Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not 100% Sure. Possible Multiple Infections


  • This topic is locked This topic is locked
41 replies to this topic

#1 Merger

Merger

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 23 February 2010 - 08:02 PM

First off I would like to say thank you for taking time and reading this, and helping me out. Here is a couple Examples of a some problems. 1.) Can't update Spyware and Virus Protection databases. 2.) Sometimes I can't boot into Windows. Will get into Windows and Nothing but background pic. 3.) Not sure if this is Driver Issue or something else but, the DVD Rom Drive will open and Close by itself after the computer has been in use for a little bit. Also to note once it starts doing that it wont stop till you shut off comp or Disable the Drive itself. 4.) The computer will load up with only 29 Processes. Once on for 10 min it will be up to 50-60. There is more but I will post the log files and see if you see something. Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:50 PM

Posted 26 February 2010 - 12:57 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Merger

Merger
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 26 February 2010 - 08:48 PM

Thank you for responding. Well I am not currently on the computer I am working on at this moment so I can't get the Scan logs in right away. I did perform a few things that helped it out a lot. First off I Uninstalled the Nortan Anti Virus. Something was going on with the Symantec Live Update, was slowing down the computer. I am now Currently under 2 Problems, I uninstalled the Nortan Anti Virus but now I can't Uninstalled the Liveupdate Symantec from my add/remove. Another problem I am now having is I can't Minimize stuff into my taskbar.

Running faster now and Able to fully log into windows without Problems, but having the Issue with the Taskbar. Anyways I will get on that Computer as Soon as I can and get you those log files.

Ohh also to note. After completing a 6 Hour long scan on the computer with Clamwin I came up with a List of 8 Entries. Couldn't save the log because it would Vanish when I move my mouse around. Here are the Entries I remember.

Adaware BBuddy there was 2 hits for that,
/media/disk/Program Files/Microsoft Office/Office12/EXCEL.EXE: W32.Virut.Gen.D-163 FOUND- There was like 4 entries All pertaining to Office Excel, Word, Powerpoint Etc... Etc...
Then there was 2 other ones I can't remember that had to do with Another Program and W32.Virut.Gen.D-163 FOUND. Did some research and found that these where a Very Low Threat Level and just had to do with Clamwin, so Didn't do anything with those.

Anyways will get those logs to you ASAP. Thank you again.

#4 Merger

Merger
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 26 February 2010 - 09:59 PM

Here are the logs.


OTL logfile created on: 2/26/2010 6:18:18 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Elizabeth Garcia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 29.43 Gb Free Space | 52.67% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBBIE
Current User Name: Elizabeth Garcia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/26 18:17:22 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth Garcia\Desktop\OTL.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/04/01 22:07:38 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/14 17:56:48 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/05/16 07:58:18 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\dldwcoms.exe
PRC - [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/02 20:12:50 | 000,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/10/19 20:46:08 | 000,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/19 20:46:08 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 20:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/04/23 04:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/04/11 15:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2006/05/03 09:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe


========== Modules (SafeList) ==========

MOD - [2010/02/26 18:17:22 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth Garcia\Desktop\OTL.exe
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 11:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2007/04/23 04:00:00 | 000,045,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/16 07:58:22 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/05/16 07:58:18 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldwcoms.exe -- (dldw_device)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/06 21:16:54 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/03 11:57:00 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/05/03 09:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/02/20 18:36:22 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/16 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/03/20 08:25:02 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/12/16 15:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008/04/17 13:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum) Hercules ®
DRV - [2007/12/03 06:18:28 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/11/13 02:25:54 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/30 02:25:56 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2007/10/30 02:25:54 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2007/10/30 02:25:54 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2007/09/02 17:09:58 | 000,627,840 | R--- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Envy24HF.sys -- (Envy24HFS)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/08/17 12:12:02 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\D100IB5.SYS -- (D100IB)
DRV - [2001/04/12 07:30:32 | 000,520,256 | R--- | M] (Hercules ®) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cwcwdm.sys -- (cwcwdm) Crystal SoundFusion™
DRV - [2001/04/12 07:30:30 | 000,137,184 | R--- | M] (Hercules ®) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cwcspud.sys -- (cwcspud) Crystal SoundFusion™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-343818398-484763869-1060284298-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-343818398-484763869-1060284298-1004\S-1-5-21-343818398-484763869-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-484763869-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-21-343818398-484763869-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-484763869-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKU\S-1-5-21-343818398-484763869-1060284298-500\S-1-5-21-343818398-484763869-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/03/12 23:57:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/03/12 23:57:24 | 000,000,000 | ---D | M]

[2009/03/12 23:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth Garcia\Application Data\Mozilla\Extensions
[2009/03/12 23:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth Garcia\Application Data\Mozilla\Firefox\Profiles\4t5df4c8.default\extensions
[2009/03/12 23:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O3 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-343818398-484763869-1060284298-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Calendar Creator Scheduler.lnk = C:\Program Files\SoftKey\Calendar Creator 4.0\Ccsched.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mobipocket Web Companion.lnk = C:\Program Files\MobiPocket.com\webcomp.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Sony Handheld\Hotsync.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Elizabeth Garcia\Start Menu\Programs\Startup\Widgets.LNK = C:\Program Files\Starware\Products\Widgets\bin\Widgets.exe File not found
O4 - Startup: C:\Documents and Settings\Elizabeth Garcia\Start Menu\Programs\Startup\Palm Registration.lnk = C:\Program Files\Sony Handheld\register.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\PE_C_ALL USERS\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\PE_C_ALL USERS\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-343818398-484763869-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-484763869-1060284298-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-343818398-484763869-1060284298-500\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.charter.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} http://www9.advnt01.com/dialer/win98_P.CAB (Reg Error: Key error.)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} http://forms.real.com/real/player/download...ne_Inst_Win.cab (Reg Error: Key error.)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} http://www.webshots.com/samplers/WSDownloader.ocx (WSDownloader Control)
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab (Medi@Show Control)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1237073556295 (MUWebControl Class)
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} http://69.56.176.78/webplugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7893.8067476852 (Reg Error: Key error.)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} http://dgl.microsoft.com/downloads/outc.cab (Microsoft Office Tools on the Web Control)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredimail.com/contents/setup...p1/imloader.cab (IncrediMail)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso4.cab (Reg Error: Key error.)
O16 - DPF: Win32 Classes Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: Yahoo! Chat http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM\Userinit.exe) - C:\WINDOWS\SYSTEM\Userinit.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://www.lordoftherings.net/media/deskto...legolas_800.jpg
O24 - Desktop Components:1 () - http://www.lordoftherings.net/media/deskto...itfeast_800.jpg
O24 - Desktop Components:10 () - http://ctong2.photosite.com/~photos/tn/752...23933352562.jpg
O24 - Desktop Components:11 () - http://groups.msn.com/_Secure/0YACVAmcfUD0...534128656568490
O24 - Desktop Components:12 () - http://www.lordoftherings.net/media/deskto...vendell_800.jpg
O24 - Desktop Components:13 () - http://www.pspgamezone.com/main2_img01.gif
O24 - Desktop Components:14 () - http://groups.msn.com/_Secure/0TQBkALkXRam...534128292832482
O24 - Desktop Components:15 () - http://www.gerardbutler.moonfruit.com/down...ss02_071103.jpg
O24 - Desktop Components:16 () - http://ctong2.photosite.com/~photos/tn/697...21429340718.jpg
O24 - Desktop Components:17 (My Current Home Page) - About:Home
O24 - Desktop Components:2 () - http://www.lordoftherings.net/legend/downl...cters_arwen.gif
O24 - Desktop Components:3 () - http://www.lordoftherings.net/legend/downl...cters_eomer.gif
O24 - Desktop Components:4 () - http://www.lordoftherings.net/legend/downl...ers_legolas.gif
O24 - Desktop Components:5 () - http://www.lordoftherings.net/legend/downl...cters_eowyn.gif
O24 - Desktop Components:6 () - http://www.lordoftherings.net/media/deskto...gandalf_800.jpg
O24 - Desktop Components:7 () - http://www.lordoftherings.net/media/deskto...faramir_800.jpg
O24 - Desktop Components:8 () - http://www.lordoftherings.net/media/deskto...um_fish_800.jpg
O24 - Desktop Components:9 () - http://www.lordoftherings.net/media/deskto...hlorien_800.jpg
O24 - Desktop WallPaper: C:\Documents and Settings\Elizabeth Garcia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elizabeth Garcia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/07 22:23:40 | 000,000,002 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2005/04/03 12:08:04 | 000,000,049 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{315ab360-ba6a-11dc-a4e8-0003470a49a5}\Shell - "" = AutoRun
O33 - MountPoints2\{315ab360-ba6a-11dc-a4e8-0003470a49a5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{315ab360-ba6a-11dc-a4e8-0003470a49a5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bfcecf40-2c2e-11de-a669-0003470a49a5}\Shell - "" = AutoRun
O33 - MountPoints2\{bfcecf40-2c2e-11de-a669-0003470a49a5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfcecf40-2c2e-11de-a669-0003470a49a5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ecca5e60-ee33-11db-a4d1-0003470a49a5}\Shell - "" = AutoRun
O33 - MountPoints2\{ecca5e60-ee33-11db-a4d1-0003470a49a5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ecca5e60-ee33-11db-a4d1-0003470a49a5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 18:17:24 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth Garcia\Desktop\OTL.exe
[2010/02/22 11:22:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/22 11:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/22 11:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/22 11:19:34 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/22 11:19:34 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/02/22 11:19:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/22 11:19:33 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/22 11:19:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/02/22 11:19:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/22 11:19:31 | 000,000,000 | ---D | C] -- C:\664318e29b93916baf6d3e32f9efb3
[2010/02/20 19:48:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU
[2010/02/20 19:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU
[2010/02/20 18:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/20 11:08:48 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/20 11:06:28 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/20 11:06:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/20 10:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Garcia\Application Data\.clamwin
[2010/02/20 10:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2010/02/20 10:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Garcia\.clamwin
[2010/02/20 09:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/20 09:51:19 | 032,706,818 | ---- | C] (alch ) -- C:\Documents and Settings\Elizabeth Garcia\Desktop\clamwin-0.95.3-setup.exe
[2010/02/20 09:51:07 | 077,086,488 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Elizabeth Garcia\Desktop\Ad-AwareInstallation.exe
[2010/02/20 09:50:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elizabeth Garcia\Desktop\HJTInstall.exe
[2010/02/20 09:50:40 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Elizabeth Garcia\Desktop\spybotsd162.exe
[2010/02/19 21:42:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Elizabeth Garcia\IECompatCache
[2010/02/17 18:48:14 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2009/05/31 17:06:21 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwusb1.dll
[2009/05/31 17:06:21 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDWhcp.dll
[2009/05/31 17:06:21 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwinpa.dll
[2009/05/31 17:06:21 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwiesc.dll
[2009/05/31 17:06:20 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwserv.dll
[2009/05/31 17:06:20 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwpmui.dll
[2009/05/31 17:06:19 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwlmpm.dll
[2009/05/31 17:06:18 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwhbn3.dll
[2009/05/31 17:06:17 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomc.dll
[2009/05/31 17:06:17 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomm.dll
[2009/03/15 13:03:38 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2005/10/15 14:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/05/27 21:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/05/27 21:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/05/27 21:26:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/27 21:26:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003/05/22 19:42:50 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/26 18:20:02 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/02/26 18:17:22 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth Garcia\Desktop\OTL.exe
[2010/02/26 17:57:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 17:57:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 17:56:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 17:56:56 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 17:55:36 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Elizabeth Garcia\NTUSER.DAT
[2010/02/26 17:55:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Elizabeth Garcia\ntuser.ini
[2010/02/26 16:00:02 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{C85C895F-1BD8-4D12-883A-8C7E0E3BFA07}_LIZ_Elizabeth Garcia.job
[2010/02/26 16:00:02 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{08BE2BF9-5DC1-4111-BBC9-E353154E6F99}_LIZ_Elizabeth Garcia.job
[2010/02/26 12:31:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/26 09:00:04 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{A53E99C9-7D7A-40E1-9786-00043B0BC5F7}_LIZ_Elizabeth Garcia.job
[2010/02/26 06:31:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/26 00:31:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/25 18:31:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/25 17:48:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/24 03:13:52 | 000,550,384 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/24 03:13:52 | 000,476,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/24 03:13:52 | 000,083,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/24 03:05:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 16:27:20 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\gmer.zip
[2010/02/23 16:25:00 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\dds.scr
[2010/02/22 21:36:46 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/21 22:55:34 | 000,286,858 | ---- | M] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\backup.reg
[2010/02/21 11:19:10 | 000,086,008 | ---- | M] () -- C:\Documents and Settings\Elizabeth Garcia\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 00:30:42 | 003,211,998 | -H-- | M] () -- C:\Documents and Settings\Elizabeth Garcia\Local Settings\Application Data\IconCache.db
[2010/02/20 20:05:42 | 000,000,422 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/02/20 19:56:52 | 000,001,795 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/20 10:22:24 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\ClamWin Antivirus.lnk
[2010/02/20 10:17:10 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\Spybot - Search & Destroy.lnk
[2010/02/20 09:51:42 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\HijackThis.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/23 16:27:21 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\gmer.zip
[2010/02/23 16:24:59 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\dds.scr
[2010/02/21 22:55:31 | 000,286,858 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\backup.reg
[2010/02/21 00:26:44 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/20 18:32:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/20 18:32:21 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/20 18:32:19 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/20 18:32:17 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/20 18:32:15 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/20 10:22:23 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\ClamWin Antivirus.lnk
[2010/02/20 10:17:09 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\Spybot - Search & Destroy.lnk
[2010/02/20 09:51:41 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Desktop\HijackThis.lnk
[2009/05/31 17:15:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldwvs.dll
[2009/05/31 17:15:29 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldwcoin.dll
[2009/05/31 17:13:04 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\dldwdrs.dll
[2009/05/31 17:13:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldwcaps.dll
[2009/05/31 17:13:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldwcnv4.dll
[2009/05/31 17:10:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDWPMON.DLL
[2009/05/31 17:10:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDWFXPU.DLL
[2009/05/31 17:10:15 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dldwoem.dll
[2009/05/31 17:07:36 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.dll
[2009/05/31 17:06:22 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\DLDWinst.dll
[2009/05/31 17:06:21 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldwutil.dll
[2009/05/31 17:06:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldwinsb.dll
[2009/05/31 17:06:19 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldwins.dll
[2009/05/31 17:06:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\dldwjswr.dll
[2009/05/31 17:06:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldwinsr.dll
[2009/05/31 17:06:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldwgrd.dll
[2009/05/31 17:06:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldwcub.dll
[2009/05/31 17:06:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldwcu.dll
[2009/05/31 17:06:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldwcur.dll
[2009/05/31 17:06:16 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDWcfg.dll
[2009/04/11 19:57:40 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2009/03/14 19:01:17 | 000,003,067 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/03/14 18:59:03 | 000,000,089 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/03/14 18:58:59 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/03/02 12:25:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2009/03/02 11:28:00 | 000,098,304 | R--- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2009/03/02 11:23:04 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/03/02 11:23:04 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/11/19 20:05:09 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2008/11/19 19:35:44 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\high.txt
[2008/04/27 09:41:39 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/05/26 21:04:16 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007/05/26 07:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/05/26 06:49:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2007/04/04 21:16:30 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/07/14 23:11:30 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[2006/03/14 16:55:37 | 000,000,020 | ---- | C] () -- C:\WINDOWS\LANG.INI
[2005/11/24 17:23:11 | 000,002,727 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/06 21:15:43 | 000,003,302 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/07/23 22:53:42 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/23 22:06:48 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2005/05/27 21:39:51 | 000,234,219 | ---- | C] () -- C:\WINDOWS\BI.INI
[2005/05/27 21:39:51 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2005/05/27 21:39:51 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2005/05/27 21:39:51 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2005/05/27 21:39:51 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2005/05/27 21:39:51 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2005/05/27 21:39:51 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2005/05/27 21:39:51 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2005/05/27 21:39:51 | 000,001,851 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2005/05/27 21:39:51 | 000,001,013 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/27 21:39:51 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2005/05/27 21:39:51 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2005/05/27 21:39:51 | 000,000,611 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2005/05/27 21:39:51 | 000,000,608 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005/05/27 21:39:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\BELT.INI
[2005/05/27 21:39:51 | 000,000,295 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2005/05/27 21:39:51 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2005/05/27 21:39:51 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2005/05/27 21:39:51 | 000,000,199 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/05/27 21:39:51 | 000,000,191 | ---- | C] () -- C:\WINDOWS\protocol.ini
[2005/05/27 21:39:51 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670.ini
[2005/05/27 21:39:51 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2005/05/27 21:39:51 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2005/05/27 21:39:51 | 000,000,052 | ---- | C] () -- C:\WINDOWS\PEX.INI
[2005/05/27 21:39:51 | 000,000,045 | ---- | C] () -- C:\WINDOWS\HFGMFOKL.ini
[2005/05/27 21:39:51 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2005/05/27 21:39:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2005/05/27 21:39:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ZRSAtlas.ini
[2005/05/27 21:39:51 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/05/27 21:39:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/05/27 21:39:51 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2005/05/27 21:39:51 | 000,000,011 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2004.ini
[2005/05/27 21:39:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/05/27 21:39:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OFFICEKB.INI
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/09/15 19:35:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2004/08/02 20:48:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/08/02 20:48:18 | 000,024,748 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/08/02 20:48:18 | 000,020,020 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/07/08 16:56:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/08 07:26:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2004/07/07 20:59:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2004/07/07 20:58:05 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2004/05/18 18:45:13 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2004/05/18 18:45:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2004/05/16 21:30:21 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Application Data\dw.log
[2004/01/13 20:51:25 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/06/28 21:57:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HPFPNP.DLL
[2003/05/21 20:51:49 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Elizabeth Garcia\Local Settings\Application Data\fusioncache.dat
[2003/04/18 18:13:09 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2001/09/24 10:00:00 | 000,000,018 | ---- | C] () -- C:\WINDOWS\bcm.ini
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
< End of report >


OTL Extras logfile created on: 2/26/2010 6:18:19 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Elizabeth Garcia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 29.43 Gb Free Space | 52.67% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBBIE
Current User Name: Elizabeth Garcia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Valve\Steam\SteamApps\alan615\condition zero\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\alan615\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Valve\Steam\SteamApps\alan615\half-life\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\alan615\half-life\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Valve\Steam\SteamApps\alan615\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Valve\Steam\SteamApps\alan615\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Valve\Steam\SteamApps\alan615\counter-strike source\hl2.exe" = C:\Program Files\Valve\Steam\SteamApps\alan615\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\StreamCast\Morpheus\MorphEXE.exe" = C:\Program Files\StreamCast\Morpheus\MorphEXE.exe:*:Disabled:Morpheus -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\WINDOWS\System32\dldwcoms.exe" = C:\WINDOWS\System32\dldwcoms.exe:*:Enabled:V505 Server -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4a1789a1-33fd-427e-9027-dec4d7fe8fa5}" = D2500
"{4C92E981-B2AA-42FA-8113-81688815BF92}" = Hercules Gamesurround Fortissimo II
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90200409-6000-11D3-8CFE-0050048383C9}" = System Files Update
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}" = EPSON Photo Print
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c6d55c99-0700-44f6-8c46-3a0a14ee3d4c}" = D2500_Help
"{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}" = Terayon DOCSIS Modem
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC31E358-7247-4143-890E-CE41AC1AD234}" = Fundamentals of Nursing 6e
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}" = CLIE MS SCSI Driver
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38E1721-7FE7-11D4-A898-0000E83DCDA6}" = Ulead Photo Explorer 7.0 SE Basic
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Cyber Gear
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BroadJump Client Foundation" = BroadJump Client Foundation
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Candy Land" = Candy Land
"Canon Camera WIA Driver IXY 200a, PowerShot S200, IXUS v2" = Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter2" = Canon Utilities RAW Image Converter2
"CANONBJ_Deinstall_CNMCP5c.DLL" = Canon i960
"Charter" = Charter Pipeline Professor
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.3
"Dell V505" = Dell V505
"DrDrugs_6.1.163" = DrDrugs (Palm) v 6.1.163 by Skyscape
"DrDrugs_6.1.184" = DrDrugs (Palm) v 6.1.184 by Skyscape
"Drug Guide For Nurses" = Drug Guide For Nurses
"Eyles_Comprehensive_Review" = Student Software Challenge
"Handmark Magic Dogs Super Solitaire 15 for Palm OS" = Handmark Magic Dogs Super Solitaire 15 for Palm OS
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"Intel Network Setup Wizard" = Intel InBusiness Networking
"Intellisync Lite Connected Organizers V4.0" = Intellisync Lite
"MediaShow" = Medi@Show
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Midway® Arcade Classics ™" = Midway® Arcade Classics ™
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Rescue" = Rescue Disk
"NVIDIA Display Driver" = NVIDIA Display Driver
"PCI Audio Applications" = PCI Audio Applications
"PhotoRecord" = Canon PhotoRecord
"PROR" = Microsoft Office Professional 2007
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 2.4
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON PERF 1670 Guide
"Steam App 80" = Condition Zero
"Stedman's Medical Dictionary 27/e_5.0.133" = Stedmans by Skyscape
"SvenCoop" = Sven Co-op 3.0
"SystemRequirementsLab" = System Requirements Lab
"The Handmark Scrabble Game" = The Handmark Scrabble Game
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Typing Instructor Deluxe" = Typing Instructor Deluxe
"Typing Instructor for Kids II" = Typing Instructor for Kids II
"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-484763869-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-484763869-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2010 8:50:59 PM | Computer Name = DEBBIE | Source = nview_info | ID = 11141121
Description =

Error - 2/26/2010 8:50:59 PM | Computer Name = DEBBIE | Source = nview_info | ID = 11141121
Description =

Error - 2/26/2010 8:57:07 PM | Computer Name = DEBBIE | Source = nview_info | ID = 11141121
Description =

Error - 2/26/2010 8:57:07 PM | Computer Name = DEBBIE | Source = nview_info | ID = 11141121
Description =

Error - 2/26/2010 9:59:23 PM | Computer Name = DEBBIE | Source = nview_info | ID = 11141121
Description =

Error - 2/26/2010 9:59:23 PM | Computer Name = DEBBIE | Source = nview_info | ID = 11141121
Description =

Error - 2/26/2010 9:59:25 PM | Computer Name = DEBBIE | Source = nview_info | ID = 11141121
Description =

Error - 2/26/2010 9:59:26 PM | Computer Name = DEBBIE | Source = nview_info | ID = 11141121
Description =

Error - 2/26/2010 10:04:31 PM | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/26/2010 10:05:42 PM | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/26/2010 9:29:27 PM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/26/2010 9:29:27 PM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/26/2010 9:57:06 PM | Computer Name = DEBBIE | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 2/26/2010 9:57:06 PM | Computer Name = DEBBIE | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 2/26/2010 9:57:09 PM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService
service to connect.

Error - 2/26/2010 9:57:09 PM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7000
Description = The dldwCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 2/26/2010 9:58:34 PM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/26/2010 10:13:36 PM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

Error - 2/26/2010 10:13:36 PM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1070

Error - 2/26/2010 10:13:38 PM | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7034
Description = The dldw_device service terminated unexpectedly. It has done this
1 time(s).


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-26 18:53:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\pwtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT 8295A1B8 ZwConnectPort

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:50 PM

Posted 27 February 2010 - 05:30 AM

Hello again,

Before concentrating on anything else, I am extremely concerned about this...
QUOTE
/media/disk/Program Files/Microsoft Office/Office12/EXCEL.EXE: W32.Virut.Gen.D-163 FOUND- There was like 4 entries All pertaining to Office Excel, Word, Powerpoint Etc... Etc...
Then there was 2 other ones I can't remember that had to do with Another Program and W32.Virut.Gen.D-163 FOUND.

Virut is an extremely nasty virus that has only one solution: reformat.
However, before making that diagnosis, I want to confirm it first.

DR. WEB CUREIT
----------------------
Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Merger

Merger
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 28 February 2010 - 02:47 AM

Hello. So I finally did a Full scan which took about 11 hours and came up with 3 hits. The express scan came up with nothing. Here are the hits
minibug transporter.dll Adaware Minibug
AO168078.exe Adaware.cfd
a0170889.rbf Trojan.Swizzor.based

The last one A0170889.rbf came up with a delete this file or not prompt and it got deleted. The other 2 came up with no prompt and are not deleted, quarantined, moved, or renamed. The list is still up on that comp and wont do anything unless you suggest it.

Will wait for your response.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:50 PM

Posted 28 February 2010 - 03:10 AM

Hello Merger,

Okay, thats good news, no Virut there smile.gif

You can delete the detected items with Dr. Web.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Merger

Merger
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 28 February 2010 - 04:07 AM

ComboFix 10-02-27.04 - Elizabeth Garcia 02/28/2010 0:55.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.241 [GMT -8:00]
Running from: c:\documents and settings\Elizabeth Garcia\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\start.exe
c:\windows\system32\setup.ini
c:\windows\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-27 16:01 . 2010-02-27 16:01 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-02-22 19:22 . 2010-02-22 19:22 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-22 19:21 . 2010-02-22 19:21 -------- d-----w- c:\program files\MSBuild
2010-02-22 19:21 . 2010-02-22 19:21 -------- d-----w- c:\program files\Reference Assemblies
2010-02-22 19:21 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-22 19:19 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-22 19:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-22 19:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-22 19:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-22 19:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-22 19:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-22 19:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-22 19:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-22 19:19 . 2010-02-22 19:19 -------- d-----w- C:\664318e29b93916baf6d3e32f9efb3
2010-02-21 03:48 . 2010-02-21 03:48 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-02-21 03:44 . 2010-02-21 03:44 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-02-21 03:12 . 2010-02-21 19:14 79488 ----a-w- c:\documents and settings\Elizabeth Garcia\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-21 02:23 . 2010-02-21 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-20 19:08 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-20 19:06 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-20 19:06 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-20 19:06 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-20 19:02 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-20 18:23 . 2010-02-20 18:23 -------- d-----w- c:\documents and settings\Elizabeth Garcia\Application Data\.clamwin
2010-02-20 18:21 . 2010-02-20 18:21 -------- d-----w- c:\program files\ClamWin
2010-02-20 18:21 . 2010-02-20 18:21 -------- d-----w- c:\documents and settings\Elizabeth Garcia\.clamwin
2010-02-20 17:51 . 2010-02-20 17:51 -------- d-----w- c:\program files\Trend Micro
2010-02-20 05:42 . 2010-02-20 05:42 -------- d-sh--w- c:\documents and settings\Elizabeth Garcia\IECompatCache
2010-02-18 05:54 . 2010-02-18 05:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-18 02:48 . 2010-02-18 02:48 -------- d-----w- C:\FOUND.009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 17:28 . 2008-04-27 23:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-31 16:50 . 2005-05-28 05:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2005-05-28 05:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2005-05-28 05:33 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2005-05-28 04:59 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2005-05-28 05:02 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 06:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-05-28 05:01 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2004-07-09 02:34 . 2003-04-19 02:13 11079 ---h--w- c:\program files\folder.htt
2007-05-27 05:11 . 2007-05-27 05:10 0 --sha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 20:02 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
"ICSDCLT"=c:\windows\SYSTEM32\RUNDLL32.EXE c:\windows\SYSTEM32\ICSDCLT.DLL,ICSClient
"NvCplDaemon"=RUNDLL32.EXE c:\windows\SYSTEM32\nvcpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"SoundFusion"=RunDll32 hercplgs.cpl,BootEntryPoint
"Logitech Utility"=LOGI_MWX.EXE
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
"SSRunScript"=c:\program files\Support.com\backup\SS\SSRunScript.exe /script "c:\program files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"Symantec NetDriver Monitor"=c:\progra~1\SYMNET~1\SNDMON.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NAV Agent"=c:\progra~1\NORTON~1\NORTON~1\NAVAPW32.EXE
"msnappau"="c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
"wdskctl"=c:\windows\wdskctl.exe
"NaviSearch"=c:\program files\NaviSearch\bin\nls.exe
"Dit"=Dit.exe
"dtivkc"=c:\windows\SYSTEM32\dtivkc.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\SYSTEM32\nvmctray.dll,NvTaskbarInit
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\System32\\dldwcoms.exe"=

R2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
R3 D100IB;D100IB;c:\windows\SYSTEM32\DRIVERS\D100IB5.SYS [5/27/2005 9:28 PM 117760]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\SYSTEM32\DRIVERS\Envy24HF.sys [3/15/2009 1:06 PM 627840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/18/2010 10:12 PM 102448]
S2 dldwCATSCustConnectService;dldwCATSCustConnectService;c:\windows\SYSTEM32\spool\drivers\w32x86\3\dldwserv.exe [5/31/2009 5:15 PM 99568]
S3 hercspud;Hercules ® WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys --> c:\windows\system32\drivers\hercspud.sys [?]
S3 hercwdm;Hercules ® WDM Interface Driver;c:\windows\system32\drivers\hercwdm.sys --> c:\windows\system32\drivers\hercwdm.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptPreferredAudioDevices]
2008-06-17 20:02 8461312 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 01:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore]
2009-03-08 12:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore]
2009-03-08 12:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 01:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 01:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2003-04-19 06:48 7168 ------w- c:\windows\SYSTEM32\updcrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\{A53E99C9-7D7A-40E1-9786-00043B0BC5F7}_LIZ_Elizabeth Garcia.job
- c:\windows\system32\mobsync.exe [2005-05-28 01:12]

2010-02-27 c:\windows\Tasks\{08BE2BF9-5DC1-4111-BBC9-E353154E6F99}_LIZ_Elizabeth Garcia.job
- c:\windows\system32\mobsync.exe [2005-05-28 01:12]

2010-02-27 c:\windows\Tasks\{C85C895F-1BD8-4D12-883A-8C7E0E3BFA07}_LIZ_Elizabeth Garcia.job
- c:\windows\system32\mobsync.exe [2005-05-28 01:12]

2009-03-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 20:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Web Savings - file://c:\program files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
DPF: Win32 Classes
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} - hxxp://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
DPF: {886DDE35-E955-11D0-A707-000000521958} - hxxp://69.56.176.78/webplugin.cab
FF - ProfilePath - c:\documents and settings\Elizabeth Garcia\Application Data\Mozilla\Firefox\Profiles\4t5df4c8.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-{44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exeadvpack.dll
AddRemove-MSN Toolbar - c:\program files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe
AddRemove-NVIDIA Display Driver - c:\windows\SYSTEM32\nvuDisp.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 01:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(432)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-28 01:04:11
ComboFix-quarantined-files.txt 2010-02-28 09:04

Pre-Run: 31,317,557,248 bytes free
Post-Run: 31,423,135,744 bytes free

- - End Of File - - 09F9EEFF014E51822A54C6E1A2C4F69C


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:50 PM

Posted 28 February 2010 - 04:49 AM

Hello,
Still some stuff to take care of. Please make sure the Recovery Console is installed when Combofix asks you to.

CF-SCRIPT
-------------
Open notepad and copy/paste the text in the quotebox below into it:

CODE
<http://www.bleepingcomputer.com/forums/index.php?showtopic=298106&view=findpost&p=1651404>

Collect::
c:\windows\wdskctl.exe
c:\windows\SYSTEM32\dtivkc.exe

Folder::
c:\program files\NaviSearch

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"wdskctl"=-
"NaviSearch"=-
"Dit"=-
"dtivkc"=-

DDS::
IE: Web Savings - file://c:\program files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Merger

Merger
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 28 February 2010 - 05:05 AM

Before I begin another scan I should tell you that it is not allowing me to install the Recovery Console

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:50 PM

Posted 28 February 2010 - 05:21 AM

What happens when you try? Is it unable to make a connection to the internet?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Merger

Merger
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 28 February 2010 - 05:29 AM

Messed up

Edited by Merger, 28 February 2010 - 05:34 AM.


#13 Merger

Merger
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 28 February 2010 - 05:32 AM

Says....

Failed to download required files. Aborting.......

Shall continue scanning for Malware

Then there is a Ok button. I know there is internet connection but now something weird is going on with the internet on this comp. I can't get a connection to the internet now for some odd reason.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:50 PM

Posted 28 February 2010 - 05:44 AM

Please download this file
Double click on it to run it, this will install the Recovery Console.

Afterwards, try to run the CF script.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Merger

Merger
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 28 February 2010 - 05:46 AM

Ok Check this out. Fixed the connection working and all. I moved the CFScript to the combofix, it does what it is supposed to do. Once I hit yes to download the recovery console I lose my connection. I can get it back by doing a Repair on the connection.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users