Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

having computer issues


  • This topic is locked This topic is locked
6 replies to this topic

#1 jtoppe2

jtoppe2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 08 December 2009 - 11:04 PM

ok, so i'm running windows xp on a dell inspiron 600m. i keep on getting pop-up windows. whenever i click on a link from a google search it brings me to a random website (i.e. allgive.com???). anyway, here is my hijackthis logfile. thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:21 PM, on 12/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 68.34.80.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: precisead - {4cef5c07-05d2-e99a-e54a-ed6152b8cd38} - C:\WINDOWS\system32\nsv12C.dll
O2 - BHO: precisead browser enhancer - {5CF1FE57-967C-324F-9C7C-35E96610A21E} - C:\WINDOWS\system32\tmplvfhxdiq.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ykwvqhneyhvqfe] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tmplvfhxdiq.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [agent.exe] C:\Documents and Settings\Owner\Application Data\CC\agent.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{69B5E09A-5954-458A-B400-93FC6EBA13CC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca31d4e57b5910) (gupdate1ca31d4e57b5910) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9662 bytes

Edited by Orange Blossom, 18 December 2009 - 11:00 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:56 AM

Posted 20 December 2009 - 08:01 PM

Hi,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
Thanks

unite.jpg


#3 jtoppe2

jtoppe2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 21 December 2009 - 02:39 PM

ok, thank you! i ran otl and halfway through the scan i got an error message that says, "invalid time flag! [md5start], must be numerical" and when i click "ok" the scan just freezes. what should i do here?

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:56 AM

Posted 21 December 2009 - 03:33 PM

Let's try running this scan instead.

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#5 jtoppe2

jtoppe2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 22 December 2009 - 08:27 PM

i actually got OTL to work fine. here is the otl log:

OTL logfile created on: 12/22/2009 4:57:22 PM - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 766 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 12.48 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFREY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\regsvr32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (gupdate1ca31d4e57b5910) Google Update Service (gupdate1ca31d4e57b5910) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090710.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090710.003\NAVENG.SYS (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (DigiNet) -- C:\WINDOWS\system32\drivers\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (DigiFilter) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (MBX2MIDK) -- C:\WINDOWS\system32\drivers\mbx2midk.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (MBX2DFU) -- C:\WINDOWS\system32\drivers\mbx2dfu.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (dalwdmservice) -- C:\WINDOWS\system32\drivers\Dalwdm.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (OZSCR) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1614895754-706699826-854245398-1003\S-1-5-21-1614895754-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-706699826-854245398-1003\S-1-5-21-1614895754-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1614895754-706699826-854245398-1003\S-1-5-21-1614895754-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 68.34.80.2:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://webmail.towson.edu/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 11:13:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 11:13:54 | 00,000,000 | ---D | M]

[2009/09/23 16:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/23 16:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/22 14:53:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h53sdh3f.default\extensions
[2009/05/27 22:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h53sdh3f.default\extensions\moveplayer@movenetworks.com
[2009/12/22 14:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/11 14:41:25 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_03050024.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (precisead) - {4cef5c07-05d2-e99a-e54a-ed6152b8cd38} - C:\WINDOWS\system32\nsv12C.dll ()
O2 - BHO: (precisead browser enhancer) - {5CF1FE57-967C-324F-9C7C-35E96610A21E} - C:\WINDOWS\system32\tmplvfhxdiq.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
O4 - HKLM..\Run: [ykwvqhneyhvqfe] C:\WINDOWS\System32\tmplvfhxdiq.dll ()
O4 - HKU\S-1-5-21-1614895754-706699826-854245398-1003..\Run: [agent.exe] C:\Documents and Settings\Owner\Application Data\CC\agent.exe ()
O4 - HKU\S-1-5-21-1614895754-706699826-854245398-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{69B5E09A-5954-458A-B400-93FC6EBA13CC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 108 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 108 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/12 17:41:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (52920800314916864)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/22 16:56:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/12 03:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\Shockwave.com
[2009/09/10 00:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/10 00:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/06 22:25:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/06 22:25:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/06 22:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/23 02:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2009/07/23 02:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2009/07/21 02:12:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/15 05:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2009/07/15 05:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/07/15 05:20:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Real
[2009/07/15 05:20:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/07/13 05:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2009/04/02 14:59:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Viewpoint
[2008/03/10 01:28:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2007/08/28 10:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/11/01 13:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2006/11/01 13:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/10/17 02:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[9 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[53 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/22 16:56:52 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/22 16:54:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/22 16:53:46 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/12/22 16:53:29 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/22 16:53:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/22 16:53:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/22 16:53:08 | 13,414,35904 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/22 16:32:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/22 14:56:49 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2m7xbv46.exe
[2009/12/19 22:47:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/18 21:51:20 | 00,048,283 | ---- | M] () -- C:\WINDOWS\System32\vuzxgmnyzvvavuzpb.exe
[2009/12/18 02:18:14 | 00,385,536 | ---- | M] () -- C:\WINDOWS\System32\tmplvfhxdiq.dll
[2009/12/17 15:54:46 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\FINAL EXAM - PHILOSOPHY.doc
[2009/12/17 14:36:36 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final phil paper LONG ONEEEE.doc
[2009/12/17 13:26:00 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final phil paper.doc
[2009/12/17 13:10:31 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\philosophy cheat sheet.doc
[2009/12/15 14:43:00 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\english lit final review.doc
[2009/12/15 02:58:47 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\english 2009 ryan's notes.doc
[2009/12/15 02:58:47 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$glish 2009 ryan's notes.doc
[2009/12/12 20:33:21 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\unit iii - philosophy.doc
[2009/12/12 20:33:17 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Philosophy Unit 2.doc
[2009/12/12 20:33:13 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\British Lit - UNIT II.doc
[2009/12/12 03:50:41 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Super Text Twist.lnk
[2009/12/12 01:34:53 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$glish lit final review.doc
[2009/12/12 01:34:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$glish Literature 2009.doc
[2009/12/11 03:00:07 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\philosophy final.doc
[2009/12/11 01:18:08 | 00,465,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/11 01:18:08 | 00,398,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/11 01:18:08 | 00,060,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/11 01:11:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/11 01:10:22 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/11 01:10:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/09 16:09:49 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Philosophy Notes Unit III.doc
[2009/12/09 16:08:16 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\exam 3 study guide.doc
[2009/12/09 15:39:53 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\philosophy review for final.doc
[2009/12/09 13:34:11 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final philosophy paper.doc
[2009/12/09 12:25:35 | 02,222,080 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Melina AR Notebook.doc
[2009/12/09 01:33:16 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$lina AR Notebook.doc
[2009/12/07 17:31:17 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\psyc interview_2-1.doc
[2009/12/07 17:31:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$yc interview_2-1.doc
[2009/12/07 11:33:20 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\psyc interview_2.doc
[2009/12/07 11:33:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$yc interview_2.doc
[2009/12/07 09:36:01 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final english paper.doc
[2009/12/07 03:45:47 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\psyc interview.doc
[2009/12/04 04:42:47 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\what mary doesn't know.doc
[2009/12/03 03:16:07 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\References 2009.doc
[2009/12/02 06:43:05 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Towson University bus form.doc
[2009/12/02 06:43:05 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$wson University bus form.doc
[2009/12/02 06:20:30 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thanksgiving.doc
[2009/12/02 06:20:30 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$anksgiving.doc
[2009/12/01 18:43:26 | 00,413,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\english 2009.ppt
[2009/12/01 18:08:06 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\English Literature 2009.doc
[2009/12/01 16:07:07 | 00,014,725 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\romtopics09.docx
[2009/12/01 15:55:53 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\first publication was letters to literary ladies in 1795.doc
[2009/12/01 14:21:13 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Social Event Notification Form.doc
[2009/11/30 20:30:29 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\psych 09 notes.doc
[2009/11/27 18:53:12 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Jeff Toppe.doc
[2009/11/27 18:32:10 | 00,011,075 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Duska.docx
[2009/11/23 17:36:26 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$ych 09 notes.doc
[2009/11/23 07:27:55 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Rhetoricccc.doc
[2009/11/23 07:13:05 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fetal alcohol syndrome references.doc
[2009/11/23 07:07:35 | 00,298,496 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fetal Alcohol Syndrome.doc
[2009/11/23 07:06:45 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final references list.doc
[2009/11/23 06:59:56 | 00,068,136 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/23 04:37:51 | 00,068,136 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[9 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[53 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/22 14:56:48 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2m7xbv46.exe
[2009/12/17 15:54:46 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\FINAL EXAM - PHILOSOPHY.doc
[2009/12/17 14:36:36 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final phil paper LONG ONEEEE.doc
[2009/12/17 13:25:59 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final phil paper.doc
[2009/12/17 13:10:30 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\philosophy cheat sheet.doc
[2009/12/15 02:58:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$glish 2009 ryan's notes.doc
[2009/12/15 02:58:46 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\english 2009 ryan's notes.doc
[2009/12/12 20:33:20 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\unit iii - philosophy.doc
[2009/12/12 20:33:16 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Philosophy Unit 2.doc
[2009/12/12 20:33:12 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\British Lit - UNIT II.doc
[2009/12/12 03:50:40 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Super Text Twist.lnk
[2009/12/12 01:34:53 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$glish lit final review.doc
[2009/12/12 01:34:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$glish Literature 2009.doc
[2009/12/11 16:36:54 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\english lit final review.doc
[2009/12/11 03:00:07 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\philosophy final.doc
[2009/12/09 15:50:53 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\exam 3 study guide.doc
[2009/12/09 15:39:53 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\philosophy review for final.doc
[2009/12/09 13:34:11 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final philosophy paper.doc
[2009/12/09 01:33:16 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$lina AR Notebook.doc
[2009/12/09 01:33:15 | 02,222,080 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Melina AR Notebook.doc
[2009/12/07 17:31:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$yc interview_2-1.doc
[2009/12/07 17:31:16 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\psyc interview_2-1.doc
[2009/12/07 11:33:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$yc interview_2.doc
[2009/12/07 11:33:19 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\psyc interview_2.doc
[2009/12/07 07:42:28 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final english paper.doc
[2009/12/07 02:07:25 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\psyc interview.doc
[2009/12/04 04:42:47 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\what mary doesn't know.doc
[2009/12/03 03:16:06 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\References 2009.doc
[2009/12/02 06:43:05 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Towson University bus form.doc
[2009/12/02 06:43:05 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$wson University bus form.doc
[2009/12/02 06:20:30 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thanksgiving.doc
[2009/12/02 06:20:30 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$anksgiving.doc
[2009/12/01 16:07:07 | 00,014,725 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\romtopics09.docx
[2009/12/01 15:55:53 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\first publication was letters to literary ladies in 1795.doc
[2009/12/01 15:55:44 | 00,413,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\english 2009.ppt
[2009/12/01 14:21:12 | 00,064,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Social Event Notification Form.doc
[2009/11/27 18:49:02 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Jeff Toppe.doc
[2009/11/27 18:32:09 | 00,011,075 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Duska.docx
[2009/11/23 17:36:26 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$ych 09 notes.doc
[2009/11/23 07:02:00 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final references list.doc
[2009/11/16 12:27:32 | 00,010,791 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009/07/02 07:41:38 | 01,333,760 | ---- | C] () -- C:\WINDOWS\System32\nsv12C.dll
[2009/05/05 03:04:10 | 00,385,536 | ---- | C] () -- C:\WINDOWS\System32\tmplvfhxdiq.dll
[2008/11/06 23:43:47 | 00,018,993 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gudysecixu._sy
[2008/11/06 23:43:47 | 00,018,349 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hyjiqaw.ban
[2008/11/06 23:43:47 | 00,018,052 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\arivu.scr
[2008/11/06 23:43:47 | 00,017,035 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihytahu.dl
[2008/11/06 23:43:47 | 00,013,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\johe.dl
[2008/11/06 23:27:40 | 00,014,811 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dokufej.dl
[2008/11/06 23:27:40 | 00,013,860 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\esoxepa.ban
[2008/11/06 23:27:40 | 00,011,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uwalemyvon.bin
[2008/04/29 00:42:43 | 00,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/24 09:59:11 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/11/24 09:58:50 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2007/09/26 15:56:18 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/22 19:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/04/17 01:09:30 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/18 23:36:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/02 01:45:04 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/02/02 01:45:03 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/02/02 01:45:03 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/15 00:23:51 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/29 10:01:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/10/15 23:05:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/25 14:59:13 | 00,000,463 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/09/25 14:58:38 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2006/09/25 14:58:31 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2006/07/24 15:12:09 | 00,000,205 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/17 02:01:44 | 00,117,760 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/16 02:31:42 | 00,006,133 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\.googlewebacchosts
[2006/07/15 22:00:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/14 14:48:46 | 00,105,765 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\com.kennettnet.PodUtil.plist
[2006/07/13 02:59:37 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/07/13 01:14:51 | 00,000,334 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/13 17:27:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbacnv4.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 10:28:14 | 00,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 17:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 17:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E502322
@Alternate Data Stream - 930 bytes -> C:\Program Files\Common Files\System:whb23857GmVTKIoQ67QV
@Alternate Data Stream - 927 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:tNE3NsbAOrfF72OmQkXmT3B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD79E1D8
@Alternate Data Stream - 1078 bytes -> C:\Documents and Settings\Owner\Cookies:u0tb63dOT5cjoxWwlt37
@Alternate Data Stream - 1037 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:TcXV8ZrVSLNjENrTy2u260Hu9G
@Alternate Data Stream - 1036 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:keroLGp8OOcw9K4erANOD
< End of report >

OTL logfile created on: 12/22/2009 4:57:22 PM - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 766 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 12.48 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFREY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\regsvr32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (gupdate1ca31d4e57b5910) Google Update Service (gupdate1ca31d4e57b5910) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090710.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090710.003\NAVENG.SYS (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (DigiNet) -- C:\WINDOWS\system32\drivers\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (DigiFilter) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (MBX2MIDK) -- C:\WINDOWS\system32\drivers\mbx2midk.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (MBX2DFU) -- C:\WINDOWS\system32\drivers\mbx2dfu.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (dalwdmservice) -- C:\WINDOWS\system32\drivers\Dalwdm.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (OZSCR) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1614895754-706699826-854245398-1003\S-1-5-21-1614895754-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-706699826-854245398-1003\S-1-5-21-1614895754-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1614895754-706699826-854245398-1003\S-1-5-21-1614895754-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 68.34.80.2:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://webmail.towson.edu/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 11:13:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 11:13:54 | 00,000,000 | ---D | M]

[2009/09/23 16:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/23 16:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/22 14:53:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h53sdh3f.default\extensions
[2009/05/27 22:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h53sdh3f.default\extensions\moveplayer@movenetworks.com
[2009/12/22 14:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/11 14:41:25 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_03050024.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (precisead) - {4cef5c07-05d2-e99a-e54a-ed6152b8cd38} - C:\WINDOWS\system32\nsv12C.dll ()
O2 - BHO: (precisead browser enhancer) - {5CF1FE57-967C-324F-9C7C-35E96610A21E} - C:\WINDOWS\system32\tmplvfhxdiq.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
O4 - HKLM..\Run: [ykwvqhneyhvqfe] C:\WINDOWS\System32\tmplvfhxdiq.dll ()
O4 - HKU\S-1-5-21-1614895754-706699826-854245398-1003..\Run: [agent.exe] C:\Documents and Settings\Owner\Application Data\CC\agent.exe ()
O4 - HKU\S-1-5-21-1614895754-706699826-854245398-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{69B5E09A-5954-458A-B400-93FC6EBA13CC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1614895754-706699826-854245398-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 108 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 108 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1614895754-706699826-854245398-1003\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/12 17:41:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (52920800314916864)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/22 16:56:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/12 03:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\Shockwave.com
[2009/09/10 00:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/10 00:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/06 22:25:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/06 22:25:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/06 22:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/23 02:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2009/07/23 02:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2009/07/21 02:12:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/15 05:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2009/07/15 05:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/07/15 05:20:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Real
[2009/07/15 05:20:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/07/13 05:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2009/04/02 14:59:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Viewpoint
[2008/03/10 01:28:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2007/08/28 10:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/11/01 13:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2006/11/01 13:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/10/17 02:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[9 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[53 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/22 16:56:52 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/22 16:54:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/22 16:53:46 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/12/22 16:53:29 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/22 16:53:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/22 16:53:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/22 16:53:08 | 13,414,35904 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/22 16:32:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/22 14:56:49 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2m7xbv46.exe
[2009/12/19 22:47:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/18 21:51:20 | 00,048,283 | ---- | M] () -- C:\WINDOWS\System32\vuzxgmnyzvvavuzpb.exe
[2009/12/18 02:18:14 | 00,385,536 | ---- | M] () -- C:\WINDOWS\System32\tmplvfhxdiq.dll
[2009/12/17 15:54:46 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\FINAL EXAM - PHILOSOPHY.doc
[2009/12/17 14:36:36 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final phil paper LONG ONEEEE.doc
[2009/12/17 13:26:00 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final phil paper.doc
[2009/12/17 13:10:31 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\philosophy cheat sheet.doc
[2009/12/15 14:43:00 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\english lit final review.doc
[2009/12/15 02:58:47 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\english 2009 ryan's notes.doc
[2009/12/15 02:58:47 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$glish 2009 ryan's notes.doc
[2009/12/12 20:33:21 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\unit iii - philosophy.doc
[2009/12/12 20:33:17 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Philosophy Unit 2.doc
[2009/12/12 20:33:13 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\British Lit - UNIT II.doc
[2009/12/12 03:50:41 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Super Text Twist.lnk
[2009/12/12 01:34:53 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$glish lit final review.doc
[2009/12/12 01:34:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$glish Literature 2009.doc
[2009/12/11 03:00:07 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\philosophy final.doc
[2009/12/11 01:18:08 | 00,465,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/11 01:18:08 | 00,398,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/11 01:18:08 | 00,060,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/11 01:11:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/11 01:10:22 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/11 01:10:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/09 16:09:49 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Philosophy Notes Unit III.doc
[2009/12/09 16:08:16 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\exam 3 study guide.doc
[2009/12/09 15:39:53 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\philosophy review for final.doc
[2009/12/09 13:34:11 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final philosophy paper.doc
[2009/12/09 12:25:35 | 02,222,080 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Melina AR Notebook.doc
[2009/12/09 01:33:16 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$lina AR Notebook.doc
[2009/12/07 17:31:17 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\psyc interview_2-1.doc
[2009/12/07 17:31:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$yc interview_2-1.doc
[2009/12/07 11:33:20 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\psyc interview_2.doc
[2009/12/07 11:33:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$yc interview_2.doc
[2009/12/07 09:36:01 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final english paper.doc
[2009/12/07 03:45:47 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\psyc interview.doc
[2009/12/04 04:42:47 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\what mary doesn't know.doc
[2009/12/03 03:16:07 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\References 2009.doc
[2009/12/02 06:43:05 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Towson University bus form.doc
[2009/12/02 06:43:05 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$wson University bus form.doc
[2009/12/02 06:20:30 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thanksgiving.doc
[2009/12/02 06:20:30 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$anksgiving.doc
[2009/12/01 18:43:26 | 00,413,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\english 2009.ppt
[2009/12/01 18:08:06 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\English Literature 2009.doc
[2009/12/01 16:07:07 | 00,014,725 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\romtopics09.docx
[2009/12/01 15:55:53 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\first publication was letters to literary ladies in 1795.doc
[2009/12/01 14:21:13 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Social Event Notification Form.doc
[2009/11/30 20:30:29 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\psych 09 notes.doc
[2009/11/27 18:53:12 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Jeff Toppe.doc
[2009/11/27 18:32:10 | 00,011,075 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Duska.docx
[2009/11/23 17:36:26 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$ych 09 notes.doc
[2009/11/23 07:27:55 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Rhetoricccc.doc
[2009/11/23 07:13:05 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fetal alcohol syndrome references.doc
[2009/11/23 07:07:35 | 00,298,496 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fetal Alcohol Syndrome.doc
[2009/11/23 07:06:45 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\final references list.doc
[2009/11/23 06:59:56 | 00,068,136 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/23 04:37:51 | 00,068,136 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[9 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[53 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/22 14:56:48 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2m7xbv46.exe
[2009/12/17 15:54:46 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\FINAL EXAM - PHILOSOPHY.doc
[2009/12/17 14:36:36 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final phil paper LONG ONEEEE.doc
[2009/12/17 13:25:59 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final phil paper.doc
[2009/12/17 13:10:30 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\philosophy cheat sheet.doc
[2009/12/15 02:58:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$glish 2009 ryan's notes.doc
[2009/12/15 02:58:46 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\english 2009 ryan's notes.doc
[2009/12/12 20:33:20 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\unit iii - philosophy.doc
[2009/12/12 20:33:16 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Philosophy Unit 2.doc
[2009/12/12 20:33:12 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\British Lit - UNIT II.doc
[2009/12/12 03:50:40 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Super Text Twist.lnk
[2009/12/12 01:34:53 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$glish lit final review.doc
[2009/12/12 01:34:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$glish Literature 2009.doc
[2009/12/11 16:36:54 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\english lit final review.doc
[2009/12/11 03:00:07 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\philosophy final.doc
[2009/12/09 15:50:53 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\exam 3 study guide.doc
[2009/12/09 15:39:53 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\philosophy review for final.doc
[2009/12/09 13:34:11 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final philosophy paper.doc
[2009/12/09 01:33:16 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$lina AR Notebook.doc
[2009/12/09 01:33:15 | 02,222,080 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Melina AR Notebook.doc
[2009/12/07 17:31:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$yc interview_2-1.doc
[2009/12/07 17:31:16 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\psyc interview_2-1.doc
[2009/12/07 11:33:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$yc interview_2.doc
[2009/12/07 11:33:19 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\psyc interview_2.doc
[2009/12/07 07:42:28 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final english paper.doc
[2009/12/07 02:07:25 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\psyc interview.doc
[2009/12/04 04:42:47 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\what mary doesn't know.doc
[2009/12/03 03:16:06 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\References 2009.doc
[2009/12/02 06:43:05 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Towson University bus form.doc
[2009/12/02 06:43:05 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$wson University bus form.doc
[2009/12/02 06:20:30 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thanksgiving.doc
[2009/12/02 06:20:30 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$anksgiving.doc
[2009/12/01 16:07:07 | 00,014,725 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\romtopics09.docx
[2009/12/01 15:55:53 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\first publication was letters to literary ladies in 1795.doc
[2009/12/01 15:55:44 | 00,413,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\english 2009.ppt
[2009/12/01 14:21:12 | 00,064,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Social Event Notification Form.doc
[2009/11/27 18:49:02 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Jeff Toppe.doc
[2009/11/27 18:32:09 | 00,011,075 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Duska.docx
[2009/11/23 17:36:26 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$ych 09 notes.doc
[2009/11/23 07:02:00 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\final references list.doc
[2009/11/16 12:27:32 | 00,010,791 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009/07/02 07:41:38 | 01,333,760 | ---- | C] () -- C:\WINDOWS\System32\nsv12C.dll
[2009/05/05 03:04:10 | 00,385,536 | ---- | C] () -- C:\WINDOWS\System32\tmplvfhxdiq.dll
[2008/11/06 23:43:47 | 00,018,993 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gudysecixu._sy
[2008/11/06 23:43:47 | 00,018,349 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hyjiqaw.ban
[2008/11/06 23:43:47 | 00,018,052 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\arivu.scr
[2008/11/06 23:43:47 | 00,017,035 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihytahu.dl
[2008/11/06 23:43:47 | 00,013,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\johe.dl
[2008/11/06 23:27:40 | 00,014,811 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dokufej.dl
[2008/11/06 23:27:40 | 00,013,860 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\esoxepa.ban
[2008/11/06 23:27:40 | 00,011,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uwalemyvon.bin
[2008/04/29 00:42:43 | 00,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/24 09:59:11 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/11/24 09:58:50 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2007/09/26 15:56:18 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/22 19:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/04/17 01:09:30 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/18 23:36:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/02 01:45:04 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/02/02 01:45:03 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/02/02 01:45:03 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/15 00:23:51 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/29 10:01:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/10/15 23:05:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/25 14:59:13 | 00,000,463 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/09/25 14:58:38 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2006/09/25 14:58:31 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2006/07/24 15:12:09 | 00,000,205 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/17 02:01:44 | 00,117,760 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/16 02:31:42 | 00,006,133 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\.googlewebacchosts
[2006/07/15 22:00:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/14 14:48:46 | 00,105,765 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\com.kennettnet.PodUtil.plist
[2006/07/13 02:59:37 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/07/13 01:14:51 | 00,000,334 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/13 17:27:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbacnv4.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 10:28:14 | 00,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 17:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 17:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E502322
@Alternate Data Stream - 930 bytes -> C:\Program Files\Common Files\System:whb23857GmVTKIoQ67QV
@Alternate Data Stream - 927 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:tNE3NsbAOrfF72OmQkXmT3B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD79E1D8
@Alternate Data Stream - 1078 bytes -> C:\Documents and Settings\Owner\Cookies:u0tb63dOT5cjoxWwlt37
@Alternate Data Stream - 1037 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:TcXV8ZrVSLNjENrTy2u260Hu9G
@Alternate Data Stream - 1036 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:keroLGp8OOcw9K4erANOD
< End of report >

Edited by jtoppe2, 22 December 2009 - 08:28 PM.


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:56 AM

Posted 22 December 2009 - 09:09 PM

Unfortunately your log shows you have a rootkit.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:56 AM

Posted 28 December 2009 - 12:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users