Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Running over 55% all the time


  • This topic is locked This topic is locked
19 replies to this topic

#1 GWE

GWE

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 11 May 2009 - 05:32 PM

I am working on a HP Pavilion a1700n system running Vista Home Premium. I have been told that nothing has been added to the system recently. A few days ago it started to run really sloooooooow. it can take over an hour to load some programs., so trouble shooting has been very hard. It runs fine in safe mode but not normal mode. Under safe mode the processor is running about 2-3% like it should but in normal it is not under 55%.

I have ran CLEANUP4.5, CCLEAN, MALWAREBYTES, and NORTON AV nothing has been found.

On one reboot the system stated it need to run SP1 but had trouble, so I used another systen downloaded SP1 from MS and copied it to the Vista system. It took 4 hours and gave the error message 0x800F081F and could not finish the upgrade.

I tried to run HJT in normal mode but got an error message that it could not access the HOST file without being an administrator. I tried to run HJT as administrator by right clicking the shortcut but got the error message that HJT is already running.

I rebooted into safe mode and reran HJT and included the logs in this post.

Any help would be greatly appreciated


Gordon


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:11 PM, on 5/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O18 - Protocol: bw+0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3C5A3D1C-D4DA-4AD2-8DD0-8D5A8386275E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\jodi\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 21435 bytes


Malwarebytes Log:

Malwarebytes' Anti-Malware 1.36
Database version: 2083
Windows 6.0.6000

5/11/2009 2:36:42 PM
mbam-log-2009-05-11 (14-36-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 236384
Time elapsed: 40 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:49 PM

Posted 26 May 2009 - 06:08 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 28 May 2009 - 01:47 AM

I have tried to remove problem programs so have made some changes.

The system has been tring to install updates but keeps failing. It has tried to install SP1 but failed half way through.

I have tried several ways to remove the failed SP1 but it does not show as an installed componet and I can not find any restore points.



Here is the current HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:13 PM, on 5/26/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehtray.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Dwm.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\werfault.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8052 bytes


Here is the DDS log


DDS (Ver_09-05-14.01) - NTFSx86
Run by jodi at 23:31:29.53 on Wed 05/27/2009
Internet Explorer: 7.0.6000.16830
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.447 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton AntiVirus *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dllhost.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\hp\kbd\kbd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\jodi\Desktop\dds.com
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: paypal.com\www
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-2-7 15172]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090520.001\IDSvix86.sys [2009-5-22 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2009-5-6 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-6 101936]
R3 ndicql;Watchdog Service;c:\windows\system32\drivers\ndicql.sys [2008-2-13 16896]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S4 SessionLauncher;SessionLauncher;c:\users\jodi\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\jodi\appdata\local\temp\dx9\SessionLauncher.exe [?]

=============== Created Last 30 ================

2009-05-22 17:59 39 a------- c:\windows\WININIT.INI
2009-05-09 23:06 49,152 a------- c:\windows\SPInstall.etl
2009-05-09 14:24 <DIR> --d----- c:\users\jodi\DoctorWeb
2009-05-09 14:20 <DIR> --d----- c:\program files\Trend Micro
2009-05-08 16:46 6,224 a------- c:\windows\CVRPAGE.BMP
2009-05-08 16:44 0 a------- c:\windows\brdfxspd.dat
2009-05-08 16:41 126,976 a------- c:\windows\system32\BrfxD05a.dll
2009-05-06 19:45 50 a------- c:\windows\system32\bridf06a.dat
2009-05-06 19:43 55,296 -------- c:\windows\system32\BrNetSti.dll
2009-05-06 19:43 37,376 -------- c:\windows\system32\Brnsplg.dll
2009-05-06 19:43 34,816 -------- c:\windows\system32\BrWiaNCp.dll
2009-05-06 19:36 66 a------- c:\windows\Brfaxrx.ini
2009-05-06 16:15 <DIR> --d----- c:\program files\Norton AntiVirus
2009-05-06 16:12 124,464 -------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-06 16:12 10,635 -------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-06 16:12 806 -------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-06 16:11 <DIR> --d----- c:\program files\Symantec
2009-05-06 13:12 <DIR> --d----- c:\program files\CCleaner
2009-05-06 10:22 <DIR> --d----- c:\windows\pss
2009-05-06 10:12 <DIR> --d----- c:\users\jodi\appdata\roaming\Malwarebytes
2009-05-06 10:11 15,504 -------- c:\windows\system32\drivers\mbam.sys
2009-05-06 10:11 38,496 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 10:11 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-06 10:11 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-06 10:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-05-10 23:38 51,200 a------- c:\windows\inf\infpub.dat
2009-05-09 12:10 86,016 a------- c:\windows\inf\infstor.dat
2009-05-09 12:10 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-02 13:12 20 ----h--- c:\programdata\PKP_DLec.DAT
2009-05-02 13:12 20 ----h--- c:\progra~2\PKP_DLec.DAT
2009-03-16 20:16 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 20:16 14,848 a------- c:\windows\system32\apilogen.dll
2009-03-16 20:16 25,600 a------- c:\windows\system32\amxread.dll
2009-03-02 21:24 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 21:24 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 21:20 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 21:19 158,720 a------- c:\windows\system32\sdohlp.dll
2009-03-02 21:19 549,888 a------- c:\windows\system32\rpcss.dll
2009-03-02 21:19 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 21:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-03-02 21:16 97,280 a------- c:\windows\system32\iasrecst.dll
2009-03-02 21:16 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-02 21:16 53,248 a------- c:\windows\system32\iasads.dll
2009-03-02 21:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-02 21:16 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 21:15 72,704 a------- c:\windows\system32\admparse.dll
2009-03-02 19:40 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 19:08 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-03-02 17:44 48,128 a------- c:\windows\system32\mshtmler.dll
2008-12-11 04:26 174 a--sh--- c:\program files\desktop.ini
2008-06-11 03:12 665,600 a------- c:\windows\inf\drvindex.dat
2007-03-06 22:31 568 a------- c:\users\jodi\appdata\roaming\wklnhst.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-13 15:59 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-13 15:59 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-13 15:59 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-22 10:19 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-09-22 10:19 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-09-22 10:19 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 23:33:44.56 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:49 PM

Posted 29 May 2009 - 01:56 PM

Hi GWE,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:


Firstly, there are signs of infection on your PC so I need to have a better look.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :)
Posted Image
m0le is a proud member of UNITE

#5 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 30 May 2009 - 02:06 AM

Thank you for your help. This has been very frustrating.

I tried to run GMER in both normal and safe modes but the system crashes with the BSOD.

It states that windows was shut down to prevent damage and gives

AAJASNKJ.SYS

PAGE_FAULT_IN_NONPAGED_AREA

as the cause.

I was able to run OTViewIt and here are the logs:

OTViewIt logfile created on: 5/29/2009 11:38:16 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\jodi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.94 Mb Total Physical Memory | 388.52 Mb Available Physical Memory | 43.46% Memory free
1.99 Gb Paging File | 1.37 Gb Available in Paging File | 68.59% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.62 Gb Total Space | 172.04 Gb Free Space | 75.91% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.46 Gb Total Space | 7.46 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JODI-PC
Current User Name: jodi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2006/11/02 02:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 02:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007/07/12 03:02:45 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 02:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/11/02 05:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
[2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
[2006/10/19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2006/11/02 05:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2006/11/02 05:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2006/11/02 02:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/21 18:08:58 | 00,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2007/02/05 16:52:12 | 00,849,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[2006/11/09 03:57:52 | 03,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2006/11/02 02:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
[2006/11/02 05:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008/01/18 04:02:10 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2006/11/02 05:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2009/02/22 22:16:37 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2006/11/02 05:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2005/02/02 08:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2006/11/02 02:45:54 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2008/10/16 14:09:43 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/05/29 13:34:02 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\jodi\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/08/23 13:35:30 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [Auto | Running])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006/11/01 23:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 05:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2007/09/04 03:01:31 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 05:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Auto | Running])
[2006/11/02 05:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/11/02 02:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2009/04/28 21:18:47 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/10/19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2007/08/23 13:35:22 | 03,192,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])
[2006/11/02 06:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Running])
[2006/11/02 05:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (RoxLiveShare10 [Disabled | Stopped])
[2006/11/02 02:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (SessionLauncher [Disabled | Stopped])
[2007/07/12 03:02:45 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 02:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found -- -- (stllssvr [Disabled | Stopped])
[2009/05/06 16:33:27 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2006/11/02 02:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 02:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Stopped])
[2006/11/02 05:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2006/11/02 05:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========

[2006/11/02 01:55:15 | 00,045,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 02:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 02:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 02:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 01:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 01:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/11/02 01:55:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2006/11/02 01:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/09/03 00:53:38 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])
[2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/09/03 00:53:54 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 01:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 01:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/02/13 04:09:10 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 02:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2006/11/02 02:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 01:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 01:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/11/02 01:51:04 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (dot4 [On_Demand | Stopped])
[2006/11/02 01:51:02 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2006/11/02 01:51:03 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2007/09/04 03:01:31 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 05:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2098/01/01 00:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2098/01/01 00:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2006/11/02 02:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 01:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/03/13 14:51:52 | 00,057,536 | ---- | M] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
[2007/06/27 13:04:14 | 00,071,488 | ---- | M] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
[2006/11/02 02:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/02 00:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/07/12 03:02:20 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 01:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 01:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/05/11 01:49:14 | 00,021,744 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2008/05/08 05:03:18 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/05/08 05:05:18 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2009/04/27 21:55:40 | 00,272,432 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys -- (IDSvix86 [System | Running])
[2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/08 12:09:24 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 01:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 02:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 01:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2006/11/02 01:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 01:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/06/19 07:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2007/12/16 02:56:45 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 02:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2007/07/12 03:05:32 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2007/01/19 09:53:42 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
[2007/01/19 09:53:43 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
[2008/08/25 18:11:59 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2007/12/12 04:04:39 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 02:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 02:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 01:55:12 | 00,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2006/11/02 02:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 02:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/02/13 04:06:25 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2098/01/01 00:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090529.032\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2098/01/01 00:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090529.032\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/01/18 14:57:28 | 00,016,896 | ---- | M] (CQL Corp.) -- C:\Windows\System32\drivers\ndicql.sys -- (ndicql [On_Demand | Running])
[2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 01:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/05/04 02:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
[2007/07/06 21:15:00 | 07,568,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 02:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Boot | Running])
[2007/07/02 17:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
[2006/11/02 02:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 02:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006/11/08 00:02:40 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\point32k.sys -- (Point32 [On_Demand | Running])
[2005/12/12 09:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2007/09/04 03:01:34 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/07/26 03:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/06/28 17:38:00 | 00,015,172 | ---- | M] (Prassi Technology) -- C:\Windows\System32\drivers\PzWDM.sys -- (PzWDM [Boot | Running])
[2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 05:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 02:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 01:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 02:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/02/13 04:09:07 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 01:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 01:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 01:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 02:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 01:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2009/03/17 12:56:58 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2006/11/02 02:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2007/12/12 04:04:39 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2007/12/12 04:04:39 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2009/02/19 13:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2009/05/06 16:40:33 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2009/02/19 13:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2009/02/19 13:31:42 | 00,024,112 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM [System | Running])
[2009/02/19 13:31:18 | 00,041,008 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2009/02/19 13:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2009/02/19 13:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 01:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 01:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 02:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2007/07/12 03:05:31 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2007/07/12 03:05:31 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 02:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 02:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 01:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 01:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 01:57:48 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2006/11/02 01:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 01:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 02:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 02:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 02:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 01:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 02:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/02/13 04:09:08 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2008/05/08 05:04:16 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/11/02 01:55:05 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB [On_Demand | Stopped])
[2006/11/02 01:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 01:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2007/10/18 07:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.msn.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://att.my.yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://att.my.yahoo.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"KBD"=C:\HP\KBD\KbdStub.EXE ()
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 13:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
paypal.com\www: https in Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
paypal.com\www: https in Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3308817596-3878474459-1549271132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab -- QuickTime Object
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/C/0...heckControl.cab -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{4C39376E-FA9D-4349-BACC-D305C1750EF3}: http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab -- EPUImageControl Class
{549F957E-2F89-11D6-8CFE-00C04F52B225}: http://coupons.smartsource.com/download/cscmv5X.cab -- CMV5 Class
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file:///C:/Windows/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{9EAF97E9-968E-4D8A-90B7-77683CA274C4} (Servers: | Description: Remote NDIS based Internet Sharing Device)
{BEC2F279-D76E-4329-9052-FAEC5EEC7874} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{E4617F1B-572B-4A3E-A5AB-061594BE81A1} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{E7FFF5A6-99E3-408C-A85B-87DB3CA33B2A} (Servers: | Description: NVIDIA nForce Networking Controller)
{F7B6DD7B-EF84-4DE4-A18B-1CCC58C0C83A} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 02:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 02:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2007/01/17 17:49:08 | 00,000,074 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b767588a-1c48-11dd-a6c8-001a9240be54}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b767588a-1c48-11dd-a6c8-001a9240be54}\Shell\AutoRun\command]
""=M:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\InstallSeagateManager.exe -- File not found

========== Files/Folders - Created Within 60 Days ==========

[1 C:\Users\jodi\Desktop\*.tmp files]
[2009/05/29 23:18:38 | 00,286,208 | ---- | C] () -- C:\Users\jodi\Desktop\lqmcbiy5.exe
[2009/05/29 23:18:35 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\jodi\Desktop\OTViewIt.exe
[2009/05/29 22:39:53 | 93,800,8576 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/29 14:40:54 | 23,315,2602 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/05/27 23:10:08 | 00,359,883 | ---- | C] () -- C:\Users\jodi\Desktop\dds.com
[2009/05/25 20:38:37 | 00,008,471 | ---- | C] () -- C:\Users\jodi\Documents\hijackthis 090525-1
[2009/05/22 17:59:17 | 00,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/05/09 23:06:01 | 00,081,920 | ---- | C] () -- C:\Windows\SPInstall.etl
[2009/05/09 22:27:23 | 00,000,000 | ---D | C] -- C:\Users\jodi\Desktop\Vista SP1
[2009/05/09 14:20:23 | 00,001,876 | ---- | C] () -- C:\Users\jodi\Desktop\HijackThis.lnk
[2009/05/09 14:20:21 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/08 16:46:02 | 00,006,224 | ---- | C] () -- C:\Windows\CVRPAGE.BMP
[2009/05/08 16:44:00 | 00,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/05/08 16:41:58 | 00,126,976 | ---- | C] (Brother Industries,LTD) -- C:\Windows\System32\BrfxD05a.dll
[2009/05/08 14:02:22 | 00,007,944 | ---- | C] () -- C:\Users\jodi\AppData\Local\d3d9caps.dat
[2009/05/06 19:45:42 | 00,000,050 | ---- | C] () -- C:\Windows\System32\bridf06a.dat
[2009/05/06 19:45:42 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2009/05/06 19:43:46 | 00,055,296 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2009/05/06 19:43:46 | 00,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2009/05/06 19:43:46 | 00,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2009/05/06 19:36:38 | 00,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/05/06 19:07:09 | 00,000,000 | ---D | C] -- C:\Users\jodi\Desktop\MFC-845CW
[2009/05/06 17:43:54 | 73,282,871 | ---- | C] (A.I.SOFT,INC.) -- C:\Users\jodi\Desktop\845INST-B.EXE
[2009/05/06 16:26:00 | 00,000,478 | ---- | C] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - jodi.job
[2009/05/06 16:24:48 | 00,002,141 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2009/05/06 16:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/05/06 16:12:05 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/05/06 16:12:05 | 00,010,635 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/05/06 16:12:05 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/05/06 16:11:06 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/05/06 14:55:59 | 00,000,000 | ---D | C] -- C:\Users\jodi\AppData\Local\NOS
[2009/05/06 14:54:18 | 00,000,082 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2009/05/06 13:15:34 | 00,033,050 | ---- | C] () -- C:\Users\jodi\Documents\cc_20090506_1315.reg
[2009/05/06 13:12:53 | 00,001,672 | ---- | C] () -- C:\Users\jodi\Desktop\CCleaner.lnk
[2009/05/06 13:12:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/06 10:22:19 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/05/06 10:12:28 | 00,000,000 | ---D | C] -- C:\Users\jodi\AppData\Roaming\Malwarebytes
[2009/05/06 10:11:40 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/06 10:11:40 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/06 10:11:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/06 10:11:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/06 10:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/05 20:46:32 | 00,000,162 | -H-- | C] () -- C:\Users\jodi\Documents\~$rreya ruth outline.doc
[2009/05/05 20:46:30 | 00,032,256 | ---- | C] () -- C:\Users\jodi\Documents\larreya ruth outline.doc
[2009/05/04 12:52:22 | 00,000,000 | ---D | C] -- C:\Users\jodi\Desktop\unused icons
[2009/04/15 19:38:03 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/15 19:38:01 | 00,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/15 19:38:00 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/15 19:37:51 | 00,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/15 19:37:49 | 03,503,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/15 19:37:49 | 03,469,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/15 19:37:49 | 00,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/15 19:37:48 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/15 19:37:48 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/15 19:37:48 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/15 19:37:48 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/15 19:37:48 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/15 19:37:42 | 01,233,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/15 19:37:42 | 00,875,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/15 19:37:42 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/15 19:37:41 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/15 19:37:41 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/15 19:37:41 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/04/15 19:37:35 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/15 19:37:34 | 03,595,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/15 19:37:33 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/15 19:37:32 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/15 19:37:32 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/15 19:37:31 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/15 19:37:31 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/15 19:37:31 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/04/15 19:37:31 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/15 19:37:31 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/15 19:37:31 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/15 19:37:30 | 01,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/04/15 19:37:30 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/04/15 19:37:30 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/04/15 19:37:30 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/15 19:37:29 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/04/15 19:37:29 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/15 19:37:28 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/15 19:37:28 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/04/15 19:37:28 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/04/15 19:37:27 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/04/15 19:37:27 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/04/15 19:37:27 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/04/15 19:37:27 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/04/15 19:37:26 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/04/15 19:37:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/15 19:37:25 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/04/15 19:37:25 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/04/15 19:37:24 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/15 19:37:24 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/04/12 15:21:25 | 00,000,162 | -H-- | C] () -- C:\Users\jodi\Desktop\~$oncert.doc
[2009/04/08 22:06:01 | 00,023,040 | ---- | C] () -- C:\Users\jodi\Documents\revenge of the whale.doc
[2009/03/31 20:25:31 | 00,000,162 | -H-- | C] () -- C:\Users\jodi\Desktop\~$rreya Hayden rough.doc

========== Files - Modified Within 60 Days ==========

[1 C:\Users\jodi\Documents\*.tmp files]
[1 C:\Users\jodi\Desktop\*.tmp files]
[2009/05/29 23:40:07 | 00,003,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/29 23:40:07 | 00,003,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/29 22:41:50 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9C155FA1-2F4F-4082-990B-E556A61A2570}.job
[2009/05/29 22:40:10 | 00,000,000 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2009/05/29 22:39:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/29 22:39:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/29 22:39:53 | 93,800,8576 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/29 15:28:17 | 23,315,2602 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/29 13:34:02 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\jodi\Desktop\OTViewIt.exe
[2009/05/29 13:33:48 | 00,286,208 | ---- | M] () -- C:\Users\jodi\Desktop\lqmcbiy5.exe
[2009/05/28 22:13:25 | 00,081,920 | ---- | M] () -- C:\Windows\SPInstall.etl
[2009/05/28 22:12:58 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/05/27 00:30:31 | 00,007,944 | ---- | M] () -- C:\Users\jodi\AppData\Local\d3d9caps.dat
[2009/05/26 22:35:30 | 00,359,883 | ---- | M] () -- C:\Users\jodi\Desktop\dds.com
[2009/05/26 22:22:02 | 00,131,744 | ---- | M] () -- C:\Users\jodi\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/25 20:38:55 | 00,008,471 | ---- | M] () -- C:\Users\jodi\Documents\hijackthis 090525-1
[2009/05/25 20:02:12 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - jodi.job
[2009/05/25 10:15:55 | 00,733,440 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/25 10:15:55 | 00,629,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/25 10:15:55 | 00,108,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/25 10:15:00 | 00,007,680 | ---- | M] () -- C:\Users\jodi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/22 18:24:47 | 00,453,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/22 18:14:55 | 00,001,672 | ---- | M] () -- C:\Users\jodi\Desktop\CCleaner.lnk
[2009/05/22 17:59:17 | 00,000,039 | ---- | M] () -- C:\Windows\WININIT.INI
[2009/05/09 14:20:23 | 00,001,876 | ---- | M] () -- C:\Users\jodi\Desktop\HijackThis.lnk
[2009/05/09 12:42:20 | 00,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2009/05/09 12:39:23 | 00,000,225 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2009/05/09 12:39:23 | 00,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2009/05/09 12:31:52 | 00,000,050 | ---- | M] () -- C:\Windows\System32\bridf06a.dat
[2009/05/06 17:07:04 | 73,282,871 | ---- | M] (A.I.SOFT,INC.) -- C:\Users\jodi\Desktop\845INST-B.EXE
[2009/05/06 16:40:33 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/05/06 16:40:33 | 00,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/05/06 16:40:33 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/05/06 16:24:48 | 00,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2009/05/06 14:54:17 | 00,000,082 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2009/05/06 13:15:55 | 00,033,050 | ---- | M] () -- C:\Users\jodi\Documents\cc_20090506_1315.reg
[2009/05/06 10:11:40 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/06 09:56:58 | 00,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2009/05/06 09:56:58 | 00,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2009/05/05 20:46:32 | 00,032,256 | ---- | M] () -- C:\Users\jodi\Documents\larreya ruth outline.doc
[2009/05/05 20:46:32 | 00,000,162 | -H-- | M] () -- C:\Users\jodi\Documents\~$rreya ruth outline.doc
[2009/05/02 13:12:09 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/12 15:21:25 | 00,000,162 | -H-- | M] () -- C:\Users\jodi\Desktop\~$oncert.doc
[2009/04/08 22:06:03 | 00,023,040 | ---- | M] () -- C:\Users\jodi\Documents\revenge of the whale.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/31 20:25:31 | 00,000,162 | -H-- | M] () -- C:\Users\jodi\Desktop\~$rreya Hayden rough.doc
< End of report >


OTViewIt Extras logfile created on: 5/29/2009 11:38:16 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\jodi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.94 Mb Total Physical Memory | 388.52 Mb Available Physical Memory | 43.46% Memory free
1.99 Gb Paging File | 1.37 Gb Available in Paging File | 68.59% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.62 Gb Total Space | 172.04 Gb Free Space | 75.91% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.46 Gb Total Space | 7.46 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JODI-PC
Current User Name: jodi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
"DoNotAllowExceptions"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/08/30 05:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/12/10 18:01:36 | 00,201,992 | ---- | M] (Libronix Corporation) C:\Program Files\Libronix DLS\System\FileProt.dll (lbxfile:{56831180-F115-11d2-B6AA-00104B2B9943} (HKLM) [Libronix File Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/12/10 18:02:08 | 00,136,456 | ---- | M] (Libronix Corporation) C:\Program Files\Libronix DLS\System\ResProt.dll (lbxres:{24508F1B-9E94-40EE-9759-9AF5795ADF52} (HKLM) [Libronix ResProtocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 02:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009/04/28 21:17:28 | 00,470,512 | ---- | M] (Google Inc.) C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll x-sdch:{B1759355-3EEC-4C1E-B0F1-B719FE26E377} (HKLM) [Google Dictionary Compression filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008739FA-4232-45BE-A58B-00B1C6998BFD}"=Costco Photo Organizer
"{0373779B-A362-4B2E-B8E9-7442F19F9394}"=HP Total Care Advisor
"{098122AB-C605-4853-B441-C0A4EB359B75}"=DirectXInstallService
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}"=PSSWCORE
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}"=Microsoft IntelliPoint 6.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{19991EAD-C273-47EB-87E8-0D274925230B}"=OEB Resource Driver
"{19B8D6EE-C65F-466F-8F10-FEBED7369656}"=SymNet
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{25F6C900-C138-4888-A56C-91D3D063023A}"=HP Update
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}"=Norton AntiVirus Help
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}"=HP Easy Setup - Frontend
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{4343B319-4517-48A4-81C1-4D8B38A95184}"=Symantec Real Time Storage Protection Component
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}"=Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}"=HP Picasso Media Center Add-In
"{567885A3-D921-443F-9704-9964D1D8EE33}"=Pocket e-Sword (2005)
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}"=Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}"=Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}"=Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}"=Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}"=LibronixUpdate
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}"=LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}"=PDF Resource Driver
"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}"=PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{72CB5335-6D2A-4207-B811-6CB6C6925039}"=Batch Update
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}"=Python 2.4.3
"{76D1AA2B-A434-4D63-BE2C-80286F23C223}"=Microsoft Interop Forms Redistributable Package 2.0a
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}"=HP Photosmart Essential2.5
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8F3CF9E1-D738-4C2B-8193-F45AC8B0EC7C}"=Windows Vista Upgrade Advisor
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}"=Windows Mobile Device Center
"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}"=HP Customer Feedback
"{A0EFB06D-0C7C-4A85-B1D3-65AF82536A7B}"=Sentence Diagramming
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B63E73E0-B0DE-4030-B37E-D315636D99BE}"=GX-1 Installer
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}"=muvee autoProducer 5.0
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}"=Microsoft IntelliType Pro 6.1
"{CA0AF735-4583-413E-897F-E91A237EE2E1}"=Libronix DLS Shortcuts
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC351B44-5610-43C5-81E6-A2C760CB0A20}"=Graphical Query Editor
"{D0CE0D3A-6F06-43B7-93B2-46EED1E00B1D}"=Clause Visualizer
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}"=Microsoft Primary Interoperability Assemblies 2005
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1
"{E53A24DC-F90E-4372-937C-77E23DE0932B}"=Z 39.50 Library
"{E7044E25-3038-4A76-9064-344AC038043E}"=Windows Mobile Device Center Driver Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{EC877639-07AB-495C-BFD1-D63AF9140810}"=Roxio Activation Module
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}"=HP Easy Setup - Core
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}"=PictureProject
"2Wire SetupWiz"=AT&T Yahoo! High Speed Internet Home Networking Installer
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"ATT-AACE"=ATT-AACE
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1"=Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows2.0"=Coupon Printer for Windows
"HijackThis"=HijackThis 2.0.2
"HP Photosmart Essential"=HP Photosmart Essential 2.0
"HPOOVClient-6811507 Uninstaller"=HP Connections (remove only)
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"Libronix DLS"=Libronix Digital Library System
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSNINST"=MSN
"MVApplication1"=SureThing CD Labeler 4 SE - MicroBoards Edition
"NVIDIA Drivers"=NVIDIA Drivers
"PROR"=Microsoft Office Professional 2007 Trial
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus (Symantec Corporation)
"TTB000001.TTB000001Toolbar"=CouponBar
"Xpress Mail Professional Edition"=Xpress Mail Professional Edition
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar
"Zulu2(E)"=PrassiTech Zulu2 (E)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2008 7:18:33 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/21/2008 7:18:34 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/21/2008 7:18:34 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/21/2008 7:18:35 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/21/2008 7:18:35 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/21/2008 7:18:35 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/21/2008 7:18:35 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/21/2008 7:18:36 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/21/2008 7:18:37 PM | Computer Name = JODI-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 8/29/2008 6:23:18 AM | Computer Name = JODI-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\jodi\Desktop\drvupdate-amd64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 12/20/2007 9:12:13 PM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/21/2007 12:08:51 AM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/21/2007 7:08:31 PM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/18/2008 7:21:01 AM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/22/2008 2:37:15 AM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/22/2008 1:31:55 PM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/25/2008 1:03:45 AM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/27/2008 12:08:28 PM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 11:19:52 AM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 6:50:53 AM | Computer Name = JODI-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 10/25/2007 10:56:36 AM | Computer Name = JODI-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 265
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/30/2009 1:36:29 AM | Computer Name = JODI-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/30/2009 1:36:35 AM | Computer Name = JODI-PC | Source = DCOM | ID = 10005
Description =

Error - 5/30/2009 1:36:40 AM | Computer Name = JODI-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/30/2009 1:38:46 AM | Computer Name = JODI-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.

Error - 5/30/2009 1:38:46 AM | Computer Name = JODI-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 5/30/2009 1:40:07 AM | Computer Name = JODI-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 5/30/2009 1:49:46 AM | Computer Name = JODI-PC | Source = DCOM | ID = 10005
Description =

Error - 5/30/2009 2:05:45 AM | Computer Name = JODI-PC | Source = DCOM | ID = 10005
Description =

Error - 5/30/2009 2:05:47 AM | Computer Name = JODI-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description =

Error - 5/30/2009 2:05:47 AM | Computer Name = JODI-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:49 PM

Posted 30 May 2009 - 08:07 AM

Hi GWE,

Let's try this

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image


Double click on Combo-Fix.exe & follow the prompts.
[list]When finished, it will produce a report for you.

Please post the C:\ComboFix.txt
Posted Image
m0le is a proud member of UNITE

#7 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 30 May 2009 - 07:26 PM

here is the ComboFix Log:



ComboFix 09-05-30.03 - jodi 05/30/2009 17:07.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.289 [GMT -7:00]
Running from: c:\users\jodi\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Norton AntiVirus *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 00:17 . 2009-05-31 00:18 -------- d-----w c:\users\jodi\AppData\Local\temp
2009-05-30 15:10 . 2098-01-01 07:00 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\NAVEX32A.DLL
2009-05-30 15:10 . 2098-01-01 07:00 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\NAVENG.SYS
2009-05-30 15:10 . 2098-01-01 07:00 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\NAVEX15.SYS
2009-05-30 15:10 . 2098-01-01 07:00 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\EECTRL.SYS
2009-05-30 15:10 . 2098-01-01 07:00 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\ECMSVR32.DLL
2009-05-30 15:10 . 2098-01-01 07:00 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\NAVENG32.DLL
2009-05-30 15:10 . 2098-01-01 07:00 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\ERASER.SYS
2009-05-30 15:10 . 2098-01-01 07:00 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\CCERASER.DLL
2009-05-30 11:03 . 2098-01-01 07:00 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.041\NAVEX15.SYS
2009-05-30 11:03 . 2098-01-01 07:00 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.041\NAVEX32A.DLL
2009-05-30 11:03 . 2098-01-01 07:00 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.041\NAVENG.SYS
2009-05-30 11:03 . 2098-01-01 07:00 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.041\EECTRL.SYS
2009-05-30 11:03 . 2098-01-01 07:00 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.041\ECMSVR32.DLL
2009-05-30 11:03 . 2098-01-01 07:00 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.041\CCERASER.DLL
2009-05-30 11:03 . 2098-01-01 07:00 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.041\NAVENG32.DLL
2009-05-30 11:03 . 2098-01-01 07:00 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.041\ERASER.SYS
2009-05-30 07:00 . 2009-05-30 07:00 81664 ----a-w C:\aajasnkj.sys
2009-05-30 02:26 . 2098-01-01 07:00 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.032\NAVENG.SYS
2009-05-30 02:26 . 2098-01-01 07:00 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.032\NAVEX15.SYS
2009-05-30 02:26 . 2098-01-01 07:00 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.032\NAVENG32.DLL
2009-05-30 02:26 . 2098-01-01 07:00 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.032\NAVEX32A.DLL
2009-05-30 02:26 . 2098-01-01 07:00 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.032\ERASER.SYS
2009-05-30 02:26 . 2098-01-01 07:00 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.032\EECTRL.SYS
2009-05-30 02:26 . 2098-01-01 07:00 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.032\ECMSVR32.DLL
2009-05-30 02:26 . 2098-01-01 07:00 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090529.032\CCERASER.DLL
2009-05-30 02:25 . 2009-04-28 04:55 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSxpx86.dll
2009-05-30 02:25 . 2009-04-28 04:55 439672 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\Scxpx86.dll
2009-05-30 02:25 . 2009-04-28 04:55 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSCo.sys
2009-05-30 02:25 . 2009-04-28 04:55 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSI.dll
2009-05-30 02:25 . 2009-04-28 04:55 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSviA64.sys
2009-05-30 02:25 . 2009-04-28 04:55 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys
2009-05-30 02:25 . 2009-04-28 04:55 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDS9xx86.dll
2009-05-23 02:22 . 2009-05-23 02:22 738120 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-23 02:14 . 2009-05-23 02:14 416128 ----a-w c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-23 00:42 . 2009-04-28 04:55 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSI.dll
2009-05-23 00:42 . 2009-04-28 04:55 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSxpx86.dll
2009-05-23 00:42 . 2009-04-28 04:55 439672 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\Scxpx86.dll
2009-05-23 00:42 . 2009-04-28 04:55 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSviA64.sys
2009-05-23 00:42 . 2009-04-28 04:55 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSvix86.sys
2009-05-23 00:42 . 2009-04-28 04:55 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSCo.sys
2009-05-23 00:42 . 2009-04-28 04:55 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDS9xx86.dll
2009-05-09 21:24 . 2009-05-09 21:24 -------- d-----w c:\users\jodi\DoctorWeb
2009-05-09 21:20 . 2009-05-09 21:20 -------- d-----w c:\program files\Trend Micro
2009-05-08 23:44 . 2003-11-29 01:57 0 ----a-w c:\windows\brdfxspd.dat
2009-05-08 23:41 . 2006-01-17 08:03 126976 ----a-w c:\windows\system32\BrfxD05a.dll
2009-05-08 22:42 . 2009-05-08 22:42 -------- d-----w c:\windows\system32\config\systemprofile\{f7d1e24b-bea1-4f50-b49a-53222c25f29d}
2009-05-08 21:02 . 2009-05-27 07:30 7944 ----a-w c:\users\jodi\AppData\Local\d3d9caps.dat
2009-05-07 02:45 . 2009-05-09 19:31 50 ----a-w c:\windows\system32\bridf06a.dat
2009-05-07 02:43 . 2006-10-10 23:19 37376 ------w c:\windows\system32\Brnsplg.dll
2009-05-07 02:43 . 2006-08-09 21:08 55296 ------w c:\windows\system32\BrNetSti.dll
2009-05-07 02:43 . 2006-07-05 21:22 34816 ------w c:\windows\system32\BrWiaNCp.dll
2009-05-06 23:36 . 2007-12-06 00:11 10088 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NAVLUReg.dll
2009-05-06 23:36 . 2007-12-04 00:32 8536 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll
2009-05-06 23:34 . 2008-10-17 22:52 9576 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCCMNLUM.DLL
2009-05-06 23:34 . 2007-11-22 00:30 9096 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2009-05-06 23:33 . 2007-12-04 00:33 9048 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-05-06 23:25 . 2009-04-28 04:55 439672 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\scxpx86.dll
2009-05-06 23:25 . 2009-04-28 04:55 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvia64.sys
2009-05-06 23:25 . 2009-04-28 04:55 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvix86.sys
2009-05-06 23:25 . 2009-04-28 04:55 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\ids9xx86.dll
2009-05-06 23:25 . 2009-04-28 04:55 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\idsxpx86.dll
2009-05-06 23:25 . 2009-04-28 04:55 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\symidsco.sys
2009-05-06 23:25 . 2009-04-28 04:55 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\SymIDSI.dll
2009-05-06 23:15 . 2009-05-06 23:55 -------- d-----w c:\program files\Norton AntiVirus
2009-05-06 23:12 . 2009-05-06 23:40 124464 ------w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-06 23:11 . 2009-05-06 23:40 -------- d-----w c:\program files\Symantec
2009-05-06 22:43 . 2098-01-01 07:00 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-05-06 22:43 . 2098-01-01 07:00 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-05-06 22:43 . 2098-01-01 07:00 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-05-06 22:43 . 2098-01-01 07:00 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-05-06 22:43 . 2098-01-01 07:00 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-05-06 22:43 . 2098-01-01 07:00 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-06 22:43 . 2098-01-01 07:00 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-05-06 22:43 . 2098-01-01 07:00 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-05-06 21:55 . 2009-05-06 21:55 -------- d-----w c:\users\jodi\AppData\Local\NOS
2009-05-06 20:12 . 2009-05-23 01:14 -------- d-----w c:\program files\CCleaner
2009-05-06 17:14 . 2009-05-06 17:14 2967799 ----a-w c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-06 17:12 . 2009-05-06 17:12 -------- d-----w c:\users\jodi\AppData\Roaming\Malwarebytes
2009-05-06 17:11 . 2009-04-06 22:32 15504 ------w c:\windows\system32\drivers\mbam.sys
2009-05-06 17:11 . 2009-04-06 22:32 38496 ------w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 17:11 . 2009-05-06 17:11 -------- d-----w c:\programdata\Malwarebytes
2009-05-06 17:11 . 2009-05-06 17:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 22:57 . 2007-08-31 23:10 12 ----a-w c:\windows\bthservsdp.dat
2009-05-27 05:22 . 2007-02-18 22:48 131744 ----a-w c:\users\jodi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-25 05:12 . 2007-03-18 14:48 -------- d-----w c:\users\jodi\AppData\Roaming\Apple Computer
2009-05-25 05:02 . 2007-01-18 00:57 -------- d-----w c:\program files\Yahoo!
2009-05-25 05:02 . 2007-08-31 22:40 -------- d-----w c:\users\jodi\AppData\Roaming\Yahoo!
2009-05-25 03:44 . 2007-01-18 00:46 -------- d-----w c:\programdata\WildTangent
2009-05-25 01:59 . 2007-01-18 00:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-25 01:59 . 2007-01-18 00:52 -------- d-----w c:\program files\Hewlett-Packard
2009-05-09 22:32 . 2007-07-03 02:41 -------- d-----w c:\programdata\Yahoo!
2009-05-09 00:00 . 2007-10-11 00:54 -------- d-----w c:\program files\Brother
2009-05-08 22:27 . 2007-01-18 00:47 -------- d-----w c:\program files\Roxio
2009-05-08 22:22 . 2007-01-18 00:47 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-08 22:21 . 2007-01-18 00:47 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-05-08 22:10 . 2007-02-21 04:03 -------- d-----w c:\programdata\Roxio
2009-05-06 23:55 . 2007-01-18 00:58 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-06 23:40 . 2009-05-06 23:12 806 ------w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-06 23:40 . 2009-05-06 23:12 10635 ------w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-06 23:33 . 2007-01-18 00:58 -------- d-----w c:\programdata\Symantec
2009-05-04 19:54 . 2007-12-13 06:04 -------- d-----w c:\users\jodi\AppData\Roaming\Costco Photo Organizer
2009-05-02 20:12 . 2007-12-12 23:53 20 ---h--w c:\programdata\PKP_DLec.DAT
2009-04-16 10:15 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 10:07 . 2007-03-10 21:11 -------- d-----w c:\programdata\Microsoft Help
2009-03-17 03:16 . 2009-04-16 02:37 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 02:37 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 02:37 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 02:37 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 02:37 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 02:37 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 02:37 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 02:37 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 02:37 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 02:37 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 02:37 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 02:37 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 02:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 02:37 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 02:37 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 02:37 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 02:37 48128 ----a-w c:\windows\system32\mshtmler.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-07 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-07 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-07 8466432]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StupAssist.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StupAssist.lnk
backup=c:\windows\pss\StupAssist.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C26E2428-D39B-4195-B612-B633199E9AD8}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6D5865B9-33B6-4392-8817-ACC5BD6EC61E}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{8F1AC832-FA08-41B5-BA07-21D0BB33E918}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{FBBD64FC-AD92-4D08-9B69-18904D3C9AE3}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{82931695-04F3-4695-86E8-6C7F7012C7F9}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{F005862C-4C62-4CD9-A2A8-DE9AC35E8AB8}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{920F0572-488C-4D72-95DB-5F3866E14789}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CE2215A8-A65E-4108-8784-2B251D44DA56}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{18D0B124-71DB-4D54-91A6-C4E05A86100F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{00FC659F-B5C2-4B81-B9C3-6245D2CA3A92}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8AFC4557-40ED-4F8E-B60A-AF053FE61B95}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{50E2FA48-FD25-4719-86B7-9AA942AC7738}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4227A293-E35A-4DB6-B2F4-739816100FA6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AE9E1B41-E08F-4206-A61F-518DD13A3868}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{85C8D69E-25C3-4A22-A62C-A9E0CC1147C4}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{323D04AC-4516-415E-BF59-FB510DA06B02}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{540B0582-77BE-4533-8607-A638C93CFBF3}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{82FC9D54-8E97-483B-85E6-83FFB5CF48BA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2CC2DBB1-202C-4AF4-AC75-8E9256195074}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9AD24314-52FA-4A0E-AD24-0F2BBCA74542}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{27E47E7B-B838-4EE4-8D11-97B86C198B65}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 PzWDM;PzWDM;c:\windows\System32\drivers\PzWDM.sys [2/7/2009 3:21 PM 15172]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090528.001\IDSvix86.sys [5/29/2009 7:25 PM 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [5/6/2009 4:34 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/6/2009 4:50 PM 101936]
R3 ndicql;Watchdog Service;c:\windows\System32\drivers\ndicql.sys [2/13/2008 6:16 PM 16896]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 1:31 PM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [5/29/2007 1:55 PM 23888]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S4 SessionLauncher;SessionLauncher;c:\users\jodi\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\jodi\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - jodi.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{9C155FA1-2F4F-4082-990B-E556A61A2570}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: paypal.com\www
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 17:17
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-31 17:20
ComboFix-quarantined-files.txt 2009-05-31 00:19

Pre-Run: 182,948,057,088 bytes free
Post-Run: 184,449,576,960 bytes free

276 --- E O F --- 2009-05-27 03:10

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:49 PM

Posted 31 May 2009 - 10:31 AM

Hi GWE,

Let's rerun Combofix as below:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\System32\drivers\ndicql.sys

Driver::
ndicql


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please post a new DDS log too. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 01 June 2009 - 12:51 AM

Here are the logs


ComboFix Log



ComboFix 09-05-30.03 - jodi 05/31/2009 19:13.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.894.158 [GMT -7:00]
Running from: c:\users\jodi\Desktop\Combo-Fix.exe
Command switches used :: c:\users\jodi\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Norton AntiVirus *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\System32\drivers\ndicql.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\ndicql.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ndicql


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 02:18 . 2009-06-01 02:27 -------- d-----w c:\users\jodi\AppData\Local\temp
2009-05-31 03:05 . 2098-01-01 07:00 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.017\NAVENG.SYS
2009-05-31 03:05 . 2098-01-01 07:00 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.017\NAVEX15.SYS
2009-05-31 03:05 . 2098-01-01 07:00 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.017\EECTRL.SYS
2009-05-31 03:05 . 2098-01-01 07:00 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.017\ECMSVR32.DLL
2009-05-31 03:05 . 2098-01-01 07:00 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.017\NAVENG32.DLL
2009-05-31 03:05 . 2098-01-01 07:00 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.017\NAVEX32A.DLL
2009-05-31 03:05 . 2098-01-01 07:00 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.017\ERASER.SYS
2009-05-31 03:05 . 2098-01-01 07:00 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.017\CCERASER.DLL
2009-05-30 15:10 . 2098-01-01 07:00 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\NAVEX32A.DLL
2009-05-30 15:10 . 2098-01-01 07:00 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\NAVENG.SYS
2009-05-30 15:10 . 2098-01-01 07:00 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\NAVEX15.SYS
2009-05-30 15:10 . 2098-01-01 07:00 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\EECTRL.SYS
2009-05-30 15:10 . 2098-01-01 07:00 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\ECMSVR32.DLL
2009-05-30 15:10 . 2098-01-01 07:00 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\NAVENG32.DLL
2009-05-30 15:10 . 2098-01-01 07:00 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\ERASER.SYS
2009-05-30 15:10 . 2098-01-01 07:00 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090530.003\CCERASER.DLL
2009-05-30 07:00 . 2009-05-30 07:00 81664 ----a-w C:\aajasnkj.sys
2009-05-30 02:25 . 2009-04-28 04:55 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSxpx86.dll
2009-05-30 02:25 . 2009-04-28 04:55 439672 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\Scxpx86.dll
2009-05-30 02:25 . 2009-04-28 04:55 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSCo.sys
2009-05-30 02:25 . 2009-04-28 04:55 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSI.dll
2009-05-30 02:25 . 2009-04-28 04:55 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSviA64.sys
2009-05-30 02:25 . 2009-04-28 04:55 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys
2009-05-30 02:25 . 2009-04-28 04:55 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDS9xx86.dll
2009-05-23 02:22 . 2009-05-23 02:22 738120 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-23 02:14 . 2009-05-23 02:14 416128 ----a-w c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-23 00:42 . 2009-04-28 04:55 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSI.dll
2009-05-23 00:42 . 2009-04-28 04:55 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSxpx86.dll
2009-05-23 00:42 . 2009-04-28 04:55 439672 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\Scxpx86.dll
2009-05-23 00:42 . 2009-04-28 04:55 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSviA64.sys
2009-05-23 00:42 . 2009-04-28 04:55 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSvix86.sys
2009-05-23 00:42 . 2009-04-28 04:55 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSCo.sys
2009-05-23 00:42 . 2009-04-28 04:55 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDS9xx86.dll
2009-05-09 21:24 . 2009-05-09 21:24 -------- d-----w c:\users\jodi\DoctorWeb
2009-05-09 21:20 . 2009-05-09 21:20 -------- d-----w c:\program files\Trend Micro
2009-05-08 23:44 . 2003-11-29 01:57 0 ----a-w c:\windows\brdfxspd.dat
2009-05-08 23:41 . 2006-01-17 08:03 126976 ----a-w c:\windows\system32\BrfxD05a.dll
2009-05-08 22:42 . 2009-05-08 22:42 -------- d-----w c:\windows\system32\config\systemprofile\{f7d1e24b-bea1-4f50-b49a-53222c25f29d}
2009-05-08 21:02 . 2009-05-27 07:30 7944 ----a-w c:\users\jodi\AppData\Local\d3d9caps.dat
2009-05-07 02:45 . 2009-05-09 19:31 50 ----a-w c:\windows\system32\bridf06a.dat
2009-05-07 02:43 . 2006-10-10 23:19 37376 ------w c:\windows\system32\Brnsplg.dll
2009-05-07 02:43 . 2006-08-09 21:08 55296 ------w c:\windows\system32\BrNetSti.dll
2009-05-07 02:43 . 2006-07-05 21:22 34816 ------w c:\windows\system32\BrWiaNCp.dll
2009-05-06 23:36 . 2007-12-06 00:11 10088 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NAVLUReg.dll
2009-05-06 23:36 . 2007-12-04 00:32 8536 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll
2009-05-06 23:34 . 2008-10-17 22:52 9576 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCCMNLUM.DLL
2009-05-06 23:34 . 2007-11-22 00:30 9096 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2009-05-06 23:33 . 2007-12-04 00:33 9048 ----a-w c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-05-06 23:25 . 2009-04-28 04:55 439672 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\scxpx86.dll
2009-05-06 23:25 . 2009-04-28 04:55 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvia64.sys
2009-05-06 23:25 . 2009-04-28 04:55 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvix86.sys
2009-05-06 23:25 . 2009-04-28 04:55 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\ids9xx86.dll
2009-05-06 23:25 . 2009-04-28 04:55 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\idsxpx86.dll
2009-05-06 23:25 . 2009-04-28 04:55 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\symidsco.sys
2009-05-06 23:25 . 2009-04-28 04:55 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\SymIDSI.dll
2009-05-06 23:15 . 2009-05-06 23:55 -------- d-----w c:\program files\Norton AntiVirus
2009-05-06 23:12 . 2009-05-06 23:40 124464 ------w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-06 23:11 . 2009-05-06 23:40 -------- d-----w c:\program files\Symantec
2009-05-06 22:43 . 2098-01-01 07:00 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-05-06 22:43 . 2098-01-01 07:00 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-05-06 22:43 . 2098-01-01 07:00 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-05-06 22:43 . 2098-01-01 07:00 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-05-06 22:43 . 2098-01-01 07:00 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-05-06 22:43 . 2098-01-01 07:00 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-06 22:43 . 2098-01-01 07:00 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-05-06 22:43 . 2098-01-01 07:00 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-05-06 21:55 . 2009-05-06 21:55 -------- d-----w c:\users\jodi\AppData\Local\NOS
2009-05-06 20:12 . 2009-05-23 01:14 -------- d-----w c:\program files\CCleaner
2009-05-06 17:14 . 2009-05-06 17:14 2967799 ----a-w c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-06 17:12 . 2009-05-06 17:12 -------- d-----w c:\users\jodi\AppData\Roaming\Malwarebytes
2009-05-06 17:11 . 2009-04-06 22:32 15504 ------w c:\windows\system32\drivers\mbam.sys
2009-05-06 17:11 . 2009-04-06 22:32 38496 ------w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 17:11 . 2009-05-06 17:11 -------- d-----w c:\programdata\Malwarebytes
2009-05-06 17:11 . 2009-05-06 17:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 02:19 . 2007-08-31 23:10 12 ----a-w c:\windows\bthservsdp.dat
2009-05-27 05:22 . 2007-02-18 22:48 131744 ----a-w c:\users\jodi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-25 05:12 . 2007-03-18 14:48 -------- d-----w c:\users\jodi\AppData\Roaming\Apple Computer
2009-05-25 05:02 . 2007-01-18 00:57 -------- d-----w c:\program files\Yahoo!
2009-05-25 05:02 . 2007-08-31 22:40 -------- d-----w c:\users\jodi\AppData\Roaming\Yahoo!
2009-05-25 03:44 . 2007-01-18 00:46 -------- d-----w c:\programdata\WildTangent
2009-05-25 01:59 . 2007-01-18 00:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-25 01:59 . 2007-01-18 00:52 -------- d-----w c:\program files\Hewlett-Packard
2009-05-09 22:32 . 2007-07-03 02:41 -------- d-----w c:\programdata\Yahoo!
2009-05-09 00:00 . 2007-10-11 00:54 -------- d-----w c:\program files\Brother
2009-05-08 22:27 . 2007-01-18 00:47 -------- d-----w c:\program files\Roxio
2009-05-08 22:22 . 2007-01-18 00:47 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-08 22:21 . 2007-01-18 00:47 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-05-08 22:10 . 2007-02-21 04:03 -------- d-----w c:\programdata\Roxio
2009-05-06 23:55 . 2007-01-18 00:58 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-06 23:40 . 2009-05-06 23:12 806 ------w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-06 23:40 . 2009-05-06 23:12 10635 ------w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-06 23:33 . 2007-01-18 00:58 -------- d-----w c:\programdata\Symantec
2009-05-04 19:54 . 2007-12-13 06:04 -------- d-----w c:\users\jodi\AppData\Roaming\Costco Photo Organizer
2009-05-02 20:12 . 2007-12-12 23:53 20 ---h--w c:\programdata\PKP_DLec.DAT
2009-04-16 10:15 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 10:07 . 2007-03-10 21:11 -------- d-----w c:\programdata\Microsoft Help
2009-03-17 03:16 . 2009-04-16 02:37 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 02:37 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 02:37 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 02:37 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 02:37 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 02:37 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 02:37 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 02:37 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 02:37 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 02:37 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 02:37 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 02:37 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 02:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 02:37 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 02:37 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-31_00.18.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-18 00:40 . 2009-05-30 23:05 50464 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-01-18 00:40 . 2009-06-01 01:03 50464 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-01 02:24 71304 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-02-18 22:42 . 2009-05-30 23:05 11400 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3308817596-3878474459-1549271132-1000_UserData.bin
+ 2007-02-18 22:42 . 2009-06-01 02:24 11400 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3308817596-3878474459-1549271132-1000_UserData.bin
- 2007-02-18 22:38 . 2009-05-30 23:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-02-18 22:38 . 2009-06-01 01:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-02-18 22:38 . 2009-05-30 23:45 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-18 22:38 . 2009-06-01 01:57 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-18 22:38 . 2009-06-01 01:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-18 22:38 . 2009-05-30 23:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-07 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-07 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-07 8466432]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StupAssist.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StupAssist.lnk
backup=c:\windows\pss\StupAssist.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C26E2428-D39B-4195-B612-B633199E9AD8}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6D5865B9-33B6-4392-8817-ACC5BD6EC61E}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{8F1AC832-FA08-41B5-BA07-21D0BB33E918}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{FBBD64FC-AD92-4D08-9B69-18904D3C9AE3}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{82931695-04F3-4695-86E8-6C7F7012C7F9}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{F005862C-4C62-4CD9-A2A8-DE9AC35E8AB8}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{920F0572-488C-4D72-95DB-5F3866E14789}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CE2215A8-A65E-4108-8784-2B251D44DA56}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{18D0B124-71DB-4D54-91A6-C4E05A86100F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{00FC659F-B5C2-4B81-B9C3-6245D2CA3A92}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8AFC4557-40ED-4F8E-B60A-AF053FE61B95}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{50E2FA48-FD25-4719-86B7-9AA942AC7738}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4227A293-E35A-4DB6-B2F4-739816100FA6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AE9E1B41-E08F-4206-A61F-518DD13A3868}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{85C8D69E-25C3-4A22-A62C-A9E0CC1147C4}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{323D04AC-4516-415E-BF59-FB510DA06B02}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{540B0582-77BE-4533-8607-A638C93CFBF3}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{82FC9D54-8E97-483B-85E6-83FFB5CF48BA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2CC2DBB1-202C-4AF4-AC75-8E9256195074}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9AD24314-52FA-4A0E-AD24-0F2BBCA74542}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{27E47E7B-B838-4EE4-8D11-97B86C198B65}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R4 SessionLauncher;SessionLauncher;c:\users\jodi\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2005-06-29 15172]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090528.001\IDSvix86.sys [2009-04-28 272432]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2098-01-01 101936]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - Beep
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - Ecache
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - fastfat
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - IDSvix86
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - nvstor
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - SPBBCDrv
*Deregistered* - spldr
*Deregistered* - SRTSP
*Deregistered* - SRTSPX
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SymIM
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000
*Deregistered* - XAudio

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - jodi.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{9C155FA1-2F4F-4082-990B-E556A61A2570}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: paypal.com\www
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 19:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dllhost.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\Locator.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\windows\ehome\ehmsas.exe
c:\hp\KBD\kbd.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\System32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-06-01 20:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 03:22
ComboFix2.txt 2009-05-31 00:20

Pre-Run: 182,947,549,184 bytes free
Post-Run: 184,361,496,576 bytes free

395 --- E O F --- 2009-05-27 03:10





DDS Log



DDS (Ver_09-05-14.01) - NTFSx86
Run by jodi at 20:37:58.55 on Sun 05/31/2009
Internet Explorer: 7.0.6000.16830
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.894.364 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton AntiVirus *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dllhost.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\jodi\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: paypal.com\www
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-2-7 15172]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090528.001\IDSvix86.sys [2009-5-29 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2009-5-6 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-6 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S4 SessionLauncher;SessionLauncher;c:\users\jodi\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\jodi\appdata\local\temp\dx9\SessionLauncher.exe [?]

=============== Created Last 30 ================

2009-05-31 20:22 6,736 a------- c:\windows\system32\drivers\PROCEXP90.SYS
2009-05-31 19:23 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-05-30 17:04 161,792 a------- c:\windows\SWREG.exe
2009-05-30 17:04 154,624 a------- c:\windows\PEV.exe
2009-05-30 17:04 98,816 a------- c:\windows\sed.exe
2009-05-30 00:00 81,664 a------- C:\aajasnkj.sys
2009-05-29 14:40 233,152,602 a------- c:\windows\MEMORY.DMP
2009-05-22 17:59 39 a------- c:\windows\WININIT.INI
2009-05-09 23:06 81,920 a------- c:\windows\SPInstall.etl
2009-05-09 14:24 <DIR> --d----- c:\users\jodi\DoctorWeb
2009-05-09 14:20 <DIR> --d----- c:\program files\Trend Micro
2009-05-08 16:46 6,224 a------- c:\windows\CVRPAGE.BMP
2009-05-08 16:44 0 a------- c:\windows\brdfxspd.dat
2009-05-08 16:41 126,976 a------- c:\windows\system32\BrfxD05a.dll
2009-05-06 19:45 50 a------- c:\windows\system32\bridf06a.dat
2009-05-06 19:43 55,296 -------- c:\windows\system32\BrNetSti.dll
2009-05-06 19:43 37,376 -------- c:\windows\system32\Brnsplg.dll
2009-05-06 19:43 34,816 -------- c:\windows\system32\BrWiaNCp.dll
2009-05-06 19:36 66 a------- c:\windows\Brfaxrx.ini
2009-05-06 16:15 <DIR> --d----- c:\program files\Norton AntiVirus
2009-05-06 16:12 124,464 -------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-06 16:12 10,635 -------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-06 16:12 806 -------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-06 16:11 <DIR> --d----- c:\program files\Symantec
2009-05-06 13:12 <DIR> --d----- c:\program files\CCleaner
2009-05-06 10:22 <DIR> --d----- c:\windows\pss
2009-05-06 10:12 <DIR> --d----- c:\users\jodi\appdata\roaming\Malwarebytes
2009-05-06 10:11 15,504 -------- c:\windows\system32\drivers\mbam.sys
2009-05-06 10:11 38,496 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 10:11 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-06 10:11 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-06 10:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-05-10 23:38 51,200 a------- c:\windows\inf\infpub.dat
2009-05-09 12:10 86,016 a------- c:\windows\inf\infstor.dat
2009-05-09 12:10 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-02 13:12 20 ----h--- c:\programdata\PKP_DLec.DAT
2009-05-02 13:12 20 ----h--- c:\progra~2\PKP_DLec.DAT
2009-03-16 20:16 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 20:16 14,848 a------- c:\windows\system32\apilogen.dll
2009-03-16 20:16 25,600 a------- c:\windows\system32\amxread.dll
2009-03-02 21:24 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 21:24 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 21:20 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 21:19 158,720 a------- c:\windows\system32\sdohlp.dll
2009-03-02 21:19 549,888 a------- c:\windows\system32\rpcss.dll
2009-03-02 21:19 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 21:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-03-02 21:16 97,280 a------- c:\windows\system32\iasrecst.dll
2009-03-02 21:16 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-02 21:16 53,248 a------- c:\windows\system32\iasads.dll
2009-03-02 21:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-02 21:16 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 21:15 72,704 a------- c:\windows\system32\admparse.dll
2008-12-11 04:26 174 a--sh--- c:\program files\desktop.ini
2008-06-11 03:12 665,600 a------- c:\windows\inf\drvindex.dat
2007-03-06 22:31 568 a------- c:\users\jodi\appdata\roaming\wklnhst.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-13 15:59 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-13 15:59 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-13 15:59 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-22 10:19 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-09-22 10:19 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-09-22 10:19 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:39:00.65 ===============

Edited by Orange Blossom, 01 June 2009 - 12:54 AM.
Fix BB code for readability. ~ OB


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:49 PM

Posted 01 June 2009 - 02:46 PM

Hi GWE,

Looks good now. How's it running?

Just going to do an online scan to clean up a bit.

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 02 June 2009 - 01:55 AM

I can not get the machine to connect with the internet.

each time I try to do something it takes 20-30 minutes.

I did manage to get the Device Manager open and it showed the following problems

Remote NDIS Based Internet Sharing Device - Watchdog Miniport
Wan Miniport (IP) - Watchdog Miniport
Wan Miniport (IPv6) - Watchdog Miniport

But good news -- The Processor is running under 5%

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:49 PM

Posted 02 June 2009 - 02:05 PM

The bad driver has gone but it has caused internet disconnection.

You will need to go to a clean computer and use a flashdrive here.

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.
  • Double click on WinsockXPFix.exe to open.
  • On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
  • On the ERDNT Welcome screen, click "OK".
  • On the Backup to: screen, click "OK".
  • On the Folder does not exist question screen click "Yes".
  • You will see a status screen as your registry is being backed up.
  • On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  • On the Winsock and TCP Repair Utility screen, click "Fix".
  • On the Apply the VB_Winsock fix? screen click "Yes".
  • The screen will display a status message "repair completed please reboot."
  • On the Repair Completed screen click "OK" to reboot your computer.
  • If your computer was not using DHCP, you will need to reconfigure TCP/IP.
  • You should have connectivity restored.
If so, then please run the Kaspersky scan. If you have problems then post back.
Posted Image
m0le is a proud member of UNITE

#13 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 03 June 2009 - 12:54 AM

Winsockxpfix did not work. It is not fully compatible with Vista.

I did find the following commands that did work.

They have to ran in command mode

NETSH INT IP RESET

NETSH WINSOCK RESET


I was able to connect to the internet after running these and rebooting

I was able to run the Kaspersky scan.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 2, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 03, 2009 04:55:48
Records in database: 2299883
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 119601
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:53:27


File name / Threat name / Threats count
C:\Program Files\2Wire\sst\VNC\MotVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2

The selected area was scanned.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:49 PM

Posted 03 June 2009 - 06:30 AM

Ah, yes I forgot you were on a Vista PC. Nice work on the clerical fix though. :thumbup2:


Kaspersky has flagged this.

C:\Program Files\2Wire\sst\VNC\MotVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2

Have you set your PC up to be remotely accessed?
Posted Image
m0le is a proud member of UNITE

#15 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 03 June 2009 - 03:14 PM

Not That I know of, but 2wire is the brand of my DSL modem/router.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users