Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo


  • This topic is locked This topic is locked
14 replies to this topic

#1 SonsOfBen

SonsOfBen

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 14 May 2009 - 10:50 AM

My computer is infected by the Vondu torjan. I have run various programs to remove it, but it always returns. Please help! Thank you.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Patrick and Lindsey at 11:34:30.13 on Thu 05/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.244 [GMT -4:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {8A8567B1-E8F8-4744-8556-A91329AA1794}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\java.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas1b.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
svchost
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Patrick and Lindsey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220
uInternet Settings,ProxyOverride = *.local
BHO: {d4fb082a-56e8-49d8-94a0-b38d9fc527d6} - c:\windows\system32\gwfolcx.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\antispyware\cdas1b.exe" /minimize
uRun: [Patrick and Lindsey] c:\documents and settings\patrick and lindsey\Patrick and Lindsey.exe /i
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dExplorerRun: [svcho] c:\windows\svcho.exe
StartupFolder: c:\docume~1\patric~1\startm~1\programs\startup\epsonp~1.lnk - d:\drivers\e_reg\EPSONREG.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195412653390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1233790367257&h=f99831148189ae86367002af33b02bcc/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: jycdouhx - gwfolcx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-12-20 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64160]
R0 sjtpigym;sjtpigym;c:\windows\system32\drivers\sjtpigym.sys [2004-8-10 23424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-3-3 67424]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-5-9 189792]

=============== Created Last 30 ================

2009-04-16 13:54 <DIR> --d----- c:\docume~1\patric~1\applic~1\ldsnjrkg

==================== Find3M ====================

2009-04-30 22:29 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-11 11:50 2,856 a------- c:\windows\system32\tmp.reg
2009-04-10 22:33 32,768 a------- c:\windows\system32\drivers\93.exe
2009-04-10 16:12 14,336 a------- c:\windows\syssvc.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 13:15 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-01 11:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020120090202\index.dat

============= FINISH: 11:37:52.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:03 PM

Posted 14 May 2009 - 02:51 PM

Hi SonsOfBen,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 SonsOfBen

SonsOfBen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 14 May 2009 - 03:38 PM

Thanks for the quick response m0le! I look forward to hearing from you.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:03 PM

Posted 16 May 2009 - 09:43 AM

Hi SonsOfBen,

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent and Azureus). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

On with the fix

We need to see a bit more than DDS lets us see.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Then

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 SonsOfBen

SonsOfBen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 16 May 2009 - 12:35 PM

Hi m0le,

Thanks for the advice regarding the file sharing apps. I used them only once almost two years ago to acquire audio from a concert I attended. I don't believe that is what led to the Vundo infection since it has occurred fairly recently.

GMER Results:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-16 12:07:09
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF75E287E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF75E2BFE]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ObReferenceObjectByHandle + 4BF 805B1001 7 Bytes JMP 869AC070
? xeingvc.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\USB_RNDIS \Device\{852982F4-54BE-45A5-B62F-E97C1A6B5224} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat F0887D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

OTViewIT:
OTViewIt logfile created on: 5/16/2009 12:12:40 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Patrick and Lindsey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.03 Mb Total Physical Memory | 584.63 Mb Available Physical Memory | 59.05% Memory free
1.84 Gb Paging File | 1.09 Gb Available in Paging File | 59.21% Paging File free
Paging file location(s): C:\pagefile.sys 990 1190;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 44.55 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7DB69C1
Current User Name: Patrick and Lindsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/09/06 06:13:42 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2003/12/02 10:27:08 | 01,417,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2009/02/04 19:31:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2009/02/04 19:31:53 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
[2006/04/21 15:26:38 | 05,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
[2009/02/04 19:31:54 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/05/01 03:07:44 | 00,843,776 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2005/12/09 21:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
[2009/04/16 22:22:34 | 00,669,000 | ---- | M] (CyberDefender Corp.) -- C:\Program Files\CyberDefender\AntiSpyware\cdas1b.exe
[2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2007/02/20 06:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/04/30 22:29:10 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
[2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
[2009/04/30 22:29:11 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
[2009/04/23 10:01:53 | 02,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[2007/08/19 13:25:25 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/05/16 11:08:22 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\v2joygd7.exe
[2009/05/16 12:12:25 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/09/06 06:13:42 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/12/02 10:27:08 | 01,417,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2009/02/04 19:31:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2009/04/30 22:29:10 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
[2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WUSB54GSCSVC [Auto | Running])

========== Driver Services ==========

[2006/05/22 09:40:54 | 00,230,400 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2007/07/21 13:12:28 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/09/06 06:13:42 | 01,580,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2006/09/14 04:45:38 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide [Boot | Running])
[2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY [On_Demand | Stopped])
[2006/05/17 04:03:24 | 00,044,544 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2009/03/03 13:24:30 | 00,067,424 | ---- | M] (CyberDefender Corp.) -- C:\WINDOWS\system32\drivers\CDAVFS.sys -- (CDAVFS [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2003/05/01 13:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2003/12/02 10:26:22 | 00,268,872 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2003/07/24 19:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2001/08/10 06:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2003/11/17 22:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 22:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2009/04/30 22:29:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/10/18 04:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/03/17 11:18:58 | 00,392,960 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService [On_Demand | Running])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sjtpigym.sys -- (sjtpigym [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
[2003/08/28 21:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2003/11/17 22:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.comcast.net/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.comcast.net/

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (156 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
91.212.65.122 browser-security.microsoft.com
91.212.65.122 antiwareprotect.com
91.212.65.122 www.antiwareprotect.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{D4FB082A-56E8-49D8-94A0-B38D9FC527D6} (HKLM) -- c:\WINDOWS\system32\gwfolcx.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas1b.exe" /minimize (CyberDefender Corp.)
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"Patrick and Lindsey"=C:\Documents and Settings\Patrick and Lindsey\Patrick and Lindsey.exe /i File not found

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas1b.exe" /minimize (CyberDefender Corp.)
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"Patrick and Lindsey"=C:\Documents and Settings\Patrick and Lindsey\Patrick and Lindsey.exe /i File not found

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2003/12/02 10:27:12 | 01,462,104 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
[2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2007/02/20 06:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
File not found -- C:\Documents and Settings\Patrick and Lindsey\Start Menu\Programs\Startup\Epson printer Registration.lnk = D:\Drivers\E_reg\EPSONREG.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"svcho"=C:\WINDOWS\svcho.exe -- File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"svcho"=C:\WINDOWS\svcho.exe -- File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1195412653390 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{852982F4-54BE-45A5-B62F-E97C1A6B5224} (Servers: | Description: Compact Wireless-G USB Network Adapter with SpeedBooster)
{AC2E1FB7-EA6B-4150-AF4A-69919ACBB851} (Servers: | Description: )
{F3E031A6-4D53-466B-B5F7-DB6271EF9C5D} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
jycdouhx: "DllName" = gwfolcx.dll -- C:\WINDOWS\system32\gwfolcx.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/16 12:12:23 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe
[2009/05/16 11:08:20 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\v2joygd7.exe
[2009/05/14 11:32:46 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\dds.scr
[2009/05/11 16:38:45 | 00,069,726 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Insurance Cancellation.pdf
[2009/04/30 10:45:12 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/04/30 10:45:11 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/04/30 10:45:11 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/04/30 10:45:11 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/04/30 10:45:11 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/04/30 10:45:11 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/04/30 10:45:11 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/04/30 10:45:11 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/04/30 10:45:11 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/04/30 10:45:11 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/04/30 10:45:11 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/04/30 10:45:11 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/04/30 10:45:11 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/04/30 10:45:11 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/04/29 05:55:58 | 00,067,378 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\pictures for KOP.docx
[2009/04/27 13:19:20 | 00,230,920 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\437 Lombardy Road_Home Inspection Report.pdf
[2009/04/27 09:27:35 | 00,036,936 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\Patrick_Pearce-resume.pdf
[2009/04/16 13:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patrick and Lindsey\Local Settings\Application Data\ldsnjrkg
[2009/04/16 13:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patrick and Lindsey\Application Data\ldsnjrkg
[2009/04/16 13:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patrick and Lindsey\Application Data\Mozilla
[2009/04/16 13:38:04 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/16 12:12:25 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe
[2009/05/16 11:08:22 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\v2joygd7.exe
[2009/05/16 11:07:00 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/05/14 22:29:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/14 11:32:47 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\dds.scr
[2009/05/13 16:09:00 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/05/12 19:59:24 | 00,120,837 | ---- | M] () -- C:\logfile
[2009/05/12 19:52:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/12 19:52:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/12 19:52:13 | 10,381,92640 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/11 21:06:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/11 16:38:45 | 00,069,726 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Insurance Cancellation.pdf
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/30 22:29:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/29 05:55:58 | 00,067,378 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\pictures for KOP.docx
[2009/04/27 13:19:20 | 00,230,920 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\437 Lombardy Road_Home Inspection Report.pdf
[2009/04/27 09:27:35 | 00,036,936 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\Patrick_Pearce-resume.pdf
[2009/04/23 10:10:05 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Patrick_Pearce-resume-current.doc
[2009/04/16 22:22:27 | 00,000,888 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/16 15:18:33 | 00,335,872 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/16 15:18:33 | 00,183,296 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/16 14:06:10 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Pqequk.dat
[2009/04/16 14:06:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Hgegev.bin
< End of report >

Extras:
OTViewIt logfile created on: 5/16/2009 12:12:40 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Patrick and Lindsey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.03 Mb Total Physical Memory | 584.63 Mb Available Physical Memory | 59.05% Memory free
1.84 Gb Paging File | 1.09 Gb Available in Paging File | 59.21% Paging File free
Paging file location(s): C:\pagefile.sys 990 1190;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 44.55 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7DB69C1
Current User Name: Patrick and Lindsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/09/06 06:13:42 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2003/12/02 10:27:08 | 01,417,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2009/02/04 19:31:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2009/02/04 19:31:53 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
[2006/04/21 15:26:38 | 05,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
[2009/02/04 19:31:54 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/05/01 03:07:44 | 00,843,776 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2005/12/09 21:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
[2009/04/16 22:22:34 | 00,669,000 | ---- | M] (CyberDefender Corp.) -- C:\Program Files\CyberDefender\AntiSpyware\cdas1b.exe
[2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2007/02/20 06:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/04/30 22:29:10 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
[2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
[2009/04/30 22:29:11 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
[2009/04/23 10:01:53 | 02,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[2007/08/19 13:25:25 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/05/16 11:08:22 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\v2joygd7.exe
[2009/05/16 12:12:25 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/09/06 06:13:42 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/12/02 10:27:08 | 01,417,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2009/02/04 19:31:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2009/04/30 22:29:10 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
[2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WUSB54GSCSVC [Auto | Running])

========== Driver Services ==========

[2006/05/22 09:40:54 | 00,230,400 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2007/07/21 13:12:28 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/09/06 06:13:42 | 01,580,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2006/09/14 04:45:38 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide [Boot | Running])
[2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY [On_Demand | Stopped])
[2006/05/17 04:03:24 | 00,044,544 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2009/03/03 13:24:30 | 00,067,424 | ---- | M] (CyberDefender Corp.) -- C:\WINDOWS\system32\drivers\CDAVFS.sys -- (CDAVFS [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2003/05/01 13:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2003/12/02 10:26:22 | 00,268,872 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2003/07/24 19:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2001/08/10 06:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2003/11/17 22:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 22:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2009/04/30 22:29:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/10/18 04:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/03/17 11:18:58 | 00,392,960 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService [On_Demand | Running])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sjtpigym.sys -- (sjtpigym [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
[2003/08/28 21:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2003/11/17 22:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.comcast.net/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.comcast.net/

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (156 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
91.212.65.122 browser-security.microsoft.com
91.212.65.122 antiwareprotect.com
91.212.65.122 www.antiwareprotect.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{D4FB082A-56E8-49D8-94A0-B38D9FC527D6} (HKLM) -- c:\WINDOWS\system32\gwfolcx.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas1b.exe" /minimize (CyberDefender Corp.)
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"Patrick and Lindsey"=C:\Documents and Settings\Patrick and Lindsey\Patrick and Lindsey.exe /i File not found

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas1b.exe" /minimize (CyberDefender Corp.)
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"Patrick and Lindsey"=C:\Documents and Settings\Patrick and Lindsey\Patrick and Lindsey.exe /i File not found

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2003/12/02 10:27:12 | 01,462,104 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
[2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2007/02/20 06:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
File not found -- C:\Documents and Settings\Patrick and Lindsey\Start Menu\Programs\Startup\Epson printer Registration.lnk = D:\Drivers\E_reg\EPSONREG.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"svcho"=C:\WINDOWS\svcho.exe -- File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"svcho"=C:\WINDOWS\svcho.exe -- File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1195412653390 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{852982F4-54BE-45A5-B62F-E97C1A6B5224} (Servers: | Description: Compact Wireless-G USB Network Adapter with SpeedBooster)
{AC2E1FB7-EA6B-4150-AF4A-69919ACBB851} (Servers: | Description: )
{F3E031A6-4D53-466B-B5F7-DB6271EF9C5D} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
jycdouhx: "DllName" = gwfolcx.dll -- C:\WINDOWS\system32\gwfolcx.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/16 12:12:23 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe
[2009/05/16 11:08:20 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\v2joygd7.exe
[2009/05/14 11:32:46 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\dds.scr
[2009/05/11 16:38:45 | 00,069,726 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Insurance Cancellation.pdf
[2009/04/30 10:45:12 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/04/30 10:45:11 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/04/30 10:45:11 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/04/30 10:45:11 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/04/30 10:45:11 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/04/30 10:45:11 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/04/30 10:45:11 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/04/30 10:45:11 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/04/30 10:45:11 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/04/30 10:45:11 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/04/30 10:45:11 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/04/30 10:45:11 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/04/30 10:45:11 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/04/30 10:45:11 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/04/29 05:55:58 | 00,067,378 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\pictures for KOP.docx
[2009/04/27 13:19:20 | 00,230,920 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\437 Lombardy Road_Home Inspection Report.pdf
[2009/04/27 09:27:35 | 00,036,936 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\Patrick_Pearce-resume.pdf
[2009/04/16 13:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patrick and Lindsey\Local Settings\Application Data\ldsnjrkg
[2009/04/16 13:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patrick and Lindsey\Application Data\ldsnjrkg
[2009/04/16 13:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patrick and Lindsey\Application Data\Mozilla
[2009/04/16 13:38:04 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/16 12:12:25 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe
[2009/05/16 11:08:22 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\v2joygd7.exe
[2009/05/16 11:07:00 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/05/14 22:29:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/14 11:32:47 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\dds.scr
[2009/05/13 16:09:00 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/05/12 19:59:24 | 00,120,837 | ---- | M] () -- C:\logfile
[2009/05/12 19:52:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/12 19:52:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/12 19:52:13 | 10,381,92640 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/11 21:06:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/11 16:38:45 | 00,069,726 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Insurance Cancellation.pdf
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/30 22:29:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/29 05:55:58 | 00,067,378 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\pictures for KOP.docx
[2009/04/27 13:19:20 | 00,230,920 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\437 Lombardy Road_Home Inspection Report.pdf
[2009/04/27 09:27:35 | 00,036,936 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\Patrick_Pearce-resume.pdf
[2009/04/23 10:10:05 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Patrick_Pearce-resume-current.doc
[2009/04/16 22:22:27 | 00,000,888 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/16 15:18:33 | 00,335,872 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/04/16 15:18:33 | 00,183,296 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/04/16 14:06:10 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Pqequk.dat
[2009/04/16 14:06:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Hgegev.bin
< End of report >


Thanks again for all of your help!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:03 PM

Posted 17 May 2009 - 03:16 AM

Hi SonsOfBen,

Yes, there's some malware there.

Firstly we need to set the Hosts file which the malware has altered.

Please download HostsXpert 4.2
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Now let's deal with the malware.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to backup your registry as we will be making changes there.
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    sjtpigym
    :Files
    c:\windows\system32\drivers\sjtpigym.sys
    C:\WINDOWS\tasks\At*.job
    C:\WINDOWS\svcho.exe
    c:\WINDOWS\system32\gwfolcx.dll
    C:\Documents and Settings\Patrick and Lindsey\Desktop\v2joygd7.exe
    c:\windows\system32\drivers\93.exe 
    C:\WINDOWS\System32\swsc.exe
    C:\Documents and Settings\Patrick and Lindsey\Application Data\ldsnjrkg
    C:\WINDOWS\Pqequk.dat
    C:\WINDOWS\Hgegev.bin
    :Reg
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
    "svcho"=-
    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
    "svcho"=-
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4FB082A-56E8-49D8-94A0-B38D9FC527D6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    jycdouhx]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start then All Programs then Accessories then Notepad), click File then Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 SonsOfBen

SonsOfBen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 18 May 2009 - 07:58 AM

Hello m0le,

I am having a problem with OTMoveIt3. The program seems to crash when trying to move the files. An hour glass appears and does not move once the results show-up on the right screen. When closing the program, I get a notice that it is not responding. Furthermore, a log of the results does not save to file.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:03 PM

Posted 18 May 2009 - 01:01 PM

Hi SonsOfBen,

Okay, we'll try something a bit more powerful and see how we go.

If you still have problems please rename the file combofix.exe with combo-fix.exe.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 SonsOfBen

SonsOfBen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 20 May 2009 - 08:33 AM

Hello m0le,

Below is the ComboFix log. Thanks for your help!


ComboFix 09-05-19.08 - Patrick and Lindsey 05/20/2009 9:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.551 [GMT -4:00]
Running from: c:\documents and settings\Patrick and Lindsey\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\syssvc.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\cblpsxb.dll
c:\windows\system32\drivers\sjtpigym.sys
c:\windows\system32\drivers\zhvofnwd.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gwfolcx.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_I386SI
-------\Legacy_NICSK32
-------\Legacy_SECURENTM
-------\Legacy_SJTPIGYM
-------\Legacy_SYSTEMNTMI
-------\Service_sjtpigym


((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-18 12:31 . 2009-05-18 12:31 -------- d-----w C:\_OTMoveIt
2009-05-18 12:27 . 2009-05-18 12:27 -------- d-----w c:\program files\ERUNT
2009-05-17 22:40 . 2009-05-17 22:40 -------- d-----w C:\HostsXpert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 02:29 . 2009-02-13 03:29 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-16 17:41 . 2004-08-10 17:51 -------- d-----w c:\program files\Common Files\Mozilla Shared
2009-04-14 02:34 . 2009-04-14 02:34 -------- d-----w c:\program files\iTunes
2009-04-14 02:34 . 2009-04-14 02:34 -------- d-----w c:\program files\iPod
2009-04-14 02:34 . 2007-07-21 18:38 -------- d-----w c:\program files\Common Files\Apple
2009-04-14 02:28 . 2008-10-04 20:01 -------- d-----w c:\program files\Safari
2009-04-11 17:43 . 2009-04-11 17:25 -------- d-----w c:\program files\Trojan Remover
2009-04-11 16:58 . 2009-04-11 16:58 -------- d-----w c:\program files\Trend Micro
2009-04-11 16:23 . 2009-04-11 16:23 -------- d-----w c:\program files\WebEx
2009-04-11 02:25 . 2006-12-20 16:29 -------- d-----w c:\program files\Google
2009-04-10 17:26 . 2009-04-10 17:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:32 . 2009-04-10 17:26 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-04-10 17:26 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-31 02:10 . 2007-07-21 18:39 -------- d-----w c:\program files\QuickTime
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 14:23 . 2007-07-03 16:38 71224 ----a-w c:\documents and settings\Patrick and Lindsey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 17:15 . 2009-02-13 14:23 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 17:51 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-19 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-01 516440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-9 1462104]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Dell Support\\DSAgnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19881:TCP"= 19881:TCP:BitComet 19881 TCP
"19881:UDP"= 19881:UDP:BitComet 19881 UDP
"20601:TCP"= 20601:TCP:@xpsp2res.dll,-22009

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [12/20/2006 11:57 AM 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/12/2009 11:29 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 953168]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [7/21/2007 1:12 PM 53307]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zkrprzth
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 02:29]

2009-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-Patrick and Lindsey - c:\documents and settings\Patrick and Lindsey\Patrick and Lindsey.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 09:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2024)
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\java.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
.
**************************************************************************
.
Completion time: 2009-05-20 9:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-20 13:27

Pre-Run: 47,640,137,728 bytes free
Post-Run: 47,958,319,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

188 --- E O F --- 2009-05-13 07:02

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:03 PM

Posted 21 May 2009 - 06:54 AM

Hi SonsOfBen,

We need to use Combofix again.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
zkrprzth
NetSvc::
zkrprzth


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please also post a new OTViewIt log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 SonsOfBen

SonsOfBen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 21 May 2009 - 03:45 PM

Hi m0le,

The reports are below.

Combofix results:

ComboFix 09-05-20.A1 - Patrick and Lindsey 05/21/2009 16:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.557 [GMT -4:00]
Running from: c:\documents and settings\Patrick and Lindsey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patrick and Lindsey\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZKRPRZTH


((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-18 12:31 . 2009-05-18 12:31 -------- d-----w C:\_OTMoveIt
2009-05-18 12:27 . 2009-05-18 12:27 -------- d-----w c:\program files\ERUNT
2009-05-17 22:40 . 2009-05-17 22:40 -------- d-----w C:\HostsXpert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 02:29 . 2009-02-13 03:29 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-16 17:41 . 2004-08-10 17:51 -------- d-----w c:\program files\Common Files\Mozilla Shared
2009-04-14 02:34 . 2009-04-14 02:34 -------- d-----w c:\program files\iTunes
2009-04-14 02:34 . 2009-04-14 02:34 -------- d-----w c:\program files\iPod
2009-04-14 02:34 . 2007-07-21 18:38 -------- d-----w c:\program files\Common Files\Apple
2009-04-14 02:28 . 2008-10-04 20:01 -------- d-----w c:\program files\Safari
2009-04-11 17:43 . 2009-04-11 17:25 -------- d-----w c:\program files\Trojan Remover
2009-04-11 16:58 . 2009-04-11 16:58 -------- d-----w c:\program files\Trend Micro
2009-04-11 16:23 . 2009-04-11 16:23 -------- d-----w c:\program files\WebEx
2009-04-11 02:25 . 2006-12-20 16:29 -------- d-----w c:\program files\Google
2009-04-10 17:26 . 2009-04-10 17:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:32 . 2009-04-10 17:26 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-04-10 17:26 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-31 02:10 . 2007-07-21 18:39 -------- d-----w c:\program files\QuickTime
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 14:23 . 2007-07-03 16:38 71224 ----a-w c:\documents and settings\Patrick and Lindsey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 17:15 . 2009-02-13 14:23 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-20_13.24.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 20:30 . 2009-05-21 20:30 16384 c:\windows\Temp\Perflib_Perfdata_2ec.dat
+ 2009-04-15 10:18 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
- 2009-04-15 10:18 . 2007-04-17 09:32 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-19 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-01 516440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-9 1462104]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Dell Support\\DSAgnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19881:TCP"= 19881:TCP:BitComet 19881 TCP
"19881:UDP"= 19881:UDP:BitComet 19881 UDP
"20601:TCP"= 20601:TCP:@xpsp2res.dll,-22009

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [12/20/2006 11:57 AM 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/12/2009 11:29 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 953168]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [7/21/2007 1:12 PM 53307]
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 02:29]

2009-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\java.exe
c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-21 16:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-21 20:35
ComboFix2.txt 2009-05-20 13:28

Pre-Run: 47,868,641,280 bytes free
Post-Run: 47,924,711,424 bytes free

157 --- E O F --- 2009-05-21 07:00


OTViewIT.txt:

OTViewIt logfile created on: 5/21/2009 4:40:20 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Patrick and Lindsey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.03 Mb Total Physical Memory | 497.20 Mb Available Physical Memory | 50.22% Memory free
1.84 Gb Paging File | 1.37 Gb Available in Paging File | 74.52% Paging File free
Paging file location(s): C:\pagefile.sys 990 1190;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 44.65 Gb Free Space | 59.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7DB69C1
Current User Name: Patrick and Lindsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/09/06 06:13:42 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2009/04/30 22:29:10 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2003/12/02 10:27:08 | 01,417,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2009/02/04 19:31:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2009/02/04 19:31:53 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
[2006/04/21 15:26:38 | 05,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
[2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
[2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2009/02/04 19:31:54 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/05/01 03:07:44 | 00,843,776 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2005/12/09 21:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2007/08/19 13:25:25 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2009/04/30 22:29:11 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
[2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
[2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2007/02/20 06:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/05/21 16:38:55 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/09/06 06:13:42 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/12/02 10:27:08 | 01,417,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/02/04 19:31:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2009/04/30 22:29:10 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
[2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WUSB54GSCSVC [Auto | Running])

========== Driver Services ==========

[2006/05/22 09:40:54 | 00,230,400 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2007/07/21 13:12:28 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/09/06 06:13:42 | 01,580,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2006/09/14 04:45:38 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide [Boot | Running])
[2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY [On_Demand | Stopped])
[2006/05/17 04:03:24 | 00,044,544 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
File not found -- -- (catchme [Disabled | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2003/05/01 13:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2003/12/02 10:26:22 | 00,268,872 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2003/07/24 19:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2001/08/10 06:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Running])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2003/11/17 22:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 22:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2009/04/30 22:29:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/10/18 04:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/03/17 11:18:58 | 00,392,960 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService [On_Demand | Running])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
[2003/08/28 21:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2003/11/17 22:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061220

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.comcast.net/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.comcast.net/

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)

========== (O4) Startup Folders ==========

[2003/12/02 10:27:12 | 01,462,104 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
[2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2007/02/20 06:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
File not found -- C:\Documents and Settings\Patrick and Lindsey\Start Menu\Programs\Startup\Epson printer Registration.lnk = D:\Drivers\E_reg\EPSONREG.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1195412653390 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{852982F4-54BE-45A5-B62F-E97C1A6B5224} (Servers: | Description: Compact Wireless-G USB Network Adapter with SpeedBooster)
{AC2E1FB7-EA6B-4150-AF4A-69919ACBB851} (Servers: | Description: )
{F3E031A6-4D53-466B-B5F7-DB6271EF9C5D} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/05/21 16:38:53 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe
[2009/05/21 16:25:16 | 00,130,048 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/20 09:16:55 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/20 09:16:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/20 09:16:46 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/20 09:15:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/20 09:15:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/20 09:15:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/20 09:15:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/20 09:15:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/20 09:15:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/20 09:15:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/20 09:11:34 | 02,968,126 | R--- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\ComboFix.exe
[2009/05/19 17:41:14 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/18 08:32:55 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTMoveIt3.exe
[2009/05/18 08:31:29 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/05/18 08:28:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/18 08:27:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\NTREGOPT.lnk
[2009/05/18 08:27:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\ERUNT.lnk
[2009/05/18 08:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/17 18:40:07 | 00,000,000 | ---D | C] -- C:\HostsXpert
[2009/05/11 16:38:45 | 00,069,726 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Insurance Cancellation.pdf
[2009/04/29 05:55:58 | 00,067,378 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\pictures for KOP.docx
[2009/04/27 13:19:20 | 00,230,920 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\437 Lombardy Road_Home Inspection Report.pdf
[2009/04/27 09:27:35 | 00,036,936 | ---- | C] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\Patrick_Pearce-resume.pdf

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/21 16:38:55 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTViewIt.exe
[2009/05/21 16:37:44 | 00,124,355 | ---- | M] () -- C:\logfile
[2009/05/21 16:30:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/21 16:30:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/21 16:30:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/21 16:30:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/21 16:30:04 | 10,381,92640 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/21 16:24:51 | 02,968,126 | R--- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\ComboFix.exe
[2009/05/20 20:37:02 | 00,130,048 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/20 09:16:55 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/18 22:29:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/18 21:06:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/18 08:32:56 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick and Lindsey\Desktop\OTMoveIt3.exe
[2009/05/18 08:27:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\NTREGOPT.lnk
[2009/05/18 08:27:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\ERUNT.lnk
[2009/05/11 16:38:45 | 00,069,726 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Insurance Cancellation.pdf
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/30 22:29:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/29 05:55:58 | 00,067,378 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\pictures for KOP.docx
[2009/04/27 13:19:20 | 00,230,920 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\437 Lombardy Road_Home Inspection Report.pdf
[2009/04/27 09:27:35 | 00,036,936 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\Desktop\Patrick_Pearce-resume.pdf
[2009/04/23 10:10:05 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Patrick and Lindsey\My Documents\Patrick_Pearce-resume-current.doc
< End of report >


Extras.txt:

OTViewIt Extras logfile created on: 5/21/2009 4:40:20 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Patrick and Lindsey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.03 Mb Total Physical Memory | 497.20 Mb Available Physical Memory | 50.22% Memory free
1.84 Gb Paging File | 1.37 Gb Available in Paging File | 74.52% Paging File free
Paging file location(s): C:\pagefile.sys 990 1190;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 44.65 Gb Free Space | 59.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7DB69C1
Current User Name: Patrick and Lindsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/05/15 23:07:28 | 00,254,984 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2007/08/19 13:25:27 | 00,214,296 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/02/20 06:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/02/04 19:31:54 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ENABLE
[2006/05/01 03:07:44 | 00,843,776 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE
[2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ENABLE
[2005/12/09 21:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:*:Enabled:ENABLE
[2007/08/19 13:25:25 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:ENABLE
[2009/04/30 22:29:11 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:ENABLE
[2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ENABLE
[2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe:*:Enabled:ENABLE
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 02:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}"=MobileMe Control Panel
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}"=VPN Client
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}"=netbrdg
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}"=iTunes
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{65563451-00B6-458C-9F9A-03A7757355A6}"=Compact Wireless-G USB Network Adapter with SpeedBooster
"{65D85050-5610-4A91-A3B1-D5C744291AD4}"=PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.7
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"{7D3A6B8F-45C1-4814-967E-6D84BBB868CD}"=ATI Catalyst Control Center
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-00CA-0000-0000-0000000FF1CE}"=Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}"=Apple Mobile Device Support
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}"=Linksys Updater
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}"=PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}"=Dell Support 3.2.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}"=Safari
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}"=Broadcom Management Programs
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"ActiveTouchMeetingClient"=WebEx
"Ad-Aware"=Ad-Aware
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"ATI Display Driver"=ATI Display Driver
"Azureus Vuze"=Azureus Vuze
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 56K V.9x DFVc Modem
"Color Style Studio_is1"=Color Style Studio 2.4
"dBpoweramp FLAC Codec"=dBpoweramp FLAC Codec
"dBpoweramp Music Converter"=dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec"=dBpoweramp Windows Media Audio 10 Codec
"EPSON Printer and Utilities"=EPSON Printer Software
"ERUNT_is1"=ERUNT 1.1j
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0"=RealPlayer
"SearchAssist"=SearchAssist
"SMALLBUSINESSR"=Microsoft Office Small Business 2007
"Snood_is1"=Snood for Windows version 3.52-W
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c5f603e1336dab9b"=TheRHoguePak

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-25202493-769324634-859222467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c5f603e1336dab9b"=TheRHoguePak

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2009 1:50:54 PM | Computer Name = D7DB69C1 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application cdas1b.exe, version 5.1.6.7, stamp 4963d4cd,
faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
0x76f2345a.

Error - 5/13/2009 6:32:55 AM | Computer Name = D7DB69C1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/16/2009 11:17:51 AM | Computer Name = D7DB69C1 | Source = Application Error | ID = 1000
Description = Faulting application v2joygd7.exe, version 1.0.15.14972, faulting
module v2joygd7.exe, version 1.0.15.14972, fault address 0x0000c4b1.

Error - 5/18/2009 8:32:40 AM | Computer Name = D7DB69C1 | Source = Application Hang | ID = 1002
Description = Hanging application OTMoveIt3[1].exe, version 1.0.11.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2009 8:36:53 AM | Computer Name = D7DB69C1 | Source = Application Hang | ID = 1002
Description = Hanging application OTMoveIt3.exe, version 1.0.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2009 8:44:27 AM | Computer Name = D7DB69C1 | Source = Application Hang | ID = 1002
Description = Hanging application OTMoveIt3.exe, version 1.0.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/20/2009 9:24:38 AM | Computer Name = D7DB69C1 | Source = Application Error | ID = 1000
Description = Faulting application WUSB54GSC.exe, version 1.0.2.4, faulting module
unknown, version 0.0.0.0, fault address 0x04011405.

Error - 5/20/2009 9:25:33 AM | Computer Name = D7DB69C1 | Source = Application Error | ID = 1000
Description = Faulting application WUSB54GSC.exe, version 1.0.2.4, faulting module
unknown, version 0.0.0.0, fault address 0x04011405.

Error - 5/20/2009 9:25:40 AM | Computer Name = D7DB69C1 | Source = Application Error | ID = 1000
Description = Faulting application WUSB54GSC.exe, version 1.0.2.4, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000df3c.

Error - 5/21/2009 4:40:00 PM | Computer Name = D7DB69C1 | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.21.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/13/2009 6:32:45 AM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/18/2009 8:31:30 AM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7028
Description = The sjtpigym Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 5/20/2009 9:18:25 AM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the F03461A5E2CE72FDF484851490B83E65
service to connect.

Error - 5/20/2009 9:19:54 AM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the 10A738A6A81EF1E009E3410F97881D27
service to connect.

Error - 5/20/2009 9:21:57 AM | Computer Name = D7DB69C1 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SJTPIGYM\0000 disappeared from the system without
first being prepared for removal.

Error - 5/20/2009 9:21:57 AM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the 367283AF73089F296792FC8BFDF5F0E3
service to connect.

Error - 5/20/2009 9:24:05 AM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the 2E5B7ABB3F02E66A3BE38BB01E9117E1
service to connect.

Error - 5/21/2009 4:26:10 PM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the D9ABFBF04F3D1C97AF3EABD853AEB635
service to connect.

Error - 5/21/2009 4:28:50 PM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the E35C0D852CAD3449D633A3F566A372CE
service to connect.

Error - 5/21/2009 4:30:33 PM | Computer Name = D7DB69C1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the 88F6C5DE92FDDF4569AB0A0FBFEF0E39
service to connect.


< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:03 PM

Posted 22 May 2009 - 06:04 AM

Good news, SonsOfBen!!

Your log is clean. Good stuff! :thumbup2:

Let's firstly do some housekeeping


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Please download OTCleanIt and save it to Desktop.

Make sure you have internet connection.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes
Here's a list of ways you can avoid problems in the future:


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

That's it SonsOfBen, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#13 SonsOfBen

SonsOfBen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 24 May 2009 - 08:26 PM

My computer is running much better. Thanks for your help m0le! :thumbup2:

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:03 PM

Posted 24 May 2009 - 08:28 PM

You're welcome SonsOfBen :thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:03 PM

Posted 28 May 2009 - 03:17 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users