Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing “Protection System” - a rogue anti-spyware program?


  • This topic is locked This topic is locked
8 replies to this topic

#1 zzzimba

zzzimba

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 15 September 2009 - 05:46 PM

Hello all, I’m a newbie here. :flowers: Thanks in advance for any assistance which you may kindly offer.

This is an accurate description of my issue here: http://www.bleepingcomputer.com/virus-remo...protector#files

All of my attempts to launch “Malwarebytes” and “Spybot S&D” are immediately halted. This excerpt from the top of this article is where I seem to be stuck in trying to follow the prescribed remedy:
-----------------------------------
“Some installations of System Protector include a DLL that is loaded via the Winlogon Notify key. This DLL has a random name and is located in the C:\Windows\System32 folder. If this DLL is loaded it will make it so you cannot run numerous anti-malware programs on your computer. An example HijackThis entry for this type of DLL is:
O20 - Winlogon Notify: aeefaaeeafcbba - C:\WINDOWS\system32\aeefaaeeafcbba.dll
If you have problems starting anti-malware utilities or if they shut down automatically when you start them, then you may have this module installed. If this is the case you will need to delete this file before following the rest of the steps in this guide. For help removing and identifying this DLL, we suggest you ask about in the forums.”
-----------------------------------------
So, before posting any logs I thought I would first inquire if anyone might have dealt with this particular POS before and immediately know where this demon seed file might be located and how to go about performing a proper exorcism? I have tried over a dozen times to manually delete all traces of this rogue from within the program files and even the registry entries. I have on a few occasions managed successfully to suppress the annoying pop-ups temporarily but the “Protection System” program always manages to repopulate my computer again with all of its menacing files upon a reboot. I can run all other programs as usual but the computer absolutely refuses to permit the launching of any anti-malware programs.

If it becomes necessary for me to post some diagnostic logs, does it matter that I have, at the moment, removed all detectable traces of this invader even though it still has some hidden roots somewhere obviously, or would it be more helpful for me to reboot and get fully infected before creating a log?

HELP & a BIG THANKS! I’ll be on stand-by to stand-by, zzzimba :thumbsup:

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:38 AM

Posted 15 September 2009 - 06:43 PM

Welcome to BC


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
If it doesn't want to run, rename root repeal.exe to something like tatertot.scr

Edited by garmanma, 15 September 2009 - 06:45 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 zzzimba

zzzimba
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 16 September 2009 - 02:17 AM

Howdy from San Antonio Mark.. Love the shiny hat, I want one!

After about 10 attempts to download and execute the RootRepeal file I have been unsuccessful in launching the program as it always ends in a computer freeze. I downloaded "RootRepeal.exe and it froze. I downloaded the file, per your suggestion, as tatertot.scr and it would not attempt to execute upon clicking it.. so I renamed it to tatertot.exe and it attemped to launch and then the computer locked up again. I can find no way to execute this file. Malwarebytes and Spybot still refuses to launch. Prior to this incident my computer I have always kept in smooth running condition so I trust these anomolies must certainly be related to the recent malware infection.

The last hack effort I made prior to writing you was to delete all discoverable traces of related files. I lastley went into C:\WINDOWS\system32 and found a "Protection System" file that I had not uncovered before and I deleted it with "Killbox". As I write this I have not had any nag pop up screens since initiating our chats earlier this evening but everything about my entire box seems very unstable.. from not being able to launch any malware utilities, including recently "RootRepeal". I know the devil spawn is still lurking in their somewhere.. and I may have inadvertantly deleted something unfavorable in the process of manually deleting a few things, or perhaps the malware had established some connections that are now gaps in the OS now that parts of it are missing? I did not indiscriminately delete a bunch of files, only if they were clearly identified with the "Protection System" Malware. I'm not that brave/stupid as to delete the unobvious.. Whats next Mr. Wizard, please advise. I'm flustered and must rest now, can't go on.... loooooong day.

Thanks again for helpin!

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:38 AM

Posted 16 September 2009 - 03:43 PM

See if you can run this
You might have to rename this also


1. Download Win32kDiag from any of the following locations and save it to your Desktop

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 zzzimba

zzzimba
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 16 September 2009 - 09:30 PM

I ran “Win32kDiag.exe” once in original name/file form, I then ran it twice with a slightly modified name when saving the file before executing, and then I ran it thrice and upon saving it as “WTF.exe”, well all I got on all three .txt saving accounts was the same resulting message, which is as follows:

Running from: C:\Documents and Settings\Administrator\Desktop\WTF.exe Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!

Thanks for your saintly patience. Your humble servant is on stand-by again, zzzzzzzzimba

PS - I seemingly have temporarily use of my puter and no nag screens are currently popping up, but this otherwise once very healthy and beloved patient definitely has some recent issues with nutritional & anti-viral medication uptake.

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:38 AM

Posted 17 September 2009 - 06:21 PM

Let's try this one


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 zzzimba

zzzimba
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 19 September 2009 - 02:09 PM

Mark, sorry for the delay. I didn't recieve a email alert as to your reply so I just logged in now to type you a note and check in. The computer is hobbling along but sure is wonky.. Here are the reports you requested. Hope it helps, Shawn



OTL logfile created on: 9/19/2009 1:55:36 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.29 Mb Total Physical Memory | 232.24 Mb Available Physical Memory | 45.42% Memory free
1.27 Gb Paging File | 0.21 Gb Available in Paging File | 16.26% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 10.48 Gb Free Space | 4.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIGITALDREAM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/04/12 10:30:24 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/04/12 10:30:10 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/08/07 15:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2008/05/12 14:44:44 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:18 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2006/06/16 08:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2005/09/09 18:09:28 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/08/14 05:08:59 | 00,181,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/02/12 17:52:26 | 00,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2003/02/11 21:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2003/05/23 03:55:38 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hphmon05.exe
PRC - [2008/04/13 18:12:19 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2004/09/07 13:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2006/04/12 10:30:06 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2004/10/28 08:29:48 | 00,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2007/04/09 10:49:30 | 00,667,648 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2004/10/21 12:28:40 | 00,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
PRC - [2006/01/25 16:14:44 | 01,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/02/12 17:52:44 | 00,161,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
PRC - [2009/03/24 19:09:36 | 00,169,296 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
PRC - [2009/07/01 20:17:18 | 05,110,568 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/07/13 14:02:56 | 14,074,656 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2008/04/13 18:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/19 13:30:55 | 00,387,288 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe
PRC - [2009/03/31 21:23:06 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/03/31 21:23:38 | 00,995,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/03/31 21:23:34 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/03/31 21:23:22 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/03/03 02:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/03/24 19:09:34 | 00,275,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
PRC - [2006/05/16 23:15:10 | 00,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2009/09/19 13:53:55 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (ANIWZCSdService [Auto | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/04/12 10:30:10 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004/12/13 14:30:08 | 00,079,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2006/04/12 10:30:24 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/13 18:12:18 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/06/16 08:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005/09/09 18:09:10 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity [Disabled | Stopped])
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/03/21 22:12:34 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/09/09 18:09:28 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/14 05:08:59 | 00,181,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe -- (Security Activity Dashboard Service [Auto | Running])
SRV - [2009/03/31 21:23:06 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
SRV - [2006/08/07 15:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
SRV - [2008/07/15 17:38:32 | 00,394,608 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2008/05/12 14:44:44 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2009/03/03 02:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
SRV - [2009/03/31 21:23:34 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [Auto | Running])
SRV - [2009/03/31 21:23:22 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/06/18 16:34:11 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2004/10/07 19:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2003/12/11 22:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
DRV - [2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2004/08/25 13:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/04/06 17:44:04 | 00,160,000 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\cx88vid.sys -- (CX23880 [Auto | Running])
DRV - [2004/04/06 17:44:00 | 00,295,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\cx88enc.sys -- (CX88ENC [Auto | Running])
DRV - [2004/04/06 17:43:58 | 00,009,344 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\cxavxbar.sys -- (CXAVXBAR [On_Demand | Running])
DRV - [2004/04/06 17:44:02 | 00,030,720 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\CX88TUNE.sys -- (CXTUNE [Auto | Running])
DRV - [2006/11/30 03:00:00 | 00,387,384 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2006/06/16 08:38:54 | 00,003,968 | ---- | M] () -- C:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver [System | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/08/04 07:15:04 | 00,091,419 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2008/04/13 12:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Running])
DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2004/10/21 12:31:06 | 00,054,851 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])
DRV - [2004/10/21 12:30:38 | 00,024,671 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
DRV - [2004/10/21 12:31:14 | 00,038,691 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])
DRV - [2004/10/21 12:30:56 | 00,071,535 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2003/03/31 22:29:42 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2004/05/08 22:29:45 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - File not found -- -- (neokdss [On_Demand | Running])
DRV - [2003/06/17 03:39:00 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2001/06/04 15:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2003/07/30 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/07/26 17:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/12/21 19:25:20 | 00,429,440 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Stopped])
DRV - [2002/10/04 18:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2008/09/12 11:37:40 | 00,443,776 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\RTL8192u.sys -- (RTL8192u [On_Demand | Running])
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2003/08/09 10:49:44 | 00,029,436 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys -- (Sunkfiltp [On_Demand | Running])
DRV - [2008/06/02 16:03:01 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2006/06/09 12:55:56 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2005/09/09 18:09:20 | 00,144,832 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap [Boot | Running])
DRV - [2009/04/02 17:08:54 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
DRV - [2009/03/03 03:08:15 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\TM_CFW.sys -- (tmcfw [On_Demand | Running])
DRV - [2009/04/02 17:08:48 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2009/04/02 17:08:52 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
DRV - [2009/05/22 02:00:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\tmpreflt.sys -- (tmpreflt [Auto | Running])
DRV - [2009/03/03 17:12:44 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2009/05/22 02:02:26 | 00,225,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\tmxpflt.sys -- (tmxpflt [Auto | Running])
DRV - [2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 12:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2005/09/09 18:09:20 | 00,056,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount [System | Running])
DRV - [2003/12/15 18:22:00 | 00,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) -- C:\WINDOWS\System32\DRIVERS\VNUSB.sys -- (VNUSB [On_Demand | Stopped])
DRV - [2009/05/22 01:45:58 | 01,220,120 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\vsapint.sys -- (vsapint [Auto | Running])
DRV - [2003/08/04 07:16:08 | 00,120,094 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/08/04 07:16:00 | 00,096,858 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
IE - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
IE - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
IE - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-309639496-672353158-2203868833-500\S-1-5-21-309639496-672353158-2203868833-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-309639496-672353158-2203868833-500\S-1-5-21-309639496-672353158-2203868833-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.weather.com/outlook/homeandgarden/garden/local/78232?lswe=78232&lwsa=WeatherLocalHomeAndGarden"

FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2009/04/16 12:30:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 19:00:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2009/08/06 16:01:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2009/08/06 20:51:46 | 00,000,000 | ---D | M]

[2006/08/28 13:01:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z9g7v3yj.default\extensions
[2007/12/16 18:52:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/06/17 13:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/17 13:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2007/06/17 13:10:14 | 00,061,038 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/06/17 13:10:14 | 00,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/06/17 13:10:15 | 00,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/01 15:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/05/12 12:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 16:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/06/17 13:10:20 | 00,017,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2004/12/14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/06 16:01:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/06 16:01:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/06 16:01:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/06 16:01:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/06 16:01:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/06 16:01:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/06 16:01:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/01 15:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2007/06/17 13:10:24 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2007/06/17 13:10:24 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2007/06/17 13:10:24 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2007/06/17 13:10:24 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2007/06/17 13:10:24 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2007/06/17 13:10:24 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2007/06/17 13:10:24 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2007/06/17 13:10:24 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2007/06/17 13:10:24 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2007/06/17 13:10:24 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2007/06/17 13:10:24 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2007/06/17 13:10:24 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-309639496-672353158-2203868833-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-309639496-672353158-2203868833-500\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-309639496-672353158-2203868833-500\..\Toolbar\WebBrowser: (no name) - {052B12F7-86FA-4921-8482-26C42316B522} - No CLSID value found.
O3 - HKU\S-1-5-21-309639496-672353158-2203868833-500\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-309639496-672353158-2203868833-500\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKU\S-1-5-21-309639496-672353158-2203868833-500\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-309639496-672353158-2203868833-500\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [e] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e.exe File not found
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-309639496-672353158-2203868833-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-309639496-672353158-2203868833-500..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-309639496-672353158-2203868833-500..\RunServicesOnce: [washindex] C:\Program Files\Webroot Windows Washer\washer\washidx.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\PC HELP & TOOLS\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-309639496-672353158-2203868833-500\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1157228176890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.webshots.com/html/WSPhotoUploader.CAB (Webshots Photo Uploader)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe [FILE handle not seen by OS]
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/15 19:31:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{04960a19-477a-11da-8949-806d6172696f}\Shell\AutoRun\command - "" = G:\Info.exe -- File not found
O33 - MountPoints2\{222c9123-fa36-11da-a9b3-000ea61bbc99}\Shell\AutoRun\command - "" = D:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{9dd9723e-60ed-11d8-b371-806d6172696f}\Shell\AutoRun\command - "" = H:\Info.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/19 13:53:55 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/19 13:42:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Police Pro
[2009/09/14 01:22:53 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wingenocx.dll
[2009/09/09 16:59:27 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/08/28 15:33:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/08/14 20:39:44 | 00,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2009/08/13 22:45:36 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2008/05/12 14:45:54 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/11/05 22:41:29 | 00,000,029 | ---- | C] () -- C:\WINDOWS\TSMLite.INI
[2006/02/11 03:18:12 | 00,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2006/02/02 10:12:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/12/04 21:49:58 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/08/25 14:22:08 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2004/02/27 01:25:00 | 00,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/11 10:38:46 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2004/02/10 22:48:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/10 19:31:32 | 00,071,512 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/11/12 03:54:00 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/26 20:22:43 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/15 23:30:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/08/15 23:29:47 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/08/15 23:29:47 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/08/15 23:22:46 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/15 23:14:14 | 00,025,449 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/15 23:13:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/15 23:13:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/15 22:24:16 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/15 22:15:27 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/08/15 21:39:52 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/15 21:39:52 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/15 21:39:32 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/15 19:36:19 | 00,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/15 19:17:54 | 00,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/15 19:17:16 | 00,000,685 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/08/15 19:17:12 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/06/23 19:27:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/24 09:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 09:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2000/04/14 16:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/01/22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/11 14:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/09/19 13:53:55 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/19 13:30:56 | 00,192,512 | ---- | M] (??????) -- C:\WINDOWS\System32\kdfvmgr.exe
[2009/09/19 13:30:56 | 00,077,824 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kdfapi.dll
[2009/09/19 13:30:56 | 00,053,248 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\Kdfhok.dll
[2009/09/19 13:30:55 | 00,387,288 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe
[2009/09/19 03:04:05 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/18 20:38:18 | 00,117,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/18 10:23:28 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/09/18 09:01:13 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2009/09/17 19:13:20 | 00,001,465 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/09/17 19:11:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/17 19:08:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/16 00:55:52 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/15 10:25:41 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wingenocx.dll
[2009/09/13 02:04:37 | 00,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{4D6D7DB6-2BD2-491F-B42D-CD5DF9AC2772}
[2009/09/13 01:49:09 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/24 02:33:20 | 00,475,872 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfinj.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\alcrmv.exe:SummaryInformation
< End of report >

-------------------------------

OTL Extras logfile created on: 9/19/2009 1:55:36 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.29 Mb Total Physical Memory | 232.24 Mb Available Physical Memory | 45.42% Memory free
1.27 Gb Paging File | 0.21 Gb Available in Paging File | 16.26% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 10.48 Gb Free Space | 4.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIGITALDREAM
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-309639496-672353158-2203868833-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.scr [@ = DWGTrueViewScriptFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe" = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe:*:Enabled:Musicmatch® Music Server -- (MUSICMATCH, Inc.)
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903 -- ()
"C:\Program Files\mobile PhoneTools\mPhonetools.exe" = C:\Program Files\mobile PhoneTools\mPhonetools.exe:*:Enabled:Mobile Phone Software -- File not found
"C:\Quake2\quake2.exe" = C:\Quake2\quake2.exe:*:Enabled:quake2 -- ()
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2219B71E-F823-4B58-870B-C239B0076DF9}" = Turbo Lister
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{3207208B-A2E1-4326-95E8-6642443B1DD2}" = MUSICMATCH Media Center
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security Pro
"{42948B02-7191-40CF-92AA-4E330869B28B}" = HPIZ Fix2
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7AA86B66-4232-4CCA-9530-51B991301376}" = D-Link Wireless N DWA-130
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90AD8C11-ED4A-4AE7-BB70-7740C452C999}" = Visual J# .NET Redistributable Package
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}" = InterVideo DVDCopy 2
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo XPack (Combo)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9266252-00CB-4140-B740-DE88FC0F7609}" = hpmdtab
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1205500-2179-11D7-B0B9-0000E24D4B29}" = Digital Camera
"{C27E6CEF-F515-400F-823F-9141D56C0A2F}" = PrintMe Driver for Windows
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD28F8FE-CC0B-47BD-A833-CBBC19D6A8E2}" = DVDCopy
"{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{F25B14A1-3863-41B6-9F8A-931DECA6D384}" = D-Link Wireless N DWA-130
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"3D World Map" = 3D World Map 2.1
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Allofmp3 Explorer" = Allofmp3 Explorer
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BackWeb-137903 Uninstaller" = Updates from HP
"CCleaner" = CCleaner (remove only)
"CopyPod" = CopyPod (remove only)
"CopyPod Suite" = CopyPod Suite (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.1.6
"ewidoantispyware4" = ewido anti-spyware 4.0
"exPressit S.E. 2.2" = exPressit S.E. 2.2
"HijackThis" = HijackThis 1.99.1
"Hoyle Casino 4" = Hoyle Casino 4
"HP Instant Support" = HP Instant Support
"HPOCR" = OCR Software by I.R.I.S 7.0
"HPTOOLKIT" = toolkit
"iArt_is1" = iArt 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{2219B71E-F823-4B58-870B-C239B0076DF9}" = Turbo Lister
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"InstallShield_{C27E6CEF-F515-400F-823F-9141D56C0A2F}" = PrintMe Driver for Windows
"InstallShield_{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader
"InterActual Player" = InterActual Player
"LiveReg" = LiveReg (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# .NET Redistributable Package(ENU) v1.0.4205" = Microsoft Visual J# .NET Redistributable Package(ENU) v1.0.4205
"Mozilla Firefox (1.5.0.12)" = Mozilla Firefox (1.5.0.12)
"MSN Music Assistant" = MSN Music Assistant
"MSPUB5" = Microsoft Publisher 98
"MUSICMATCH Radio" = MUSICMATCH® MX Web Player
"NEC LCD Setup software utility" = NEC LCD Setup software utility
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROR" = Microsoft Office Professional 2007
"Protection System" = Protection System
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Quake2UninstallKey" = Quake II
"QuickLink Mobile Phonebook" = QuickLink Mobile Phonebook
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Webshots Desktop" = Webshots Desktop
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2009 4:23:18 PM | Computer Name = DIGITALDREAM | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 10.0.0.3802, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9/12/2009 2:40:42 PM | Computer Name = DIGITALDREAM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10003973.

Error - 9/12/2009 11:10:39 PM | Computer Name = DIGITALDREAM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10003973.

Error - 9/13/2009 3:01:58 AM | Computer Name = DIGITALDREAM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module tstoolbar.dll, version 1.2.0.1073, fault address 0x00006675.

Error - 9/13/2009 3:41:43 AM | Computer Name = DIGITALDREAM | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 1. The machine must now be restarted.

Error - 9/17/2009 7:07:54 PM | Computer Name = DIGITALDREAM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module vproshellext.dll, version 10.0.0.8400, fault address 0x0000423a.

Error - 9/17/2009 7:08:08 PM | Computer Name = DIGITALDREAM | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 9/17/2009 7:09:16 PM | Computer Name = DIGITALDREAM | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2009 7:10:01 PM | Computer Name = DIGITALDREAM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module vproshellext.dll, version 10.0.0.8400, fault address 0x0000423a.

Error - 9/17/2009 7:10:23 PM | Computer Name = DIGITALDREAM | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 2/1/2008 3:16:15 PM | Computer Name = DIGITALDREAM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/13/2008 2:39:41 AM | Computer Name = DIGITALDREAM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/13/2008 2:40:18 AM | Computer Name = DIGITALDREAM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/15/2009 9:24:24 PM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2

Error - 9/15/2009 9:55:38 PM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2

Error - 9/16/2009 1:09:02 AM | Computer Name = DIGITALDREAM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.101 for the Network Card with network
address 0022B0ED1DF4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/16/2009 1:13:40 AM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2

Error - 9/16/2009 3:08:09 AM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2

Error - 9/16/2009 3:46:11 AM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2

Error - 9/17/2009 2:24:24 AM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2

Error - 9/17/2009 12:43:52 PM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2

Error - 9/17/2009 4:08:00 PM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2

Error - 9/17/2009 9:12:52 PM | Computer Name = DIGITALDREAM | Source = Service Control Manager | ID = 7000
Description = The ANIO Service service failed to start due to the following error:
%%2


< End of report >

#8 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:38 AM

Posted 19 September 2009 - 06:59 PM

Now that you were able to produce a log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:38 AM

Posted 20 September 2009 - 10:22 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/258949/interpret-ot-log-results/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users