05/02 18:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 23:57:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/30 15:47:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/01/25 19:26:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/27 23:57:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 23:57:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/09 15:10:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/09 15:10:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/09 15:10:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 08:51:20 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/09 15:10:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/09 15:10:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/09 15:10:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (175 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (no name) - {4f8a4978-1b8a-44cb-898a-f025a33a07c2} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: () - {54d40bec-b45d-40fb-b57b-75ba37621aac} - c:\windows\system32\rwbjkmt.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {b2ba40a2-74f0-42bd-f434-12345a2c8953} - File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {e9c18478-c948-4323-9276-e44b26f86661} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
O4 - HKLM..\Run: [ccApp] - File not found
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [lxdpamon] "C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe" ()
O4 - HKLM..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe" ()
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008..\Run: [] C:\DOCUME~1\Scholar\LOCALS~1\Temp\eus40g.exe File not found
O4 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Scholar\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\woyohipo.dll) - c:\windows\system32\woyohipo.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\gipunowe.dll) - c:\windows\system32\gipunowe.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - c:\windows\system32 [2009/05/03 14:43:31 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (c:\windows\system32\bofigaro.dll) - c:\windows\system32\bofigaro.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\beyofaji.dll) - c:\windows\system32\beyofaji.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\jotogeni.dll) - c:\windows\system32\jotogeni.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\wuwogola.dll) - c:\windows\system32\wuwogola.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\bujasojo.dll) - c:\windows\system32\bujasojo.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\) - C:\WINDOWS\system32 [2009/05/03 14:43:31 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (C:\WINDOWS\system32\gogiyajo.dll) - C:\WINDOWS\system32\gogiyajo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\amwzhdlh: DllName - rwbjkmt.dll - C:\WINDOWS\system32\rwbjkmt.dll ()
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 12:00:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[1 C:\Documents and Settings\Scholar\My Documents\*.tmp files]
[2009/05/03 15:09:04 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe
[2009/05/03 04:29:35 | 64,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Scholar\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/03 02:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scholar\Application Data\hswylizx
[2009/05/03 01:12:51 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/02 22:49:40 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\dds.scr
[2009/05/02 22:43:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\HijackThis.lnk
[2009/05/02 22:43:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/02 22:41:56 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Scholar\Desktop\HJTInstall.exe
[2009/05/02 19:58:42 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/02 00:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/02 00:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/29 17:00:41 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/29 16:56:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525
[2009/04/29 16:56:13 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/04/29 16:55:38 | 00,101,884 | ---- | C] () -- C:\WINDOWS\System32\drivers\7161cf21.sys
[2009/04/29 16:55:26 | 00,101,888 | ---- | C] () -- C:\wwmeoblk.exe
[2009/04/29 16:55:08 | 00,000,002 | ---- | C] () -- C:\-2138545180
[2009/04/29 16:55:03 | 00,007,680 | ---- | C] () -- C:\celkadaa.exe
[2009/04/29 16:54:52 | 00,113,664 | ---- | C] () -- C:\kggi.exe
[2009/04/26 20:33:55 | 00,010,696 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\terrorism paper.docx
[2009/04/26 20:19:32 | 00,011,504 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\history paper.docx
[2009/04/24 16:32:28 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\numuligi.dll
[2009/04/23 17:07:59 | 00,022,606 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film final.docx
[2009/04/23 12:02:45 | 00,592,018 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\PUPPIES!.pptx
[2009/04/22 22:32:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ggamobomagifinos.binGgamobomagifinos.bin
[2009/04/22 22:23:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ggamobomagifinos.bin
[2009/04/22 22:23:41 | 00,000,300 | ---- | C] () -- C:\WINDOWS\Urecafuvahohilof.dat
[2009/04/21 17:02:29 | 00,035,504 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\art history test 3 notes.docx
[2009/04/21 00:04:13 | 00,014,292 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film analysis final.docx
[2009/04/16 20:38:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/04/15 04:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scholar\Desktop\seminar for jesse
[2009/04/09 22:52:45 | 00,014,687 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film paper 6.docx
[2009/04/07 22:56:57 | 00,003,648 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\kick.wav
[2009/04/07 01:47:23 | 19,957,83817 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\N-Strike Trailer.mov
[2009/04/05 23:09:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scholar\My Documents\bitpim
[2009/04/05 23:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\BitPim
[2009/02/24 23:23:27 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009/02/24 23:23:23 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2009/02/24 23:18:18 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009/02/24 23:18:02 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009/02/24 23:18:01 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009/02/24 23:18:00 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009/02/24 23:17:59 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009/02/24 23:17:58 | 01,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009/02/24 23:17:58 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009/02/24 23:17:57 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009/02/24 23:17:57 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009/02/24 23:17:56 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009/02/24 23:17:53 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009/02/24 23:17:52 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2009/02/24 23:17:50 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2009/02/24 23:17:49 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2008/08/27 23:04:44 | 00,000,280 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/08/22 13:10:52 | 00,000,337 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/05/01 12:26:29 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/04/30 09:36:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/30 09:36:23 | 00,000,589 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/14 16:35:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/14 13:09:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/05/14 13:09:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2007/05/14 13:08:37 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007/05/14 12:29:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/09 17:07:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2003/03/26 10:19:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2002/11/13 11:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2001/08/22 16:00:00 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\hbrxjowf.dll
[2001/08/22 16:00:00 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\rwbjkmt.dll
[2001/08/22 16:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/22 16:00:00 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Scholar\My Documents\*.tmp files]
[2009/05/03 15:12:08 | 00,101,884 | ---- | M] () -- C:\WINDOWS\System32\drivers\7161cf21.sys
[2009/05/03 15:09:04 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe
[2009/05/03 14:48:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/03 14:48:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Scholar\Local Settings\desktop.ini
[2009/05/03 14:44:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/03 14:44:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/03 04:34:51 | 64,470,784 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Scholar\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/03 03:44:43 | 00,000,589 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/02 22:49:41 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\dds.scr
[2009/05/02 22:43:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\HijackThis.lnk
[2009/05/02 22:41:57 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Scholar\Desktop\HJTInstall.exe
[2009/05/02 21:45:03 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/02 16:32:04 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/05/02 00:38:27 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yonewozi
[2009/05/02 00:37:57 | 00,000,217 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090502-003757.backup
[2009/05/02 00:37:57 | 00,000,175 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/02 00:01:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ggamobomagifinos.bin
[2009/05/01 22:56:50 | 00,047,104 | -HS- | M] () -- C:\WINDOWS\System32\feyagaso.exe
[2009/04/29 17:00:41 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/29 16:55:31 | 00,101,888 | ---- | M] () -- C:\wwmeoblk.exe
[2009/04/29 16:55:09 | 00,000,002 | ---- | M] () -- C:\-2138545180
[2009/04/29 16:55:03 | 00,007,680 | ---- | M] () -- C:\celkadaa.exe
[2009/04/29 16:54:53 | 00,113,664 | ---- | M] () -- C:\kggi.exe
[2009/04/27 19:02:12 | 00,047,616 | -HS- | M] () -- C:\WINDOWS\System32\zekazide.exe
[2009/04/27 01:48:25 | 00,037,944 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Dinosaur Class 1-12.docx
[2009/04/27 01:29:39 | 00,011,504 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\history paper.docx
[2009/04/26 23:19:32 | 00,046,592 | -HS- | M] () -- C:\WINDOWS\System32\libodame.exe
[2009/04/26 20:37:32 | 00,010,696 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\terrorism paper.docx
[2009/04/24 16:32:28 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\numuligi.dll
[2009/04/24 04:53:18 | 00,022,606 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film final.docx
[2009/04/23 13:32:37 | 00,047,616 | -HS- | M] () -- C:\WINDOWS\System32\tanovivo.exe
[2009/04/23 12:04:21 | 00,094,965 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\TOP SECRET.pptx
[2009/04/23 12:02:46 | 00,592,018 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\PUPPIES!.pptx
[2009/04/23 01:05:35 | 00,000,300 | ---- | M] () -- C:\WINDOWS\Urecafuvahohilof.dat
[2009/04/22 23:02:50 | 00,014,292 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film analysis final.docx
[2009/04/22 22:32:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ggamobomagifinos.binGgamobomagifinos.bin
[2009/04/22 22:08:25 | 00,047,616 | -HS- | M] () -- C:\WINDOWS\System32\niniyifu.exe
[2009/04/22 22:08:18 | 00,046,592 | -HS- | M] () -- C:\WINDOWS\System32\hesuwopa.exe
[2009/04/21 17:05:19 | 00,035,504 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\art history test 3 notes.docx
[2009/04/21 17:01:03 | 00,093,907 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Art History 1-27.docx
[2009/04/21 16:52:29 | 00,003,486 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\jump.celtx
[2009/04/21 16:10:39 | 00,004,912 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\The Door.celtx
[2009/04/21 03:26:06 | 00,014,687 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film paper 6.docx
[2009/04/20 20:42:50 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/20 18:00:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/15 18:23:56 | 00,401,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 18:23:56 | 00,061,026 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 18:23:55 | 00,468,688 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 18:19:08 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/15 18:19:08 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/15 03:09:01 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/07 22:56:58 | 00,003,648 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\kick.wav
[2009/04/07 16:30:09 | 00,012,655 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Winter.docx
[2009/04/07 01:44:54 | 19,957,83817 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\N-Strike Trailer.mov
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >


My external drive was not connected at the time of either of these scans; should I post logs for that as well?

Just keep the external drive disconnected for now.


Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O20 - Winlogon\Notify\amwzhdlh: DllName - rwbjkmt.dll - C:\WINDOWS\system32\rwbjkmt.dll ()
  O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
  O20 - AppInit_DLLs: (c:\windows\system32\woyohipo.dll) - c:\windows\system32\woyohipo.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\gipunowe.dll) - c:\windows\system32\gipunowe.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\) - c:\windows\system32 [2009/05/03 14:43:31 | 00,000,000 | ---D | M]
  O20 - AppInit_DLLs: (c:\windows\system32\bofigaro.dll) - c:\windows\system32\bofigaro.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\beyofaji.dll) - c:\windows\system32\beyofaji.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\jotogeni.dll) - c:\windows\system32\jotogeni.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\wuwogola.dll) - c:\windows\system32\wuwogola.dll File not found
  O20 - AppInit_DLLs: (c:\windows\system32\bujasojo.dll) - c:\windows\system32\bujasojo.dll File not found
  O20 - AppInit_DLLs: (C:\WINDOWS\system32\) - C:\WINDOWS\system32 [2009/05/03 14:43:31 | 00,000,000 | ---D | M]
  O20 - AppInit_DLLs: (C:\WINDOWS\system32\gogiyajo.dll) - C:\WINDOWS\system32\gogiyajo.dll File not found
  O4 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008..\Run: [] C:\DOCUME~1\Scholar\LOCALS~1\Temp\eus40g.exe File not found
  O2 - BHO: (no name) - {4f8a4978-1b8a-44cb-898a-f025a33a07c2} - Reg Error: Key error. File not found
  O2 - BHO: () - {54d40bec-b45d-40fb-b57b-75ba37621aac} - c:\windows\system32\rwbjkmt.dll ()
  O2 - BHO: (no name) - {b2ba40a2-74f0-42bd-f434-12345a2c8953} - File not found
  O2 - BHO: (no name) - {e9c18478-c948-4323-9276-e44b26f86661} - Reg Error: Key error. File not found
  
  :Files
  C:\WINDOWS\System32\niniyifu.exe
  C:\WINDOWS\System32\hesuwopa.exe
  C:\WINDOWS\System32\tanovivo.exe
  C:\WINDOWS\System32\numuligi.dll
  C:\WINDOWS\System32\libodame.exe
  C:\WINDOWS\System32\zekazide.exe
  C:\WINDOWS\System32\feyagaso.exe
  C:\WINDOWS\9g2234wesdf3dfgjf23
  C:\wwmeoblk.exe
  C:\-2138545180
  C:\celkadaa.exe
  C:\kggi.exe
  C:\WINDOWS\tasks\At*.job
  C:\WINDOWS\System32\yonewozi
  
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL2 log

===================


Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

===================

Reconnect your external drive for this next step.


Please do an online scan with Kaspersky WebScanner.

• Please visit the Kaspersky Online Scanner website.
• Click on the Accept button and install any components it needs.
• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

The new OTListIt logfile:

______


OTListIt logfile created on: 5/4/2009 5:04:25 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Scholar\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.27% Memory free
3.84 Gb Paging File | 3.63 Gb Available in Paging File | 94.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 8.70 Gb Free Space | 15.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCHOLAR-DGHWWG1
Current User Name: Scholar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2003/08/29 09:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/08/29 09:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/12 17:09:16 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/01/25 19:25:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/06/12 17:09:14 | 00,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/02/27 19:06:27 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2008/05/01 12:26:23 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe
PRC - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/12 17:09:16 | 02,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/03 09:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/05/03 15:09:04 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/12 17:09:16 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])
SRV - [2007/07/17 14:13:28 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2007/07/17 13:29:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - File not found -- -- (ccEvtMgr [Disabled | Stopped])
SRV - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2009/01/09 21:23:58 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/03 09:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/01/25 19:25:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/08/29 09:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2006/09/02 16:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/06/12 17:09:14 | 00,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])
SRV - [2008/02/27 19:06:12 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdpserv.exe -- (lxdpCATSCustConnectService [Auto | Stopped])
SRV - [2008/02/27 19:06:27 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe -- (lxdp_device [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - File not found -- -- (SNDSrvc [Disabled | Stopped])
SRV - [2007/01/10 16:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2008/05/01 12:26:23 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe -- (STacSV [Auto | Running])
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/06/12 17:09:16 | 02,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])
SRV - [2004/08/03 09:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 00:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2007/07/17 14:22:22 | 02,156,032 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008/05/01 12:18:40 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide [Boot | Running])
DRV - [2004/08/04 00:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2008/05/01 12:26:14 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2003/03/08 15:51:50 | 00,121,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Stopped])
DRV - [2007/04/13 13:33:34 | 00,254,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/22 16:00:00 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ejkcclji.sys -- (ejkcclji [Boot | Running])
DRV - [2009/04/15 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/05/01 12:25:57 | 00,056,576 | ---- | M] (O2Micro) -- C:\WINDOWS\System32\Drivers\oz776.sys -- (guardian2 [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/06/12 17:05:50 | 00,045,056 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\HECI.sys -- (HECI [On_Demand | Stopped])
DRV - [2008/05/01 12:25:42 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2008/05/01 12:25:42 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2008/05/01 12:26:29 | 05,776,928 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/05/01 12:18:40 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor [Boot | Running])
DRV - [2008/05/01 12:25:40 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/04 00:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090502.002\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090502.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/05/01 12:26:00 | 02,206,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
DRV - [2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2001/08/22 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/06 04:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/09/06 14:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2007/01/10 16:27:26 | 00,390,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2008/05/01 12:26:24 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2007/05/14 12:27:49 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/02/12 17:22:36 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2007/02/12 17:22:40 | 00,196,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI [Disabled | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/05/01 12:25:42 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/11/02 08:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2008/11/10 13:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]

IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]

IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.library.gsu.edu/
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\s-1-5-21-3488255955-569481763-3380988986-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\s-1-5-21-3488255955-569481763-3380988986-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.library.gsu.edu"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/25 19:25:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913}: C:\DOCUMENTS AND SETTINGS\SCHOLAR\LOCAL SETTINGS\APPLICATION DATA\{80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913} [2009/04/22 22:23:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/27 23:57:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/27 23:57:44 | 00,000,000 | ---D | M]

[2008/09/09 15:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Extensions
[2008/09/09 15:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/02 18:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Firefox\Profiles\gpkd4l1v.default\extensions
[2009/04/14 23:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Firefox\Profiles\gpkd4l1v.default\extensions\moveplayer@movenetworks.com
[2009/05/02 18:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 23:57:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/30 15:47:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/01/25 19:26:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/27 23:57:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 23:57:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/09 15:10:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/09 15:10:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/09 15:10:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 08:51:20 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/09 15:10:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/09 15:10:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/09 15:10:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (175 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: () - {54d40bec-b45d-40fb-b57b-75ba37621aac} - c:\windows\system32\rwbjkmt.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
O4 - HKLM..\Run: [ccApp] - File not found
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [lxdpamon] "C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe" ()
O4 - HKLM..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe" ()
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [OTListIt] C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Scholar\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\amwzhdlh: DllName - rwbjkmt.dll - C:\WINDOWS\system32\rwbjkmt.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 12:00:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[1 C:\Documents and Settings\Scholar\My Documents\*.tmp files]
[2009/05/04 16:38:39 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/04 01:04:37 | 00,137,825 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\walltowall.php
[2009/05/03 15:09:04 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe
[2009/05/03 04:29:35 | 64,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Scholar\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/03 02:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scholar\Application Data\hswylizx
[2009/05/03 01:12:51 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/02 22:49:40 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\dds.scr
[2009/05/02 22:43:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\HijackThis.lnk
[2009/05/02 22:43:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/02 22:41:56 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Scholar\Desktop\HJTInstall.exe
[2009/05/02 19:58:42 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/02 00:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/02 00:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/29 16:56:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525
[2009/04/29 16:55:38 | 00,101,884 | ---- | C] () -- C:\WINDOWS\System32\drivers\7161cf21.sys
[2009/04/26 20:33:55 | 00,012,507 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\terrorism paper.docx
[2009/04/26 20:19:32 | 00,012,018 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\history paper.docx
[2009/04/23 17:07:59 | 00,022,606 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film final.docx
[2009/04/23 12:02:45 | 00,592,018 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\PUPPIES!.pptx
[2009/04/22 22:32:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ggamobomagifinos.binGgamobomagifinos.bin
[2009/04/22 22:23:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ggamobomagifinos.bin
[2009/04/22 22:23:41 | 00,000,300 | ---- | C] () -- C:\WINDOWS\Urecafuvahohilof.dat
[2009/04/21 17:02:29 | 00,035,504 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\art history test 3 notes.docx
[2009/04/21 00:04:13 | 00,014,292 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film analysis final.docx
[2009/04/16 20:38:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/04/15 04:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scholar\Desktop\seminar for jesse
[2009/04/09 22:52:45 | 00,014,687 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film paper 6.docx
[2009/04/07 22:56:57 | 00,003,648 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\kick.wav
[2009/04/07 01:47:23 | 19,957,83817 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\N-Strike Trailer.mov
[2009/04/05 23:09:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scholar\My Documents\bitpim
[2009/04/05 23:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\BitPim
[2009/02/24 23:23:27 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009/02/24 23:23:23 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2009/02/24 23:18:18 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009/02/24 23:18:02 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009/02/24 23:18:01 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009/02/24 23:18:00 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009/02/24 23:17:59 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009/02/24 23:17:58 | 01,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009/02/24 23:17:58 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009/02/24 23:17:57 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009/02/24 23:17:57 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009/02/24 23:17:56 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009/02/24 23:17:53 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009/02/24 23:17:52 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2009/02/24 23:17:50 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2009/02/24 23:17:49 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2008/08/27 23:04:44 | 00,000,280 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/08/22 13:10:52 | 00,000,337 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/05/01 12:26:29 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/04/30 09:36:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/30 09:36:23 | 00,000,589 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/14 16:35:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/14 13:09:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/05/14 13:09:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2007/05/14 13:08:37 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007/05/14 12:29:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/09 17:07:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2003/03/26 10:19:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2002/11/13 11:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2001/08/22 16:00:00 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\hbrxjowf.dll
[2001/08/22 16:00:00 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\rwbjkmt.dll
[2001/08/22 16:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/22 16:00:00 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Scholar\My Documents\*.tmp files]
[2009/05/04 17:06:54 | 00,101,884 | ---- | M] () -- C:\WINDOWS\System32\drivers\7161cf21.sys
[2009/05/04 16:45:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/04 16:45:08 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Scholar\Local Settings\desktop.ini
[2009/05/04 16:44:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 16:44:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 02:29:37 | 00,012,507 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\terrorism paper.docx
[2009/05/04 02:20:09 | 00,012,018 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\history paper.docx
[2009/05/04 01:04:38 | 00,137,825 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\walltowall.php
[2009/05/03 15:09:04 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe
[2009/05/03 04:34:51 | 64,470,784 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Scholar\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/03 03:44:43 | 00,000,589 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/02 22:49:41 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\dds.scr
[2009/05/02 22:43:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\HijackThis.lnk
[2009/05/02 22:41:57 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Scholar\Desktop\HJTInstall.exe
[2009/05/02 21:45:03 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/02 00:37:57 | 00,000,217 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090502-003757.backup
[2009/05/02 00:37:57 | 00,000,175 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/02 00:01:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ggamobomagifinos.bin
[2009/04/27 01:48:25 | 00,037,944 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Dinosaur Class 1-12.docx
[2009/04/24 04:53:18 | 00,022,606 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film final.docx
[2009/04/23 12:04:21 | 00,094,965 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\TOP SECRET.pptx
[2009/04/23 12:02:46 | 00,592,018 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\PUPPIES!.pptx
[2009/04/23 01:05:35 | 00,000,300 | ---- | M] () -- C:\WINDOWS\Urecafuvahohilof.dat
[2009/04/22 23:02:50 | 00,014,292 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film analysis final.docx
[2009/04/22 22:32:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ggamobomagifinos.binGgamobomagifinos.bin
[2009/04/21 17:05:19 | 00,035,504 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\art history test 3 notes.docx
[2009/04/21 17:01:03 | 00,093,907 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Art History 1-27.docx
[2009/04/21 16:52:29 | 00,003,486 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\jump.celtx
[2009/04/21 16:10:39 | 00,004,912 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\The Door.celtx
[2009/04/21 03:26:06 | 00,014,687 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film paper 6.docx
[2009/04/20 20:42:50 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/20 18:00:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/15 18:23:56 | 00,401,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 18:23:56 | 00,061,026 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 18:23:55 | 00,468,688 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 18:19:08 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/15 18:19:08 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/15 03:09:01 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/07 22:56:58 | 00,003,648 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\kick.wav
[2009/04/07 16:30:09 | 00,012,655 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Winter.docx
[2009/04/07 01:44:54 | 19,957,83817 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\N-Strike Trailer.mov
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >

______________

My friend took back his hard drive; he decided to fix it himself.

Please visit the online Jotti Virus Scanner

• Click on Browse button.
• Navigate to the following file and upload it.
  
  
  C:\WINDOWS\System32\drivers\7161cf21.sys
  
  
  
• Click on the button.
  The scanner will check the file with various AV companies.
• Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html


How is your computer behaving now?

the Jottie website gives me this message:
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

and Virustotal says this:
0 bytes size received / Se ha recibido un archivo vacio

What should I do?

My computer is behaving normally for the most part. Certain things--my memory card, my friend's external hard drive, my external CD/DVD drive--are inaccessible when plugged in, however. Aside from that, occasional slowdowns. I don't seem to be getting the malicious anti-virus pop-up ads anymore, though.

Another note: I cannot access Internet Explorer, or the iTunes store. Not sure what this could mean.

Click Start -> Run -> iexplore and click Ok.

What happens?

I get this message in the window:

Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information

This problem can be caused by a variety of issues, including:

Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.

For offline users

You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds

Click the Favorites Center button , click Feeds, and then click the feed you want to view.

To view recently visited webpages (might not work on all pages)

Click Tools , and then click Work Offline.
Click the Favorites Center button , click History, and then click the page you want to view.


____

I believe I see the problem.


Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
  IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\s-1-5-21-3488255955-569481763-3380988986-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\s-1-5-21-3488255955-569481763-3380988986-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
  
  :Commands
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL2 log

After rebooting try IE again and let me know if you get the same error message.

OTListIt logfile created on: 5/7/2009 2:45:10 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Scholar\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.59% Memory free
3.84 Gb Paging File | 3.61 Gb Available in Paging File | 94.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 8.49 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCHOLAR-DGHWWG1
Current User Name: Scholar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2003/08/29 09:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/08/29 09:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/12 17:09:16 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/05/04 18:25:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/06/12 17:09:14 | 00,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/02/27 19:06:27 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2008/05/01 12:26:23 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe
PRC - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/12 17:09:16 | 02,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2004/08/03 09:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/03 15:09:04 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/12 17:09:16 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])
SRV - [2007/07/17 14:13:28 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2007/07/17 13:29:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - File not found -- -- (ccEvtMgr [Disabled | Stopped])
SRV - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2009/01/09 21:23:58 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/03 09:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/05/04 18:25:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice [Auto | Running])
SRV - [2003/08/29 09:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2006/09/02 16:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/06/12 17:09:14 | 00,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])
SRV - [2008/02/27 19:06:12 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdpserv.exe -- (lxdpCATSCustConnectService [Auto | Stopped])
SRV - [2008/02/27 19:06:27 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe -- (lxdp_device [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - File not found -- -- (SNDSrvc [Disabled | Stopped])
SRV - [2007/01/10 16:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2008/05/01 12:26:23 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe -- (STacSV [Auto | Running])
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/06/12 17:09:16 | 02,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])
SRV - [2004/08/03 09:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (All) ==========

DRV - [2004/08/04 00:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - File not found -- -- (Abiosdsk [Disabled | Stopped])
DRV - File not found -- -- (abp480n5 [Disabled | Stopped])
DRV - [2004/08/03 08:07:38 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI [Boot | Running])
DRV - [2001/08/22 16:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC [Disabled | Stopped])
DRV - File not found -- -- (ADIHdAudAddService [On_Demand | Stopped])
DRV - File not found -- -- (adpu160m [Disabled | Stopped])
DRV - [2006/02/14 20:22:26 | 00,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys -- (aec [On_Demand | Stopped])
DRV - [2008/08/14 05:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD [System | Running])
DRV - [2004/08/03 19:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440 [Boot | Running])
DRV - File not found -- -- (Aha154x [Disabled | Stopped])
DRV - File not found -- -- (aic78u2 [Disabled | Stopped])
DRV - File not found -- -- (aic78xx [Disabled | Stopped])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - File not found -- -- (amsint [Disabled | Stopped])
DRV - [2004/08/03 10:05:44 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\arp1394.sys -- (Arp1394 [On_Demand | Running])
DRV - File not found -- -- (asc [Disabled | Stopped])
DRV - File not found -- -- (asc3350p [Disabled | Stopped])
DRV - File not found -- -- (asc3550 [Disabled | Stopped])
DRV - [2004/08/03 08:05:04 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
DRV - [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - File not found -- -- (Atdisk [Disabled | Stopped])
DRV - [2007/07/17 14:22:22 | 02,156,032 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008/05/01 12:18:40 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide [Boot | Running])
DRV - [2004/08/03 07:58:32 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
DRV - [2001/08/17 09:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\audstub.sys -- (audstub [On_Demand | Stopped])
DRV - [2004/08/04 00:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2008/05/01 12:26:14 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2001/08/22 16:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - [2001/08/22 16:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
DRV - [2004/08/04 00:10:18 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand | Stopped])
DRV - File not found -- -- (cd20xrnt [Disabled | Stopped])
DRV - [2001/08/22 16:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
DRV - [2004/08/03 08:14:12 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Stopped])
DRV - [2008/05/02 05:05:56 | 00,062,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\cdrom.sys -- (Cdrom [System | Stopped])
DRV - File not found -- -- (Changer [System | Stopped])
DRV - [2004/08/03 23:07:40 | 00,014,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV - File not found -- -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 13:58:00 | 00,009,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt [Boot | Running])
DRV - File not found -- -- (Cpqarray [Disabled | Stopped])
DRV - File not found -- -- (dac960nt [Disabled | Stopped])
DRV - [2004/08/03 07:59:56 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk [Boot | Running])
DRV - [2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2004/08/03 08:07:18 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
DRV - [2004/08/03 08:07:18 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio [Boot | Running])
DRV - [2001/08/22 16:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload [Boot | Running])
DRV - [2004/08/03 23:07:40 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic [On_Demand | Stopped])
DRV - File not found -- -- (dpti2o [Disabled | Stopped])
DRV - [2004/08/03 23:07:58 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2003/03/08 15:51:50 | 00,121,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Stopped])
DRV - [2007/04/13 13:33:34 | 00,254,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/22 16:00:00 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ejkcclji.sys -- (ejkcclji [Boot | Running])
DRV - [2009/04/15 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2004/08/03 08:14:18 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Stopped])
DRV - [2004/08/03 07:59:28 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fdc.sys -- (Fdc [On_Demand | Stopped])
DRV - [2001/08/22 16:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
DRV - [2004/08/03 07:59:28 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\flpydisk.sys -- (Flpydisk [On_Demand | Stopped])
DRV - [2006/08/21 05:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr [Boot | Running])
DRV - [2001/08/22 16:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk [Boot | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2004/08/03 08:04:14 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msgpc.sys -- (Gpc [On_Demand | Running])
DRV - [2008/05/01 12:25:57 | 00,056,576 | ---- | M] (O2Micro) -- C:\WINDOWS\System32\Drivers\oz776.sys -- (guardian2 [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/06/12 17:05:50 | 00,045,056 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\HECI.sys -- (HECI [On_Demand | Stopped])
DRV - [2001/08/17 14:02:20 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\hidusb.sys -- (HidUsb [On_Demand | Stopped])
DRV - File not found -- -- (hpn [Disabled | Stopped])
DRV - [2008/05/01 12:25:42 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2008/05/01 12:25:42 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/03/16 20:33:10 | 00,262,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\HTTP.sys -- (HTTP [On_Demand | Stopped])
DRV - File not found -- -- (i2omgmt [System | Stopped])
DRV - File not found -- -- (i2omp [Disabled | Stopped])
DRV - [2004/08/03 08:14:38 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\i8042prt.sys -- (i8042prt [System | Running])
DRV - [2008/05/01 12:26:29 | 05,776,928 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/05/01 12:18:40 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor [Boot | Running])
DRV - [2004/08/03 08:00:16 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\imapi.sys -- (Imapi [System | Stopped])
DRV - File not found -- -- (ini910u [Disabled | Stopped])
DRV - [2004/08/03 22:59:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde [Boot | Running])
DRV - [2004/08/03 07:59:20 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\intelppm.sys -- (intelppm [System | Running])
DRV - [2004/08/03 08:00:08 | 00,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw [On_Demand | Stopped])
DRV - [2001/08/22 16:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
DRV - [2004/08/03 08:04:46 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ipinip.sys -- (IpInIp [On_Demand | Stopped])
DRV - [2004/09/29 18:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ipnat.sys -- (IpNat [On_Demand | Running])
DRV - [2004/08/03 08:14:30 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ipsec.sys -- (IPSec [System | Running])
DRV - [2004/08/03 08:00:48 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irenum.sys -- (IRENUM [On_Demand | Stopped])
DRV - [2001/08/17 13:58:02 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp [Boot | Running])
DRV - [2004/08/03 07:58:34 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\kbdclass.sys -- (Kbdclass [System | Running])
DRV - [2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\kbdhid.sys -- (kbdhid [System | Stopped])
DRV - [2006/06/14 04:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer [On_Demand | Running])
DRV - [2004/08/03 07:59:48 | 00,092,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
DRV - File not found -- -- (lbrtfdc [System | Stopped])
DRV - [2008/05/01 12:25:40 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/22 16:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
DRV - [2004/08/03 10:05:44 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Running])
DRV - [2004/08/03 10:05:44 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mouclass.sys -- (Mouclass [System | Running])
DRV - [2001/08/17 13:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mouhid.sys -- (mouhid [On_Demand | Stopped])
DRV - [2004/08/03 07:58:32 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
DRV - File not found -- -- (mraid35x [Disabled | Stopped])
DRV - [2007/12/18 05:51:35 | 00,179,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mrxdav.sys -- (MRxDAV [On_Demand | Running])
DRV - [2008/10/24 07:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mrxsmb.sys -- (MRxSmb [System | Running])
DRV - [2004/08/04 00:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2004/08/03 08:00:42 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
DRV - [2004/08/03 22:58:42 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV [On_Demand | Stopped])
DRV - [2004/08/03 22:58:40 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK [On_Demand | Stopped])
DRV - [2004/08/03 22:58:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM [On_Demand | Stopped])
DRV - [2004/08/03 10:05:44 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mssmbios.sys -- (mssmbios [On_Demand | Running])
DRV - [2004/08/03 23:58:40 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand | Stopped])
DRV - [2004/08/03 08:15:22 | 00,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
DRV - [2004/08/04 00:10:30 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090502.002\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/04/15 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090502.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2004/08/03 08:14:30 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [2004/08/04 00:10:14 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand | Stopped])
DRV - [2001/08/22 16:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ndistapi.sys -- (NdisTapi [On_Demand | Running])
DRV - [2004/08/03 10:05:44 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ndisuio.sys -- (Ndisuio [On_Demand | Running])
DRV - [2004/08/03 08:14:32 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ndiswan.sys -- (NdisWan [On_Demand | Running])
DRV - [2001/08/22 16:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
DRV - [2004/08/03 08:03:22 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\netbios.sys -- (NetBIOS [System | Running])
DRV - [2004/08/03 08:14:38 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\netbt.sys -- (NetBT [System | Running])
DRV - [2008/05/01 12:26:00 | 02,206,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
DRV - [2004/08/03 10:05:44 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nic1394.sys -- (NIC1394 [On_Demand | Running])
DRV - [2004/08/03 08:00:44 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
DRV - [2007/02/09 07:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [2001/08/22 16:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
DRV - [2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2001/08/22 16:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
DRV - [2001/08/22 16:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
DRV - [2004/08/03 23:10:10 | 00,061,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394 [Boot | Running])
DRV - [2004/08/03 10:05:44 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\parport.sys -- (Parport [On_Demand | Stopped])
DRV - [2001/08/22 16:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
DRV - [2001/08/22 16:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Disabled | Stopped])
DRV - [2004/08/03 23:07:48 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI [Boot | Running])
DRV - File not found -- -- (PCIDump [System | Stopped])
DRV - [2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
DRV - [2004/08/03 08:07:48 | 00,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia [Boot | Running])
DRV - File not found -- -- (PDCOMP [On_Demand | Stopped])
DRV - File not found -- -- (PDFRAME [On_Demand | Stopped])
DRV - File not found -- -- (PDRELI [On_Demand | Stopped])
DRV - File not found -- -- (PDRFRAME [On_Demand | Stopped])
DRV - File not found -- -- (perc2 [Disabled | Stopped])
DRV - File not found -- -- (perc2hib [Disabled | Stopped])
DRV - [2004/08/03 08:14:28 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\raspptp.sys -- (PptpMiniport [On_Demand | Running])
DRV - [2004/08/03 08:04:20 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\psched.sys -- (PSched [On_Demand | Running])
DRV - [2001/08/22 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/06 04:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - File not found -- -- (ql1080 [Disabled | Stopped])
DRV - File not found -- -- (Ql10wnt [Disabled | Stopped])
DRV - File not found -- -- (ql12160 [Disabled | Stopped])
DRV - File not found -- -- (ql1240 [Disabled | Stopped])
DRV - File not found -- -- (ql1280 [Disabled | Stopped])
DRV - [2001/08/22 16:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rasacd.sys -- (RasAcd [System | Running])
DRV - [2004/08/03 08:14:24 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
DRV - [2004/08/03 08:05:08 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\raspppoe.sys -- (RasPppoe [On_Demand | Running])
DRV - [2001/08/22 16:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\raspti.sys -- (Raspti [On_Demand | Running])
DRV - [2006/05/05 05:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rdbss.sys -- (Rdbss [System | Running])
DRV - [2001/08/22 16:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\RDPCDD.sys -- (RDPCDD [System | Running])
DRV - [2004/08/03 23:01:16 | 00,196,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rdpdr.sys -- (rdpdr [On_Demand | Running])
DRV - [2005/06/10 00:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
DRV - [2004/08/03 18:59:38 | 00,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\redbook.sys -- (redbook [System | Stopped])
DRV - File not found -- -- (SAVRT [Disabled | Stopped])
DRV - [2006/09/06 14:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2004/08/03 08:07:48 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - File not found -- -- (SenFiltService [On_Demand | Stopped])
DRV - [2004/08/03 07:59:08 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serenum.sys -- (serenum [On_Demand | Stopped])
DRV - [2004/08/03 08:15:54 | 00,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serial.sys -- (Serial [System | Stopped])
DRV - [2004/08/03 07:59:56 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
DRV - [2004/08/03 07:59:56 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
DRV - [2004/08/03 07:59:56 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
DRV - File not found -- -- (Simbad [Disabled | Stopped])
DRV - [2004/08/04 00:10:18 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SLIP.sys -- (SLIP [On_Demand | Stopped])
DRV - [2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2007/01/10 16:27:26 | 00,390,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2006/06/14 04:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
DRV - [2004/08/03 08:06:26 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr [Boot | Running])
DRV - [2008/12/11 07:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\srv.sys -- (Srv [On_Demand | Running])
DRV - [2008/05/01 12:26:24 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\StreamIP.sys -- (streamip [On_Demand | Stopped])
DRV - [2004/08/03 10:05:44 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\swenum.sys -- (swenum [On_Demand | Running])
DRV - [2001/08/17 14:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
DRV - File not found -- -- (symc810 [Disabled | Stopped])
DRV - File not found -- -- (symc8xx [Disabled | Stopped])
DRV - [2007/05/14 12:27:49 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/02/12 17:22:36 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2007/02/12 17:22:40 | 00,196,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI [Disabled | Stopped])
DRV - File not found -- -- (sym_hi [Disabled | Stopped])
DRV - File not found -- -- (sym_u3 [Disabled | Stopped])
DRV - [2004/08/03 23:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Running])
DRV - [2008/06/20 06:45:13 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\tcpip.sys -- (Tcpip [System | Running])
DRV - [2004/08/03 10:01:08 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
DRV - [2004/08/03 10:01:08 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
DRV - [2004/08/04 01:01:08 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\termdd.sys -- (TermDD [System | Running])
DRV - File not found -- -- (TosIde [Disabled | Stopped])
DRV - [2004/08/03 08:00:32 | 00,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
DRV - File not found -- -- (ultra [Disabled | Stopped])
DRV - [2007/04/23 06:32:54 | 00,364,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\update.sys -- (Update [On_Demand | Running])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/08/03 23:08:48 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbccgp.sys -- (usbccgp [On_Demand | Stopped])
DRV - [2004/08/03 23:08:38 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
DRV - [2004/08/03 23:08:44 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbhub.sys -- (usbhub [On_Demand | Running])
DRV - [2004/08/03 23:01:26 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbprint.sys -- (usbprint [On_Demand | Stopped])
DRV - [2004/08/03 23:08:48 | 00,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS -- (USBSTOR [On_Demand | Stopped])
DRV - [2004/08/03 23:08:38 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbuhci.sys -- (usbuhci [On_Demand | Running])
DRV - [2004/08/04 00:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
DRV - [2004/08/03 08:07:08 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave [System | Running])
DRV - [2004/08/03 22:59:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde [Boot | Running])
DRV - [2004/08/03 08:00:18 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
DRV - [2004/08/03 08:04:58 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wanarp.sys -- (Wanarp [On_Demand | Running])
DRV - [2008/03/27 17:27:46 | 00,503,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
DRV - File not found -- -- (WDICA [On_Demand | Stopped])
DRV - [2006/06/14 05:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Running])
DRV - [2008/05/01 12:25:42 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/11/02 08:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2004/08/03 23:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wmiacpi.sys -- (WmiAcpi [System | Running])
DRV - [2004/08/04 00:10:22 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand | Stopped])
DRV - [2008/01/18 23:52:52 | 00,077,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf [Boot | Running])
DRV - [2008/01/18 23:53:06 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wudfrd.sys -- (WudfRd [On_Demand | Stopped])
DRV - [2008/11/10 13:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]

IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]

IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 78 49 8A 4F 8A 1B CB 44 89 8A F0 25 A3 3A 07 C2 [binary data]
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.library.gsu.edu/
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\s-1-5-21-3488255955-569481763-3380988986-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\s-1-5-21-3488255955-569481763-3380988986-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.library.gsu.edu"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913}: C:\DOCUMENTS AND SETTINGS\SCHOLAR\LOCAL SETTINGS\APPLICATION DATA\{80A4C9ED-C1AB-41CE-B02E-FAAC1EA93913} [2009/04/22 22:23:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/04 18:25:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/27 23:57:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/27 23:57:44 | 00,000,000 | ---D | M]

[2008/09/09 15:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Extensions
[2008/09/09 15:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/06 21:07:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Firefox\Profiles\gpkd4l1v.default\extensions
[2009/04/14 23:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scholar\Application Data\mozilla\Firefox\Profiles\gpkd4l1v.default\extensions\moveplayer@movenetworks.com
[2009/05/06 21:07:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 23:57:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/30 15:47:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/04 18:25:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/27 23:57:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 23:57:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/09 15:10:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/09 15:10:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/09 15:10:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 08:51:20 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/09 15:10:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/09 15:10:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/09 15:10:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (175 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: () - {54d40bec-b45d-40fb-b57b-75ba37621aac} - c:\windows\system32\rwbjkmt.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
O4 - HKLM..\Run: [ccApp] - File not found
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [lxdpamon] "C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe" ()
O4 - HKLM..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe" ()
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [OTListIt] C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Scholar\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\s-1-5-21-3488255955-569481763-3380988986-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {cafeefac-0016-0000-0005-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {cafeefac-0016-0000-0013-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\amwzhdlh: DllName - rwbjkmt.dll - C:\WINDOWS\system32\rwbjkmt.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 12:00:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03e38fd5-f888-11dd-9536-002170948e6d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17f8b229-c002-11dd-94b9-002170948e6d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[2009/05/05 16:22:29 | 00,145,737 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\Traitor.htm
[2009/05/04 18:46:57 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Scholar\My Documents\~$story paper.docx
[2009/05/04 18:25:14 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/05/04 17:31:56 | 16,283,032 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\jre-6u13-windows-i586-p.exe
[2009/05/04 17:27:10 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/05/04 17:27:10 | 00,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/05/04 17:26:27 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/05/04 17:21:55 | 13,194,592 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\winzip120.exe
[2009/05/04 17:16:58 | 00,069,512 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\JavaRa.zip
[2009/05/04 16:38:39 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/04 01:04:37 | 00,137,825 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\walltowall.php
[2009/05/03 15:09:04 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe
[2009/05/03 04:29:35 | 64,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Scholar\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/03 02:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scholar\Application Data\hswylizx
[2009/05/03 01:12:51 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/02 22:49:40 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\dds.scr
[2009/05/02 22:43:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\HijackThis.lnk
[2009/05/02 22:43:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/02 22:41:56 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Scholar\Desktop\HJTInstall.exe
[2009/05/02 19:58:42 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/02 00:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/02 00:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/29 16:56:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525
[2009/04/29 16:55:38 | 00,101,884 | ---- | C] () -- C:\WINDOWS\System32\drivers\7161cf21.sys
[2009/04/26 20:33:55 | 00,015,446 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\terrorism paper.docx
[2009/04/26 20:19:32 | 00,017,846 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\history paper.docx
[2009/04/23 17:07:59 | 00,022,606 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film final.docx
[2009/04/23 12:02:45 | 00,592,018 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\PUPPIES!.pptx
[2009/04/22 22:32:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ggamobomagifinos.binGgamobomagifinos.bin
[2009/04/22 22:23:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ggamobomagifinos.bin
[2009/04/22 22:23:41 | 00,000,300 | ---- | C] () -- C:\WINDOWS\Urecafuvahohilof.dat
[2009/04/21 17:02:29 | 00,035,504 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\art history test 3 notes.docx
[2009/04/21 00:04:13 | 00,014,292 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film analysis final.docx
[2009/04/16 20:38:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/04/15 04:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scholar\Desktop\seminar for jesse
[2009/04/09 22:52:45 | 00,014,687 | ---- | C] () -- C:\Documents and Settings\Scholar\My Documents\film paper 6.docx
[2009/04/07 22:56:57 | 00,003,648 | ---- | C] () -- C:\Documents and Settings\Scholar\Desktop\kick.wav
[2009/02/24 23:23:27 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009/02/24 23:23:23 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2009/02/24 23:18:18 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009/02/24 23:18:02 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009/02/24 23:18:01 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009/02/24 23:18:00 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009/02/24 23:17:59 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009/02/24 23:17:58 | 01,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009/02/24 23:17:58 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009/02/24 23:17:57 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009/02/24 23:17:57 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009/02/24 23:17:56 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009/02/24 23:17:53 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009/02/24 23:17:52 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2009/02/24 23:17:50 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2009/02/24 23:17:49 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2008/08/27 23:04:44 | 00,000,280 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/08/22 13:10:52 | 00,000,337 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/05/01 12:26:29 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/04/30 09:36:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/30 09:36:23 | 00,000,589 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/14 16:35:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/14 13:09:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/05/14 13:09:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2007/05/14 13:08:37 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007/05/14 12:29:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/09 17:07:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2003/03/26 10:19:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2002/11/13 11:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2001/08/22 16:00:00 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\hbrxjowf.dll
[2001/08/22 16:00:00 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\rwbjkmt.dll
[2001/08/22 16:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/22 16:00:00 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\Scholar\My Documents\*.tmp files]
[2009/05/07 14:46:07 | 00,101,884 | ---- | M] () -- C:\WINDOWS\System32\drivers\7161cf21.sys
[2009/05/07 14:08:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/07 14:08:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Scholar\Local Settings\desktop.ini
[2009/05/07 14:03:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/07 14:03:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/05 23:39:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/05 18:33:36 | 00,015,446 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\terrorism paper.docx
[2009/05/05 16:22:30 | 00,145,737 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\Traitor.htm
[2009/05/05 03:09:42 | 00,017,846 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\history paper.docx
[2009/05/04 18:46:57 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Scholar\My Documents\~$story paper.docx
[2009/05/04 18:00:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/04 17:33:13 | 16,283,032 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\jre-6u13-windows-i586-p.exe
[2009/05/04 17:27:10 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/05/04 17:27:10 | 00,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/05/04 17:22:51 | 13,194,592 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\winzip120.exe
[2009/05/04 17:16:59 | 00,069,512 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\JavaRa.zip
[2009/05/04 01:04:38 | 00,137,825 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\walltowall.php
[2009/05/03 15:09:04 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scholar\Desktop\OTListIt2.exe
[2009/05/03 04:34:51 | 64,470,784 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Scholar\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/03 03:44:43 | 00,000,589 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/02 22:49:41 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\dds.scr
[2009/05/02 22:43:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\HijackThis.lnk
[2009/05/02 22:41:57 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Scholar\Desktop\HJTInstall.exe
[2009/05/02 21:45:03 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/02 00:37:57 | 00,000,217 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090502-003757.backup
[2009/05/02 00:37:57 | 00,000,175 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/02 00:01:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ggamobomagifinos.bin
[2009/04/27 01:48:25 | 00,037,944 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Dinosaur Class 1-12.docx
[2009/04/24 04:53:18 | 00,022,606 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film final.docx
[2009/04/23 12:04:21 | 00,094,965 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\TOP SECRET.pptx
[2009/04/23 12:02:46 | 00,592,018 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\PUPPIES!.pptx
[2009/04/23 01:05:35 | 00,000,300 | ---- | M] () -- C:\WINDOWS\Urecafuvahohilof.dat
[2009/04/22 23:02:50 | 00,014,292 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film analysis final.docx
[2009/04/22 22:32:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ggamobomagifinos.binGgamobomagifinos.bin
[2009/04/21 17:05:19 | 00,035,504 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\art history test 3 notes.docx
[2009/04/21 17:01:03 | 00,093,907 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Art History 1-27.docx
[2009/04/21 16:52:29 | 00,003,486 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\jump.celtx
[2009/04/21 16:10:39 | 00,004,912 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\The Door.celtx
[2009/04/21 03:26:06 | 00,014,687 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\film paper 6.docx
[2009/04/15 18:23:56 | 00,401,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 18:23:56 | 00,061,026 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 18:23:55 | 00,468,688 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 18:19:08 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/15 18:19:08 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/15 03:09:01 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/07 22:56:58 | 00,003,648 | ---- | M] () -- C:\Documents and Settings\Scholar\Desktop\kick.wav
[2009/04/07 16:30:09 | 00,012,655 | ---- | M] () -- C:\Documents and Settings\Scholar\My Documents\Winter.docx
< End of report >

I get the same error message, though.

Click Start -> Control Panel -> Internet Options
Go to the Connections tab and click on LAN Settings
If you've got anything check marked in the proxy server section, uncheck it.
Click Ok a couple times to get out and check IE again.

That took care of it.

Everything working normally now?