Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Causes Symantec Email Proxy Popups


  • This topic is locked This topic is locked
5 replies to this topic

#1 ODA

ODA

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 08 April 2010 - 11:55 AM

Hello,

This is my first time posting to a forum like this, so I hope I'm doing this right. mellow.gif I followed the instructions from the Perparation Guide link. (I am running Windows XP SP2)

I came home from work the other day to find my screen flooded with Symantec Email Proxy popups warning that it could not send out email (spam topics / information on my machine). I do not have outlook set up on machine, but use Gmail, and a Gmail notification client. The only way I was able to prevent the popups was to disconnect my internet connection. I attempted to run several anti-spyware applications (Ad-Aware, SuperAnti-Spyware, Spybot... etc) but to no avail. At times it would look fixed, but come back within 24 hrs. After running through your perparation guide I found that my Windows Firewall was not activated either (I quickly turned it back on). I have also run VundoFix which reported removal of one infected file. I've run Hijack this as well and checked the log for an suspicious keys or operations but could not find any. At this point, I don't know what else to do other than buy some new HDs, salvage my personal files, and reinstall everything from scratch (I guess it would give me a chance to try Windows 7).

If someone could help me out it would be much appreciated.

Thanks in advance.

Here is the DDS txt log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Van at 10:40:21.75 on Thu 04/08/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.230 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\Google\Gmail Notifier\gnotify.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Canon\MyPrinter\BJMyPrt.exe
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\PeerGuardian2\pg2.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Documents and Settings\Van\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\googletoolbar3.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - e:\program files\aim toolbar\AIMBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "e:\program files\valve\steam\steam.exe" -silent
uRun: [Skype] "e:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
uRun: [googletalk] "e:\program files\google\google talk\googletalk.exe" /autostart
uRun: [BitTorrent DNA] "e:\program files\dna\btdna.exe"
uRun: [Aim6] "e:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [PeerGuardian] e:\program files\peerguardian2\pg2.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\program files\google\gmail notifier\gnotify.exe
mRun: [vptray] e:\progra~1\symant~1\VPTray.exe
mRun: [VerizonServicepoint.exe] e:\program files\verizon\servicepoint\VerizonServicepoint.exe
mRun: [SunJavaUpdateSched] "e:\program files\java\jre1.5.0_09\bin\jusched.exe"
mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [NeroFilterCheck] e:\windows\system32\NeroCheck.exe
mRun: [DeadAIM] rundll32.exe "e:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [DAEMON Tools-1033] "e:\program files\d-tools\daemon.exe" -lang 1033
mRun: [ccApp] "e:\program files\common files\symantec shared\ccApp.exe"
mRun: [CanonSolutionMenu] e:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] e:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [googletalk] e:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - e:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office10\OSA.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\viarai~1.lnk - e:\program files\via\raid\raid_tool.exe
IE: &AIM Search - e:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Search - ?p=RGfox000
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - e:\program files\pokerstars\PokerStarsUpdate.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - e:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - e:\program files\java\jre1.5.0_09\bin\ssv.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - e:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - e:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - e:\windows\system32\NavLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\van\applic~1\mozilla\firefox\profiles\9l8nqz16.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: e:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: e:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XULRunner: {86037A2D-8666-4A1A-92B8-7F03C8F4C5A7} - e:\documents and settings\van\local settings\application data\{86037A2D-8666-4A1A-92B8-7F03C8F4C5A7}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-4-8 64288]
R0 viasraid;viasraid;e:\windows\system32\drivers\viasraid.sys [2004-11-2 77312]
R1 SAVRT;SAVRT;e:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccSetMgr;Symantec Settings Manager;e:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
R2 SAVRTPEL;SAVRTPEL;e:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;e:\program files\symantec antivirus\Rtvscan.exe [2004-8-2 1267024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 NAVENG;NAVENG;e:\progra~1\common~1\symant~1\virusd~1\20100402.004\naveng.sys [2010-4-2 84912]
R3 NAVEX15;NAVEX15;e:\progra~1\common~1\symant~1\virusd~1\20100402.004\navex15.sys [2010-4-2 1324720]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;e:\windows\system32\drivers\atinysxx.sys [2005-2-24 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;e:\windows\system32\drivers\atinyvxx.sys [2005-2-24 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;e:\windows\system32\drivers\atinyuxx.sys [2005-2-24 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;e:\windows\system32\drivers\ATIUTD.sys [2005-2-24 38912]
S3 ccEvtMgr;Symantec Event Manager;e:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
S3 ccPwdSvc;Symantec Password Validation;e:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 SavRoam;SAVRoam;e:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]
S3 st3bus28;st3bus28;e:\windows\system32\drivers\st3bus28.sys --> e:\windows\system32\drivers\st3bus28.sys [?]
S3 st3mp28;st3mp28;e:\windows\system32\drivers\st3mp28.sys --> e:\windows\system32\drivers\st3mp28.sys [?]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;e:\windows\system32\drivers\atinyttx.sys [2005-2-24 13824]
S3 w600bus;Sony Ericsson W600 driver (WDM);e:\windows\system32\drivers\w600bus.sys [2005-7-18 60928]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;e:\windows\system32\drivers\w600mgmt.sys [2005-7-18 88080]
S4 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [2005-8-6 155136]
S4 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [2005-8-6 5248]

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 10:42:03.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 AM

Posted 12 April 2010 - 10:00 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 ODA

ODA
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 12 April 2010 - 07:15 PM

Here is the OTL.txt

OTL logfile created on: 4/12/2010 8:02:22 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = E:\Documents and Settings\Van\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 329.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): E:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 74.53 Gb Total Space | 54.43 Gb Free Space | 73.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.52 Gb Total Space | 35.39 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.47 Gb Total Space | 7.47 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: RABIDSPOONZ
Current User Name: Van
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/12 19:46:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Van\Desktop\OTL.exe
PRC - [2010/04/08 02:41:22 | 000,818,256 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/08 02:41:21 | 001,265,264 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/07 09:30:13 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\DNA\btdna.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\WgaTray.exe
PRC - [2008/03/17 21:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/10/04 11:20:54 | 000,050,528 | ---- | M] (AOL LLC) -- E:\Program Files\AIM6\aim6.exe
PRC - [2007/07/15 00:11:25 | 000,068,856 | ---- | M] (Google Inc.) -- E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2007/05/25 13:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- E:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- E:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/12 03:10:54 | 000,049,263 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
PRC - [2006/02/01 18:33:38 | 001,880,064 | ---- | M] (Verizon) -- E:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
PRC - [2005/09/18 19:40:42 | 001,421,824 | ---- | M] (Methlabs) -- E:\Program Files\PeerGuardian2\pg2.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- E:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/08/02 19:36:40 | 000,124,232 | ---- | M] (Symantec Corporation) -- E:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/08/02 19:36:32 | 001,267,024 | ---- | M] (Symantec Corporation) -- E:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/08/02 19:36:26 | 000,030,024 | ---- | M] (Symantec Corporation) -- E:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/06/09 20:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) -- E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/06/09 20:31:06 | 000,066,680 | ---- | M] (Symantec Corporation) -- E:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/02/26 04:53:30 | 000,065,024 | R--- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/11/18 02:11:04 | 000,565,248 | R--- | M] (VIA Technologies) -- E:\Program Files\VIA\RAID\raid_tool.exe


========== Modules (SafeList) ==========

MOD - [2010/04/12 19:46:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Van\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/08 02:41:21 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- E:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/08/02 19:36:36 | 000,173,392 | ---- | M] (symantec) [On_Demand | Stopped] -- E:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/08/02 19:36:32 | 001,267,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/08/02 19:36:26 | 000,030,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/06/11 18:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/06/09 20:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/06/09 20:31:12 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/06/09 20:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/04/08 04:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- E:\Program Files\Common Files\Symantec Shared\VirusDefs\20100408.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/04/08 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- E:\Program Files\Common Files\Symantec Shared\VirusDefs\20100408.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/12/01 18:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/03/01 23:09:12 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2005/10/14 23:46:48 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/09/18 19:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005/07/18 13:25:36 | 000,088,080 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\w600mgmt.sys -- (w600mgmt)
DRV - [2005/07/18 13:23:02 | 000,060,928 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\w600bus.sys -- (w600bus) Sony Ericsson W600 driver (WDM)
DRV - [2005/01/25 22:37:42 | 000,038,912 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ATIUTD.sys -- (ATIUTD)
DRV - [2005/01/25 22:37:36 | 000,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\atinypxx.sys -- (PCDCODEC)
DRV - [2005/01/25 22:37:28 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\atinymxx.sys -- (MVDCODEC)
DRV - [2005/01/25 22:37:08 | 000,064,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\atinyuxx.sys -- (ATITUNEP2)
DRV - [2005/01/25 22:36:46 | 000,079,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\atinysxx.sys -- (atinysxx)
DRV - [2005/01/25 22:36:06 | 000,174,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\atinyvxx.sys -- (atinyvxx)
DRV - [2005/01/25 22:33:14 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\atinyttx.sys -- (TTDec)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- E:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- E:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/04 02:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/11 18:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- E:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/11 18:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/19 08:02:08 | 000,613,244 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- E:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/23 23:08:52 | 000,400,384 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- E:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- E:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/11/10 07:30:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/10/30 23:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2003/08/05 22:43:04 | 000,159,744 | R--- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/28 13:15:52 | 000,006,212 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\ST3BUS28.vxd -- (st3bus28)
DRV - [2001/10/18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-764733703-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1547161642-764733703-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1547161642-764733703-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-764733703-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.0
FF - prefs.js..extensions.enabledItems: {86037A2D-8666-4A1A-92B8-7F03C8F4C5A7}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{86037A2D-8666-4A1A-92B8-7F03C8F4C5A7}: E:\Documents and Settings\Van\Local Settings\Application Data\{86037A2D-8666-4A1A-92B8-7F03C8F4C5A7} [2010/03/26 22:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/04/02 08:22:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/04/02 08:22:11 | 000,000,000 | ---D | M]

[2008/12/14 22:07:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Van\Application Data\Mozilla\Extensions
[2010/04/08 00:35:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Van\Application Data\Mozilla\Firefox\Profiles\9l8nqz16.default\extensions
[2010/01/21 01:20:30 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Van\Application Data\Mozilla\Firefox\Profiles\9l8nqz16.default\extensions\firebug@software.joehewitt.com
[2008/12/14 22:07:59 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- E:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/05 19:34:36 | 000,385,900 | R--- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13312 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1547161642-764733703-854245398-1003\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - e:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1547161642-764733703-854245398-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - e:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1547161642-764733703-854245398-1003\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - E:\Program Files\AIM Toolbar\AIMBar.dll File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] E:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] E:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Ptipbmf] E:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [SoundMan] E:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] E:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [vptray] E:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1547161642-764733703-854245398-1003..\Run: [Aim6] E:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1547161642-764733703-854245398-1003..\Run: [BitTorrent DNA] E:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1547161642-764733703-854245398-1003..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1547161642-764733703-854245398-1003..\Run: [PeerGuardian] E:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKU\S-1-5-21-1547161642-764733703-854245398-1003..\Run: [Steam] e:\program files\valve\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1547161642-764733703-854245398-1003..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = E:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-764733703-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-764733703-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-764733703-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-764733703-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1547161642-764733703-854245398-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - E:\WINDOWS\System32\NavLogon.dll - E:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: E:\Documents and Settings\Van\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Van\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3deb8852-511f-11dd-b557-00112fbabe3e}\Shell - "" = AutoRun
O33 - MountPoints2\{3deb8852-511f-11dd-b557-00112fbabe3e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3deb8852-511f-11dd-b557-00112fbabe3e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3f694390-44c8-11df-b5b2-00112fbabe3e}\Shell - "" = AutoRun
O33 - MountPoints2\{3f694390-44c8-11df-b5b2-00112fbabe3e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3f694390-44c8-11df-b5b2-00112fbabe3e}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - E:\WINDOWS\system32\ias [2004/09/28 18:16:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - E:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.ac3acm - E:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - E:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.imc - E:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - E:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - E:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3iv2 - E:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: VIDC.HFYU - E:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.i263 - E:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - E:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: VIDC.IV40 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\Ir50_32.dll (Ligos Corporation)
Drivers32: vidc.MP42 - E:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - E:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - E:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VP31 - E:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - E:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - E:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - E:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - E:\Program Files\Combined Community Codec Pack\Filters\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - E:\WINDOWS\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 19:50:57 | 000,561,664 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Van\Desktop\OTL.exe
[2010/04/08 18:14:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/08 18:14:03 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 02:41:57 | 000,064,288 | ---- | C] (Lavasoft AB) -- E:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/08 02:41:52 | 000,095,024 | ---- | C] (Sunbelt Software) -- E:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/08 02:35:53 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/08 02:35:29 | 000,000,000 | ---D | C] -- E:\Program Files\Lavasoft
[2010/04/08 02:35:29 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/08 02:05:52 | 000,000,000 | --SD | M] -- E:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/08 02:05:52 | 000,000,000 | --SD | M] -- E:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/08 01:52:04 | 000,000,000 | ---D | C] -- E:\VundoFix Backups
[2010/04/08 00:29:22 | 000,000,000 | ---D | C] -- E:\Program Files\Trend Micro
[2010/04/08 00:25:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/08 00:25:00 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2010/03/26 22:26:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Van\Application Data\Malwarebytes
[2010/03/26 22:26:24 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2010/03/26 22:26:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/26 22:11:11 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Van\Local Settings\Application Data\{86037A2D-8666-4A1A-92B8-7F03C8F4C5A7}
[2007/08/16 19:09:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/08/06 17:28:44 | 000,155,136 | ---- | C] ( ) -- E:\WINDOWS\System32\drivers\d347bus.sys
[2005/08/06 17:28:44 | 000,005,248 | ---- | C] ( ) -- E:\WINDOWS\System32\drivers\d347prt.sys
[2004/09/28 22:20:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/09/28 18:21:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 E:\Documents and Settings\Van\My Documents\*.tmp files -> E:\Documents and Settings\Van\My Documents\*.tmp -> ]
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[2 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[2 E:\*.tmp files -> E:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/12 20:05:15 | 000,804,864 | ---- | M] () -- E:\WINDOWS\System32\drivers\rkzxqopx.sys
[2010/04/12 19:46:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Van\Desktop\OTL.exe
[2010/04/12 19:39:39 | 000,002,262 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/04/12 19:29:26 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/12 19:28:44 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/04/12 19:28:39 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/04/11 20:08:58 | 017,301,504 | -H-- | M] () -- E:\Documents and Settings\Van\NTUSER.DAT
[2010/04/11 20:08:48 | 000,000,278 | -HS- | M] () -- E:\Documents and Settings\Van\ntuser.ini
[2010/04/10 15:45:34 | 000,242,176 | ---- | M] () -- E:\Documents and Settings\Van\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 18:14:08 | 000,000,696 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 10:32:22 | 000,000,052 | ---- | M] () -- E:\Documents and Settings\Van\defogger_reenable
[2010/04/08 02:41:51 | 000,095,024 | ---- | M] (Sunbelt Software) -- E:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/08 02:41:48 | 000,015,880 | ---- | M] () -- E:\WINDOWS\System32\lsdelete.exe
[2010/04/08 02:35:52 | 000,000,867 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/08 00:29:24 | 000,001,734 | ---- | M] () -- E:\Documents and Settings\Van\Desktop\HijackThis.lnk
[2010/04/08 00:15:45 | 000,000,120 | ---- | M] () -- E:\WINDOWS\Sxajakulad.dat
[2010/04/08 00:15:45 | 000,000,000 | ---- | M] () -- E:\WINDOWS\Ogosahurozecec.bin
[2010/04/07 02:49:20 | 000,000,116 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2010/04/05 19:34:36 | 000,385,900 | R--- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2010/04/01 00:16:02 | 000,012,292 | -HS- | M] () -- E:\Documents and Settings\Van\Local Settings\Application Data\4NXd80
[2010/04/01 00:16:02 | 000,012,292 | -HS- | M] () -- E:\Documents and Settings\All Users\Application Data\4NXd80
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 23:59:45 | 000,401,064 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010/03/26 23:59:44 | 000,471,326 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 23:59:44 | 000,062,344 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010/03/26 22:30:09 | 000,000,734 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts.20100405-193435.backup
[2010/03/26 22:12:41 | 000,363,520 | ---- | M] () -- E:\Documents and Settings\Van\Desktop\rkill.com
[2010/03/26 22:07:25 | 000,000,116 | ---- | M] () -- E:\WINDOWS\System32\fjhdyfhsn.bat
[4 E:\Documents and Settings\Van\My Documents\*.tmp files -> E:\Documents and Settings\Van\My Documents\*.tmp -> ]
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[2 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[2 E:\*.tmp files -> E:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/08 18:14:08 | 000,000,696 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 10:43:56 | 000,293,376 | ---- | C] () -- E:\Documents and Settings\Van\Desktop\gmer.exe
[2010/04/08 10:32:06 | 000,000,052 | ---- | C] () -- E:\Documents and Settings\Van\defogger_reenable
[2010/04/08 03:04:15 | 000,015,880 | ---- | C] () -- E:\WINDOWS\System32\lsdelete.exe
[2010/04/08 02:43:05 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/08 02:35:52 | 000,000,867 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/08 00:29:24 | 000,001,734 | ---- | C] () -- E:\Documents and Settings\Van\Desktop\HijackThis.lnk
[2010/04/01 00:13:53 | 000,012,292 | -HS- | C] () -- E:\Documents and Settings\Van\Local Settings\Application Data\4NXd80
[2010/04/01 00:13:53 | 000,012,292 | -HS- | C] () -- E:\Documents and Settings\All Users\Application Data\4NXd80
[2010/03/26 22:16:37 | 000,363,520 | ---- | C] () -- E:\Documents and Settings\Van\Desktop\rkill.com
[2010/03/26 22:11:12 | 000,000,120 | ---- | C] () -- E:\WINDOWS\Sxajakulad.dat
[2010/03/26 22:11:12 | 000,000,000 | ---- | C] () -- E:\WINDOWS\Ogosahurozecec.bin
[2010/03/26 22:08:07 | 000,804,864 | ---- | C] () -- E:\WINDOWS\System32\drivers\rkzxqopx.sys
[2010/03/26 22:07:25 | 000,000,116 | ---- | C] () -- E:\WINDOWS\System32\fjhdyfhsn.bat
[2010/03/26 22:07:24 | 000,000,016 | ---- | C] () -- E:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2009/01/17 12:26:01 | 000,024,056 | ---- | C] () -- E:\Documents and Settings\Van\CCCInstall_200901171126013024.log
[2007/07/19 23:27:51 | 000,000,029 | ---- | C] () -- E:\WINDOWS\atid.ini
[2007/04/09 16:38:19 | 000,001,362 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/26 23:40:10 | 000,000,525 | ---- | C] () -- E:\WINDOWS\QIII.INI
[2006/02/20 16:51:35 | 000,000,116 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2005/12/30 05:27:13 | 000,000,126 | ---- | C] () -- E:\Documents and Settings\Van\Local Settings\Application Data\fusioncache.dat
[2005/12/21 21:59:39 | 000,000,102 | ---- | C] () -- E:\WINDOWS\VSWizard.ini
[2005/10/14 23:51:19 | 000,001,024 | RH-- | C] () -- E:\WINDOWS\System32\NTIDIB4.dll
[2005/10/14 23:50:45 | 000,001,024 | RH-- | C] () -- E:\WINDOWS\System32\NTIBUN4.dll
[2005/10/14 23:46:57 | 000,001,024 | RH-- | C] () -- E:\WINDOWS\System32\NTIMPEG2.dll
[2005/10/14 23:46:57 | 000,001,024 | RH-- | C] () -- E:\WINDOWS\System32\NTIMP3.dll
[2005/10/14 23:46:57 | 000,001,024 | RH-- | C] () -- E:\WINDOWS\System32\NTIFCD3.dll
[2005/10/14 23:46:57 | 000,001,024 | RH-- | C] () -- E:\WINDOWS\System32\NTICDMK7.dll
[2005/07/19 17:39:22 | 000,262,144 | ---- | C] () -- E:\Documents and Settings\All Users\ntuser.dat
[2005/07/19 17:39:22 | 000,001,024 | -H-- | C] () -- E:\Documents and Settings\All Users\ntuser.dat.LOG
[2005/07/16 15:39:39 | 000,000,606 | ---- | C] () -- E:\WINDOWS\WININIT.INI
[2005/01/15 00:54:45 | 000,043,520 | ---- | C] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- E:\WINDOWS\System32\drivers\UBHelper.sys
[2004/11/12 19:07:59 | 000,000,034 | ---- | C] () -- E:\WINDOWS\cdplayer.ini
[2004/11/02 21:51:54 | 000,000,000 | ---- | C] () -- E:\WINDOWS\ATIMMC.INI
[2004/11/02 06:22:51 | 000,005,249 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
[2004/11/02 06:22:50 | 000,005,824 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/11/02 05:47:40 | 000,155,648 | R--- | C] () -- E:\WINDOWS\System32\RTLCPAPI.dll
[2004/09/28 20:07:37 | 000,000,488 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2004/09/28 20:00:33 | 000,000,000 | ---- | C] () -- E:\WINDOWS\VPC32.INI
[2004/09/28 19:50:02 | 000,000,192 | ---- | C] () -- E:\WINDOWS\winamp.ini
[2004/09/28 18:44:56 | 000,242,176 | ---- | C] () -- E:\Documents and Settings\Van\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/28 18:23:08 | 000,001,024 | -H-- | C] () -- E:\Documents and Settings\Van\ntuser.dat.LOG
[2004/09/28 18:23:08 | 000,000,278 | -HS- | C] () -- E:\Documents and Settings\Van\ntuser.ini
[2004/09/28 18:23:07 | 017,301,504 | -H-- | C] () -- E:\Documents and Settings\Van\NTUSER.DAT
[2004/08/22 17:04:56 | 000,069,120 | ---- | C] () -- E:\WINDOWS\daemon.dll
[2004/05/09 13:11:32 | 000,155,648 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll
[2004/05/09 11:31:44 | 000,679,936 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2004/01/27 13:13:54 | 000,421,888 | ---- | C] () -- E:\WINDOWS\System32\OpenQuicktimeLib.dll
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- E:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/17 13:20:02 | 000,009,216 | ---- | C] () -- E:\WINDOWS\System32\cpuinf32.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- E:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- E:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- E:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/12/01 16:52:52 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- E:\WINDOWS\system32\ATIDEMGX.dll
[2 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/09/28 22:01:54 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/09/28 22:01:54 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/09/28 22:01:54 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/09/28 22:01:54 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2001/08/23 08:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2001/08/23 08:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- E:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\system32\eventlog.dll
[2001/08/23 08:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\system32\netlogon.dll
[2001/08/23 08:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\system32\scecli.dll
[2001/08/23 08:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: VIASRAID.SYS >
[2003/10/30 23:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- E:\WINDOWS\system32\drivers\viasraid.sys

< %systemroot%\*. /mp /s >
< End of report >

and here is the Extra.txt

OTL Extras logfile created on: 4/12/2010 8:02:22 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = E:\Documents and Settings\Van\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 329.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): E:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 74.53 Gb Total Space | 54.43 Gb Free Space | 73.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.52 Gb Total Space | 35.39 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.47 Gb Total Space | 7.47 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: RABIDSPOONZ
Current User Name: Van
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Program Files\Common Files\AOL\1125274671\ee\AOLServiceHost.exe" = E:\Program Files\Common Files\AOL\1125274671\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found
"E:\Program Files\AIM\aim.exe" = E:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"E:\Program Files\Common Files\AOL\Loader\aolload.exe" = E:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\DNA\btdna.exe" = E:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI DVD-Maker
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{21C41BAF-6F62-469D-A43B-DDF01628346E}" = Ground Control II
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25AF0BD1-DF07-4447-8E91-28E99617C556}" = DeadAIM
"{2D40C5CF-BDAB-48A9-AEF8-4D13486784FE}" = NTI DriveBackup! 4
"{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{32A3A4F4-B792-11D6-A78A-00B0D0150090}" = J2SE Development Kit 5.0 Update 9
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{85DD724B-15E5-4572-81BF-CF9031D83848}" = Ventrilo Server
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{AAF3BF6B-BFBB-430B-9B94-F1FB7D1E155B}" = SpadeClub Poker
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{BA0CA1B4-5491-11D7-97BC-00055D0CA761}" = Roxio DVDMAX Player
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C93369CB-B4E9-E095-9289-E6B5AE941033}" = Nero 7 Demo
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F856C9C3-F0FF-40E9-9A67-C2F4054F20CF}" = SmartFTP Client
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Canon iP3600 series User Registration" = Canon iP3600 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDex" = CDex extraction audio
"Combined Community Codec Pack" = Combined Community Codec Pack 2005-11-17 (Remove Only)
"Core FTP LE 2.1" = Core FTP LE 2.1
"DirectVobSub" = DirectVobSub (remove only)
"DivX Codec" = DivX 5.0.3 Bundle
"Easy DVD Copy3.5.3" = Easy DVD Copy
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Final Fantasy VII" = Final Fantasy VII
"Hamachi" = Hamachi 1.0.1.5
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.0.0.47
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI DVD-Maker
"InstallShield_{2D40C5CF-BDAB-48A9-AEF8-4D13486784FE}" = NTI DriveBackup! 4
"InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.02
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 2.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSN Music Assistant" = MSN Music Assistant
"PeerGuardian_is1" = PeerGuardian 2.0
"PokerStars" = PokerStars
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"Skype_is1" = Skype 2.0
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"ST6UNST #1" = Hero Editor V0.96
"Steam" = Steam
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tranquillity 1.0_is1" = Tranquillity 1.0
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"YInstHelper" = Yahoo! Install Manager
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-764733703-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2010 11:33:07 PM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Packed.Generic.214 in File: E:\Qoobox\Quarantine\E\WINDOWS\system32\aivnujpb.dll.vir
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 3/26/2010 11:33:07 PM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Packed.Generic.214 in File: E:\Qoobox\Quarantine\E\WINDOWS\system32\florly.dll.vir
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 3/26/2010 11:33:08 PM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Awax in File: E:\Qoobox\Quarantine\E\WINDOWS\system32\iiffDTNH.dll.vir
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 3/26/2010 11:33:08 PM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Vundo in File: E:\Qoobox\Quarantine\E\WINDOWS\system32\pmnoNGaA.dll.vir
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 4/1/2010 12:13:52 AM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.FakeAV in File: E:\Documents and Settings\Van\Local
Settings\Application Data\ave.exe by: Auto-Protect scan. Action: Clean failed
: Quarantine failed : Delete succeeded : Access denied. Action Description: The
file was deleted successfully.

Error - 4/1/2010 12:13:52 AM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.FakeAV in File: E:\Documents and Settings\Van\Local
Settings\Application Data\av.exe by: Auto-Protect scan. Action: Clean failed :
Quarantine failed : Delete succeeded : Access denied. Action Description: The
file was deleted successfully.

Error - 4/1/2010 12:13:53 AM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.FakeAV in File: E:\Documents and Settings\Van\Local
Settings\Application Data\MSASCui.exe by: Auto-Protect scan. Action: Clean failed
: Quarantine failed : Delete succeeded : Access denied. Action Description: The
file was deleted successfully.

Error - 4/8/2010 2:40:00 AM | Computer Name = RABIDSPOONZ | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/8/2010 3:37:26 PM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Packed.Mystic!gen3 in File: E:\System Volume
Information\_restore{26F9186B-B3E8-44DA-8E9F-94E9DE6C53A0}\RP341\A0028601.dll by:
Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 4/8/2010 4:02:06 PM | Computer Name = RABIDSPOONZ | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Packed.Mystic!gen3 in File: E:\Documents and
Settings\Van\Local Settings\Application Data\706991270.dll by: Manual scan. Action:
Quarantine succeeded. Action Description: The file was quarantined successfully.



[ System Events ]
Error - 4/10/2010 10:04:42 AM | Computer Name = RABIDSPOONZ | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/10/2010 10:04:42 AM | Computer Name = RABIDSPOONZ | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/10/2010 10:04:42 AM | Computer Name = RABIDSPOONZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips IPSec MRxSmb NetBIOS NetBT ohci1394 Processor RasAcd Rdbss SAVRT SYMTDI Tcpip viaagp

Error - 4/10/2010 10:05:07 AM | Computer Name = RABIDSPOONZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/10/2010 10:05:31 AM | Computer Name = RABIDSPOONZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/10/2010 11:47:29 AM | Computer Name = RABIDSPOONZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/10/2010 11:49:09 AM | Computer Name = RABIDSPOONZ | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 4/10/2010 1:30:58 PM | Computer Name = RABIDSPOONZ | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 4/11/2010 7:56:14 PM | Computer Name = RABIDSPOONZ | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 4/12/2010 7:28:47 PM | Computer Name = RABIDSPOONZ | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >

Thanks for the help!

#4 ODA

ODA
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 13 April 2010 - 11:40 AM

Myrti,

This installation has been around for 4 - 5 years with multiple users (I never log out of my home desktop) and it seems that there are a large number of issues with it. I decided to purchase Windows 7 and a new faster HD (still have an old 80g IDE) and start from scratch on installation. I salvaged any documents or files that I needed into an external drive (scanning each of the files with Symantec first, the same version of Symantec I received back in college, which I intend to replace with the newest version of Trend Micro Antivirus, which I purchased with my new OS). I'm now just waiting on the shipping.

Although I'm curious as to what infected my machine, I know that you all at Bleeping Computer have a number of people waiting for help. The posts here have helped me a number of times. thumbup2.gif

If you have any software suggestions to protect my new installation it would be much appreciated. Again, thanks for the help!

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 AM

Posted 14 April 2010 - 05:45 PM

Hi,

the detections Symantec shows in the event log would suggest Vundo and a rogue anti spyware program. Gmer also shows something with a rootkit component, but without the specific files it's really hard to tell.

These are a couple of advice I usually give at the end of a cleaning, maybe there's something in it for you. The most important thing, in my opinion is to stay up to date.
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 AM

Posted 20 April 2010 - 03:59 PM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users