Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Try to Fx w,Comofix


  • This topic is locked This topic is locked
15 replies to this topic

#1 Ochiba

Ochiba

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 27 February 2011 - 12:48 PM

Previous topic here: http://www.bleepingcomputer.com/forums/topic381918.html ~ OB

Orange ...here the log you requested from DDS
Haven't run Combo On this system Yet was waiting for Instruction


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/12/2006 9:28:37 PM
System Uptime: 2/27/2011 9:59:26 AM (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | PTGD2-VX
Processor: Intel® Pentium® 4 CPU 3.20GHz | CPU 1 | 3192/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 179 GiB total, 131.38 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP350: 2/20/2011 2:06:52 PM - System Checkpoint
RP351: 2/20/2011 2:46:07 PM - Software Distribution Service 3.0
RP352: 2/20/2011 3:28:52 PM - Installed Windows Internet Explorer 8.
RP353: 2/21/2011 3:44:14 PM - System Checkpoint
RP354: 2/22/2011 3:58:06 PM - System Checkpoint
RP355: 2/23/2011 8:15:23 PM - System Checkpoint
RP356: 2/24/2011 2:48:21 PM - Removed VAIO Update 2
RP357: 2/24/2011 2:52:17 PM - Installed VAIO Sample Movie and Music
RP358: 2/25/2011 12:52:57 AM - Norton_Power_Eraser_20110225005251031
RP359: 2/25/2011 1:06:13 AM - Software Distribution Service 3.0
RP360: 2/25/2011 1:14:12 AM - Installed Windows XP KB915865.
RP361: 2/25/2011 1:15:24 AM - Installed Windows NLSDownlevelMapping.
RP362: 2/25/2011 1:16:15 AM - Installed Windows IDNMitigationAPIs.
RP363: 2/25/2011 1:18:12 AM - Installed Windows Internet Explorer 7.
RP364: 2/25/2011 1:19:39 AM - Software Distribution Service 3.0
RP365: 2/25/2011 2:03:24 AM - Installed Router
RP366: 2/25/2011 9:57:26 AM - Installed %1 %2.
RP367: 2/25/2011 12:06:42 PM - Installed Windows Internet Explorer 8.
RP368: 2/25/2011 12:08:21 PM - Software Distribution Service 3.0
RP369: 2/26/2011 3:00:45 AM - Software Distribution Service 3.0
RP370: 2/26/2011 6:48:16 PM - Software Distribution Service 3.0
RP371: 2/26/2011 11:54:25 PM - Cleaned registry with Windows Live OneCare safety scanner
RP372: 2/27/2011 9:29:05 AM - Installed Java™ 6 Update 24
RP373: 2/27/2011 9:49:23 AM - Removed J2SE Runtime Environment 5.0 Update 6
RP374: 2/27/2011 9:50:22 AM - Removed J2SE Runtime Environment 5.0 Update 9
RP375: 2/27/2011 9:51:12 AM - Removed Java 2 Runtime Environment, SE v1.4.2_05
RP376: 2/27/2011 9:53:34 AM - Removed Java™ 6 Update 3

==== Installed Programs ======================

3100_3200_3300_Help
3100_3200_3300trb
3300
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements 2.0
Adobe Premiere Standard
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BufferChm
Canon Camera WIA Driver
Canon EOS-1D Mark II WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 20D WIA Driver
Canon PhotoRecord
Canon PIXMA iP6000D
Canon PIXMA iP6000D Memory Card Utility
Canon Utilities Digital Photo Professional 1.6.1
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Capture 1.2
Canon Utilities EOS Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Click to DVD 2.0 Menu Data
Click to DVD 2.1.10
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
DVgate Plus
Easy-WebPrint
EOS Capture 1.2
EOS Viewer Utility 1.2.1
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
High-Speed Internet Options
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
Intel Application Accelerator
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
Java Auto Updater
Java™ 6 Update 24
Linksys EasyLink Advisor
LiveUpdate (Symantec Corporation)
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MoodLogic
Movielink eHome version 1.1
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NewCopy_CDA
Norton Internet Security
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 4.0-04-07-14-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.0.00
PanoStandAlone
PhotoGallery
PhotoStitch
PictureGear Studio 2.0
ProductContextNPI
Pure Networks Platform
RandMap
Readme
Realtek High Definition Audio Driver
Registry Mechanic 5.0
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SkinsHP1
SlideShow
SolutionCenter
Sonic Encoders
Sonic RecordNow!
Sonic_PrimoSDK
SonicStage 2.1.00
SonicStage Mastering Studio 1.3
SonicStage Mastering Studio Plugins 1.3
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony TV Tuner Library 1.0
Sony Video Shared Library
Status
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Edit Components
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Registration
VAIO SLIT-C Screen Saver
VAIO SLIT Pattern Wallpaper
VAIO Survey Standalone
VAIO System Information
VAIO Update 3
VLC media player 1.1.7
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Welcome to VAIO life
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/24/2011 9:21:39 AM, error: Rasman [20035] - Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.
2/24/2011 9:21:19 AM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Access is denied.
2/23/2011 4:06:51 PM, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: The specified module could not be found.
2/23/2011 4:06:51 PM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: The specified module could not be found.
2/23/2011 11:19:00 AM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified module could not be found.
2/23/2011 11:19:00 AM, error: RemoteAccess [20151] - The Control Protocol EAP in the Point to Point Protocol module C:\WINDOWS\System32\rasppp.dll returned an error while initializing. The specified module could not be found.
2/23/2011 11:19:00 AM, error: RemoteAccess [20070] - Point to Point Protocol engine was unable to load the C:\WINDOWS\System32\rastls.dll module. The specified module could not be found.
2/23/2011 11:19:00 AM, error: Rasman [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

==== End Of File ===========================
Thanks

Edited by Orange Blossom, 27 February 2011 - 08:15 PM.


BC AdBot (Login to Remove)

 


#2 Ochiba

Ochiba
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 01 March 2011 - 10:07 AM

Created newer post.Latest DDS Scan

Sorry for the confusion...this is the newest DDS log 3/1/11 Thanks and again sorry for the confusion

DDS (Ver_10-12-12.02) - NTFSx86
Run by jody wagner at 9:49:52.85 on Tue 03/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.207 [GMT -5:00]

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\java.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\spupdsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\ehome\medctrro.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jody wagner\Local Settings\Temporary Internet Files\Content.IE5\C5BHL1AV\Defogger[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jody wagner\Desktop\dds1.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [CreateCD_Reminder] c:\windows\sonysys\vaio recovery\reminder.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"
mRun: [PDUiP6000DMon] c:\program files\canon\memory card utility\pixma ip6000d\PDUiP6000DMon.exe
mRun: [PDUiP6000DTskbr] c:\program files\canon\memory card utility\pixma ip6000d\PDUiP6000DTskbr.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VMConsole.exe] c:\program files\sony\vaio media integrated server\platform\VMConsole.exe /windowmin
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155814862343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys [2011-2-25 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys [2011-2-25 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110225.002\BHDrvx86.sys [2011-2-25 800376]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys [2011-2-25 136312]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-2-27 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2011-2-27 1125376]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-5-8 204800]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccsvchst.exe [2011-2-25 130000]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2006-8-12 118877]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110228.002\IDSXpx86.sys [2011-3-1 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110228.040\NAVENG.SYS [2011-3-1 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110228.040\NAVEX15.SYS [2011-3-1 1360760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S2 PEVSystemStart;PEVSystemStart;c:\toolb\PEV.cfxxe [2011-2-27 256512]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2011-02-27 22:18:41 -------- d-sha-r- C:\cmdcons
2011-02-27 20:09:29 98816 ----a-w- c:\windows\sed.exe
2011-02-27 20:09:29 89088 ----a-w- c:\windows\MBR.exe
2011-02-27 20:09:29 256512 ----a-w- c:\windows\PEV.exe
2011-02-27 20:09:29 161792 ----a-w- c:\windows\SWREG.exe
2011-02-27 20:09:10 -------- d-s---w- C:\ToolB
2011-02-27 19:27:06 -------- d-----w- c:\program files\Cobian Backup 10
2011-02-25 17:05:02 -------- dc-h--w- c:\windows\ie8
2011-02-25 17:01:48 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-25 15:38:43 -------- d-----w- c:\docume~1\jodywa~1\applic~1\ElevatedDiagnostics
2011-02-25 10:31:12 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-25 10:31:12 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-25 10:30:56 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-25 10:30:14 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-25 10:24:01 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-25 08:21:25 368248 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symtdi.sys
2011-02-25 08:21:25 330360 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-02-25 08:21:25 295032 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-02-25 08:21:24 652336 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symefa.sys
2011-02-25 08:21:23 509560 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-02-25 08:21:23 50168 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-02-25 08:21:23 340016 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symds.sys
2011-02-25 08:21:22 136312 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys
2011-02-25 08:20:21 -------- d-----w- c:\windows\system32\drivers\nis\1205000.07D
2011-02-25 08:09:58 -------- d-----w- c:\windows\system32\scripting
2011-02-25 08:09:55 -------- d-----w- c:\windows\l2schemas
2011-02-25 08:09:54 -------- d-----w- c:\windows\system32\en
2011-02-25 08:09:54 -------- d-----w- c:\windows\system32\bits
2011-02-25 07:44:59 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-25 07:43:56 15423 ------w- c:\windows\system32\drivers\ch7xxnt5.dll
2011-02-25 06:47:02 -------- d-----w- c:\docume~1\jodywa~1\locals~1\applic~1\Deployment
2011-02-25 06:39:44 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2011-02-25 05:37:32 -------- d-----w- c:\docume~1\jodywa~1\locals~1\applic~1\NPE
2011-02-25 04:25:30 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2011-02-25 04:25:03 -------- d-----w- c:\windows\system32\Cache
2011-02-25 04:23:59 8192 ----a-w- c:\windows\system32\staxmem.dll
2011-02-25 04:23:57 -------- d-----w- C:\Inetpub
2011-02-25 03:50:57 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-02-25 03:50:57 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-25 03:50:56 -------- d-----w- c:\program files\Symantec
2011-02-25 03:49:24 -------- d-----w- c:\windows\system32\drivers\NIS
2011-02-25 03:49:03 -------- d-----w- c:\program files\Norton Internet Security
2011-02-24 16:28:54 -------- d-----w- c:\docume~1\jodywa~1\applic~1\Malwarebytes
2011-02-24 16:25:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-24 15:17:12 -------- d-----w- c:\docume~1\jodywa~1\applic~1\Tific
2011-02-20 20:25:48 -------- d--h--w- c:\windows\msdownld.tmp
2011-02-19 19:03:03 -------- d-----w- c:\program files\VideoLAN
2011-02-17 23:18:49 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-02-17 23:18:49 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-02-17 23:18:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-02-17 23:18:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-02-17 23:18:47 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-02-17 23:18:47 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-02-17 23:18:46 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-01-30 19:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 9:51:53.57 ===============

EDIT: Topics merged ~BP

Edited by Ochiba, 02 March 2011 - 07:47 AM.


#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:04 AM

Posted 06 March 2011 - 05:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 Ochiba

Ochiba
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 06 March 2011 - 01:53 PM

. Thanks for your responce Casey ..Here are the Logs you Requested

GMER 1.0.15.15530 - httpwww.gmer.net
Rootkit scan 2011-03-06 131927
Windows 5.1.2600 Service Pack 3 Harddisk0DR0 - DeviceIdeIdeDeviceP1T0L0-17 WDC_WD2000JD-98HBB0 rev.08.02D08
Running gmer.exe; Driver CDOCUME~1JODYWA~1LOCALS~1Tempuftdqpog.sys


---- System - GMER 1.0.15 ----

SSDT 862286C8 ZwAlertResumeThread
SSDT 86947C00 ZwAlertThread
SSDT 86920950 ZwAllocateVirtualMemory
SSDT 869507A8 ZwAssignProcessToJobObject
SSDT 869DA9D0 ZwConnectPort
SSDT CWINDOWSsystem32DriversSYMEVENT.SYS (Symantec Event LibrarySymantec Corporation) ZwCreateKey [0xB669D720]
SSDT 86228418 ZwCreateMutant
SSDT 869505C8 ZwCreateSymbolicLinkObject
SSDT 86990310 ZwCreateThread
SSDT 86950888 ZwDebugActiveProcess
SSDT CWINDOWSsystem32DriversSYMEVENT.SYS (Symantec Event LibrarySymantec Corporation) ZwDeleteKey [0xB669D9A0]
SSDT CWINDOWSsystem32DriversSYMEVENT.SYS (Symantec Event LibrarySymantec Corporation) ZwDeleteValueKey [0xB669DF00]
SSDT 869546E0 ZwDuplicateObject
SSDT 86920770 ZwFreeVirtualMemory
SSDT 86228508 ZwImpersonateAnonymousToken
SSDT 862285E8 ZwImpersonateThread
SSDT 8729E050 ZwLoadDriver
SSDT 8620A718 ZwMapViewOfSection
SSDT 86950D38 ZwOpenEvent
SSDT 86967BC8 ZwOpenProcess
SSDT 86954640 ZwOpenProcessToken
SSDT 86950B98 ZwOpenSection
SSDT 86967AD8 ZwOpenThread
SSDT 869506B8 ZwProtectVirtualMemory
SSDT 86947CE0 ZwResumeThread
SSDT 8620A468 ZwSetContextThread
SSDT 8620A548 ZwSetInformationProcess
SSDT 86950A50 ZwSetSystemInformation
SSDT CWINDOWSsystem32DriversSYMEVENT.SYS (Symantec Event LibrarySymantec Corporation) ZwSetValueKey [0xB669E150]
SSDT 86950C78 ZwSuspendProcess
SSDT 86947DC0 ZwSuspendThread
SSDT CProgram FilesSUPERAntiSpywareSASKUTIL.sys (SASKUTIL.SYSSUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6509620]
SSDT 86947EA0 ZwTerminateThread
SSDT 8620A638 ZwUnmapViewOfSection
SSDT 86920860 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

SYMDS.SYS The system cannot find the file specified. !
SYMEFA.SYS The system cannot find the file specified. !
CDOCUME~1JODYWA~1LOCALS~1Tempmbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] ntdll.dll!RtlValidateUnicodeString + 55E 7C916328 10 Bytes JMP 0533003A
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 053300F3
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 053301A9
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4000] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)
.text CProgram FilesInternet ExplorerIEXPLORE.EXE[4024] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 CWINDOWSsystem32IEFRAME.dll (Internet ExplorerMicrosoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System DriverMicrosoft Corporation)
Device Fastfat.SYS (Fast FAT File System DriverMicrosoft Corporation)

AttachedDevice DriverTcpip DeviceIp SYMTDI.SYS (Network Dispatch DriverSymantec Corporation)
AttachedDevice DriverTcpip DeviceTcp SYMTDI.SYS (Network Dispatch DriverSymantec Corporation)
AttachedDevice DriverTcpip DeviceUdp SYMTDI.SYS (Network Dispatch DriverSymantec Corporation)
AttachedDevice DriverTcpip DeviceRawIp SYMTDI.SYS (Network Dispatch DriverSymantec Corporation)

Device mrxsmb.sys (Windows NT SMB MinirdrMicrosoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter ManagerMicrosoft Corporation)

Device Cdfs.SYS (CD-ROM File System DriverMicrosoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@DeviceNotSelectedTimeout 15
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@GDIProcessHandleQuota 10000
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@Spooler yes
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@swapdisk
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@TransmissionRetryTimeout 90
Reg HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

Attached Files



#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:04 PM

Posted 08 March 2011 - 06:52 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#6 Ochiba

Ochiba
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 08 March 2011 - 10:35 AM

OTL logfile created on: 3/8/2011 10:23:47 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\jody wagner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 131.87 Gb Free Space | 73.55% Space Free | Partition Type: NTFS
Drive L: | 3.73 Gb Total Space | 0.24 Gb Free Space | 6.44% Space Free | Partition Type: FAT32

Computer Name: WAGNER1 | User Name: jody wagner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/08 10:15:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jody wagner\Desktop\OTL.exe
PRC - [2011/02/25 01:45:41 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/09/23 16:46:16 | 003,154,432 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\cbInterface.exe
PRC - [2010/09/23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\cbService.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spupdsvc.exe
PRC - [2008/06/13 06:51:57 | 000,139,264 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/05/08 11:59:42 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/10 06:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/07/28 18:34:22 | 002,551,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
PRC - [2004/07/28 17:40:18 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2004/07/09 16:28:14 | 001,826,816 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
PRC - [2004/07/08 20:26:54 | 000,118,877 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
PRC - [2004/06/23 18:37:02 | 000,557,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
PRC - [2004/06/22 10:58:14 | 000,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
PRC - [2004/06/16 02:42:34 | 000,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
PRC - [2004/05/31 12:26:44 | 000,057,344 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
PRC - [2004/05/28 08:29:50 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
PRC - [2004/05/27 18:50:06 | 000,045,056 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
PRC - [2004/04/15 13:45:22 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/03/23 14:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 14:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/10/30 11:48:10 | 001,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
PRC - [2003/08/22 11:22:28 | 000,045,056 | ---- | M] (Chicony) -- C:\Program Files\Sony\sHotKey\SHOTKEY.exe
PRC - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe


========== Modules (SafeList) ==========

MOD - [2011/03/08 10:15:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jody wagner\Desktop\OTL.exe
MOD - [2010/12/04 01:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/09/23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/01 10:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/05/08 11:59:42 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/02/09 19:06:25 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/09 16:28:14 | 001,826,816 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/07/08 20:27:20 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/07/08 20:26:54 | 000,118,877 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/07/08 20:19:04 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/07/08 20:17:54 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/06/22 10:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 10:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 02:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 02:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 02:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/05/27 18:50:06 | 000,045,056 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe -- (PDUiP6000DMemCrdMgr)
SRV - [2004/04/15 13:45:22 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/03/23 14:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2003/10/30 11:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 14:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 12:49:30 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110307.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/04 12:49:30 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110307.039\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/25 16:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/02/24 23:27:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/02/24 23:27:30 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/02/24 22:50:56 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/01 00:24:00 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/22 23:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 21:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110304.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/11/02 12:29:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/11/02 12:29:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/11/02 12:28:54 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/10/20 21:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2005/10/07 18:58:36 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2004/09/09 21:15:14 | 000,798,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/05 23:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/07/29 13:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/04/13 17:57:00 | 000,160,640 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/04/13 17:56:00 | 000,682,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/04/13 17:54:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/17 17:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2000/12/05 18:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1662331573-978194368-745252875-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1662331573-978194368-745252875-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1662331573-978194368-745252875-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1662331573-978194368-745252875-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1662331573-978194368-745252875-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1662331573-978194368-745252875-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{D5B4C884-504E-4D1C-94F5-EB384C4BC75B}: C:\Documents and Settings\jody wagner\Local Settings\Application Data\{D5B4C884-504E-4D1C-94F5-EB384C4BC75B} [2010/11/12 10:30:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/02/25 03:46:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/02/25 03:20:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/02/25 01:49:13 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/24 10:02:05 | 000,000,002 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1662331573-978194368-745252875-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1662331573-978194368-745252875-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [Cobian Backup 10 Interface] C:\Program Files\Cobian Backup 10\cbInterface.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe (CANON INC.)
O4 - HKLM..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe (CANON INC.)
O4 - HKLM..\Run: [sHotKey] C:\Program Files\SONY\sHotKey\sHotKey.exe (Chicony)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VMConsole.exe] C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1662331573-978194368-745252875-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1662331573-978194368-745252875-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1662331573-978194368-745252875-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ControlInstaller Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155814862343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.69.41 213.109.72.20 1.1.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/28 15:06:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/08 10:15:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jody wagner\Desktop\OTL.exe
[2011/03/06 10:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\gmer
[2011/03/01 14:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\My Documents\SonicStage Mastering Studio
[2011/02/27 17:18:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/27 15:09:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/27 15:09:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/27 15:09:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/27 15:09:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/27 15:09:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/27 15:09:10 | 000,000,000 | --SD | C] -- C:\ToolB
[2011/02/27 15:08:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/27 14:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Safe mirror
[2011/02/27 14:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/02/27 14:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/02/27 14:25:34 | 015,492,608 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Documents and Settings\jody wagner\Desktop\cbSetup.exe
[2011/02/27 09:29:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/27 09:29:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/27 09:29:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/26 20:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/02/25 12:05:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/02/25 10:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Application Data\ElevatedDiagnostics
[2011/02/25 09:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/02/25 09:57:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/02/25 05:31:12 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/02/25 05:31:12 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/02/25 05:30:56 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/02/25 05:30:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/02/25 05:24:01 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/02/25 03:41:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/25 03:21:25 | 000,368,248 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdi.sys
[2011/02/25 03:21:25 | 000,330,360 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdiv.sys
[2011/02/25 03:21:25 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnets.sys
[2011/02/25 03:21:24 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symefa.sys
[2011/02/25 03:21:23 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011/02/25 03:21:23 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symds.sys
[2011/02/25 03:21:23 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011/02/25 03:21:22 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\ironx86.sys
[2011/02/25 03:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1205000.07D
[2011/02/25 03:09:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/25 03:09:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/25 03:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011/02/25 03:09:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/25 03:09:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/25 02:54:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/25 02:45:45 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/02/25 02:45:42 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/02/25 02:45:42 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/02/25 02:45:42 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/02/25 02:45:42 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/02/25 02:45:42 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/02/25 02:45:42 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/02/25 02:45:41 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/02/25 02:45:36 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/02/25 02:45:25 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2011/02/25 02:45:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2011/02/25 02:45:23 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/02/25 02:45:22 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/02/25 02:45:22 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/02/25 02:45:22 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/02/25 02:45:22 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/02/25 02:45:22 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/02/25 02:45:22 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/02/25 02:45:22 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/02/25 02:45:22 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/02/25 02:45:22 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/02/25 02:45:22 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/02/25 02:45:21 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/02/25 02:45:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/02/25 02:45:17 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/02/25 02:45:17 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/02/25 02:45:16 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/02/25 02:45:16 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/02/25 02:45:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2011/02/25 02:45:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2011/02/25 02:45:15 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/02/25 02:45:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/02/25 02:45:13 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/02/25 02:45:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2011/02/25 02:45:06 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/02/25 02:45:04 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/02/25 02:45:00 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/02/25 02:45:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/02/25 02:45:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/02/25 02:44:59 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/02/25 02:44:59 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/02/25 02:44:59 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/02/25 02:44:59 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/02/25 02:44:59 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/02/25 02:44:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2011/02/25 02:44:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/02/25 02:44:59 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/02/25 02:44:57 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/02/25 02:44:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/02/25 02:44:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/02/25 02:44:44 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/02/25 02:44:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/02/25 02:44:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/02/25 02:44:33 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/02/25 02:44:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/02/25 02:44:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/02/25 02:44:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/02/25 02:44:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/02/25 02:44:21 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2011/02/25 02:44:17 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/02/25 02:44:12 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2011/02/25 02:44:09 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/02/25 02:44:09 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/02/25 02:44:09 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2011/02/25 02:44:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/02/25 02:44:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/02/25 02:44:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2011/02/25 02:44:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2011/02/25 02:44:07 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/02/25 02:44:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/02/25 02:44:07 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/02/25 02:44:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/02/25 02:44:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2011/02/25 02:44:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2011/02/25 02:44:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/02/25 02:44:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/02/25 02:43:56 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/02/25 02:43:55 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/02/25 02:43:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/02/25 02:43:53 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/02/25 02:43:53 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/02/25 02:43:53 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/02/25 02:43:53 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/02/25 02:43:53 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/02/25 02:43:53 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/02/25 02:43:53 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/02/25 02:43:53 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/02/25 02:43:53 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/02/25 02:43:53 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/02/25 02:43:53 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/02/25 02:43:53 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/02/25 02:43:53 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/02/25 02:43:53 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/02/25 02:43:53 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/02/25 02:43:53 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/02/25 02:43:53 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/02/25 02:43:53 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/02/25 02:43:53 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/02/25 02:43:52 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/02/25 02:43:52 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/02/25 02:43:52 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/02/25 02:43:52 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/02/25 02:43:52 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/02/25 02:43:52 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/02/25 02:43:52 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/02/25 02:43:52 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/02/25 02:43:52 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/02/25 02:43:52 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/02/25 02:43:52 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/02/25 02:43:52 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/02/25 02:43:51 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/02/25 02:43:47 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/02/25 02:43:47 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/02/25 02:43:47 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/02/25 02:43:47 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/02/25 02:43:47 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/02/25 02:43:47 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/02/25 02:43:47 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/02/25 02:43:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/02/25 01:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Local Settings\Application Data\Deployment
[2011/02/25 01:39:44 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/02/25 01:16:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/02/25 00:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Local Settings\Application Data\NPE
[2011/02/24 23:25:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2011/02/24 23:25:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2011/02/24 23:24:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll
[2011/02/24 23:24:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/02/24 23:24:50 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/02/24 23:24:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/02/24 23:24:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/02/24 23:24:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll
[2011/02/24 23:24:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/02/24 23:24:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/02/24 23:24:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/02/24 23:24:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe
[2011/02/24 23:24:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/02/24 23:24:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll
[2011/02/24 23:24:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/02/24 23:24:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/02/24 23:24:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll
[2011/02/24 23:24:12 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/02/24 23:24:12 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/02/24 23:24:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/02/24 23:24:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/02/24 23:24:12 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/02/24 23:24:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/02/24 23:24:12 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/02/24 23:24:12 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/02/24 23:24:11 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/02/24 23:24:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/02/24 23:24:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/02/24 23:24:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/02/24 23:24:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/02/24 23:24:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/02/24 23:24:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/02/24 23:24:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/02/24 23:24:10 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/02/24 23:24:10 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/02/24 23:24:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/02/24 23:24:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll
[2011/02/24 23:24:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/02/24 23:24:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll
[2011/02/24 23:24:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/02/24 23:24:10 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/02/24 23:24:10 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll
[2011/02/24 23:24:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/02/24 23:24:09 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/02/24 23:24:09 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll
[2011/02/24 23:24:09 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/02/24 23:24:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe
[2011/02/24 23:24:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/02/24 23:24:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll
[2011/02/24 23:24:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/02/24 23:24:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll
[2011/02/24 23:24:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/02/24 23:24:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll
[2011/02/24 23:24:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/02/24 23:24:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll
[2011/02/24 23:24:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/02/24 23:24:08 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/02/24 23:24:08 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe
[2011/02/24 23:24:08 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/02/24 23:24:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll
[2011/02/24 23:24:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/02/24 23:24:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/02/24 23:24:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll
[2011/02/24 23:24:04 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll
[2011/02/24 23:24:04 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll
[2011/02/24 23:24:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2011/02/24 23:24:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2011/02/24 23:24:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrtl.dll
[2011/02/24 23:24:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll
[2011/02/24 23:24:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll
[2011/02/24 23:24:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll
[2011/02/24 23:24:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll
[2011/02/24 23:23:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll
[2011/02/24 23:23:57 | 000,000,000 | ---D | C] -- C:\Inetpub
[2011/02/24 22:50:57 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/02/24 22:50:57 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/02/24 22:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/02/24 22:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/02/24 22:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/02/24 22:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/02/24 11:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Application Data\Malwarebytes
[2011/02/24 11:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/24 10:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Application Data\Tific
[2011/02/23 11:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Recent Camera
[2011/02/23 10:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\My Documents\Noton Backup files
[2011/02/21 19:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Zen
[2011/02/20 14:49:15 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/02/19 17:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Scott
[2011/02/19 14:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Application Data\vlc
[2011/02/19 14:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/19 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/02/17 19:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sony Corporation
[2011/02/17 19:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Application Data\InterVideo
[2011/02/17 18:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VAIO Update 3
[2011/02/16 08:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Moms
[2011/02/15 19:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Crickets
[2011/02/15 11:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Hairy
[2011/02/14 18:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\anines dayNew Folder
[2011/02/13 12:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Food
[2011/02/12 13:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Michele
[2011/02/12 13:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Fish
[2011/02/12 13:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\Laptop Photos
[2011/02/12 11:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\3D
[2011/02/11 21:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody wagner\Desktop\airsoft
[2006/09/23 13:00:01 | 000,118,867 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK175.dll
[2004/04/05 07:44:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\jody wagner\Application Data\*.tmp files -> C:\Documents and Settings\jody wagner\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/08 10:15:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jody wagner\Desktop\OTL.exe
[2011/03/08 09:53:06 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/08 09:41:21 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/08 09:40:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/08 09:39:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/07 11:37:45 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\art.url
[2011/03/07 09:10:41 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Hamster.url
[2011/03/06 10:02:34 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\gmer.zip
[2011/03/06 03:00:00 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegSERVO.job
[2011/03/04 14:06:47 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Airsoft Classifieds.url
[2011/03/04 11:46:59 | 000,107,062 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Headwear.bmp
[2011/03/04 11:11:26 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Busty Cats.url
[2011/03/04 11:06:42 | 000,024,769 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\three-stooges-doctors.jpg
[2011/03/04 11:06:06 | 000,032,119 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Three-Stooges-1934-731469.jpg
[2011/03/04 10:57:00 | 000,010,691 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\3-stooges-football.jpg
[2011/03/02 08:38:24 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Microsoft Fix.url
[2011/02/27 17:18:47 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/02/27 15:08:08 | 004,276,140 | R--- | M] () -- C:\Documents and Settings\jody wagner\Desktop\ToolB.exe
[2011/02/27 14:26:00 | 015,492,608 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Documents and Settings\jody wagner\Desktop\cbSetup.exe
[2011/02/27 12:22:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jody wagner\defogger_reenable
[2011/02/27 12:21:46 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Defogger.exe
[2011/02/26 18:49:34 | 000,682,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/02/26 18:28:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\jody wagner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/26 03:59:18 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/26 03:40:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/26 03:29:04 | 000,493,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/26 03:29:04 | 000,089,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/26 03:14:05 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/02/25 12:26:39 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\jody wagner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/25 12:22:24 | 000,000,092 | ---- | M] () -- C:\ResumeOmgApDeliveryMgrCntrl_SonicStage_EmdDownloadObj.dmf
[2011/02/25 11:49:30 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\v.url
[2011/02/25 09:18:28 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\New Internet Shortcut.url
[2011/02/25 03:53:43 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\video One.url
[2011/02/25 03:42:47 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/02/25 03:01:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/25 00:54:52 | 000,001,254 | ---- | M] () -- C:\Documents and Settings\jody wagner\Application Data\SMRResults161.dat
[2011/02/25 00:44:08 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/02/24 23:08:11 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Internet Explorer.lnk
[2011/02/24 22:50:57 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/02/24 22:50:57 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/02/24 22:50:56 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/02/24 22:50:56 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/02/24 14:31:07 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\jody wagner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/24 14:13:37 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\girls.url
[2011/02/23 09:54:07 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Sony support.url
[2011/02/23 08:40:58 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\WWW.url
[2011/02/22 16:19:40 | 000,000,084 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Philadelphia Area Airsoft • View topic - GENERAL RULES FOR ENTIRE SITE READ ME.url
[2011/02/20 15:59:16 | 007,868,416 | ---- | M] () -- C:\Documents and Settings\jody wagner\s-1-5-21-1662331573-978194368-745252875-1004.rrr
[2011/02/19 20:19:00 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\PA Unemployment.url
[2011/02/19 20:16:47 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\ultimate.zip
[2011/02/19 18:52:07 | 000,899,445 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Piranha Pugs.JPG
[2011/02/19 14:24:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/19 14:03:53 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/19 10:28:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\jody wagner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/19 10:28:23 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Windows Media Player.lnk
[2011/02/19 08:10:10 | 000,030,896 | ---- | M] () -- C:\{82A5DC12-2E55-4337-A5E0-4AD8CF08FEE3}
[2011/02/18 10:24:50 | 000,118,524 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\simsalabim2.jpg
[2011/02/18 10:24:07 | 000,111,317 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\simsalabim1.jpg
[2011/02/18 10:22:27 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\ultimate.url
[2011/02/17 19:39:12 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/17 19:39:12 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/16 10:10:22 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Asian Tube.url
[2011/02/16 08:44:14 | 000,873,654 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Bullwinkle.bmp
[2011/02/15 20:36:23 | 000,707,831 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\IMG_4535.jpg
[2011/02/15 19:56:42 | 000,056,982 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\pd1813908.jpg
[2011/02/15 19:55:24 | 000,004,633 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\pd1813908_s.jpg
[2011/02/15 10:41:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/15 09:01:24 | 002,859,048 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\IMG_4536.jpg
[2011/02/14 13:36:45 | 000,009,416 | ---- | M] () -- C:\{2EEC6F6A-A909-462F-9C08-196673CDF74A}
[2011/02/14 10:08:58 | 000,303,645 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Rose.jpg
[2011/02/14 10:02:58 | 000,281,717 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\02fgf.jpg
[2011/02/11 22:22:25 | 000,011,584 | ---- | M] () -- C:\{917E6132-14F2-4F95-A832-D4B4EB272616}
[2011/02/11 20:34:23 | 000,120,173 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Algerian_ATE_Superhind_Mk_IIIf_by_siregar (1).jpg
[2011/02/11 12:07:06 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Tokoyo Rose.url
[2011/02/11 11:42:58 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\S.Divas.url
[2011/02/11 10:24:04 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Sheer.url
[2011/02/10 10:57:15 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\OWC.url
[2011/02/09 20:17:54 | 000,000,960 | ---- | M] () -- C:\{38C27C4A-7118-4C53-9CAB-4F0DE1B5232F}
[2011/02/09 13:26:30 | 000,002,744 | ---- | M] () -- C:\{DD09119A-6150-4370-94EC-32A007C2F92A}
[2011/02/08 03:15:50 | 000,030,944 | ---- | M] () -- C:\{92DF263E-FB4D-44BB-A02E-5881792D6381}
[2011/02/08 01:13:36 | 000,031,640 | ---- | M] () -- C:\{3E908E2F-ADCD-4B40-8ED0-908DBBE7E976}
[2011/02/07 11:59:19 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\stocks.url
[2011/02/07 11:36:29 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\jody wagner\Desktop\Justwanna have fun.url
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\jody wagner\Application Data\*.tmp files -> C:\Documents and Settings\jody wagner\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/07 09:10:04 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Hamster.url
[2011/03/06 10:02:30 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\gmer.zip
[2011/03/04 11:46:59 | 000,107,062 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Headwear.bmp
[2011/03/04 11:06:56 | 000,024,769 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\three-stooges-doctors.jpg
[2011/03/04 11:06:16 | 000,032,119 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Three-Stooges-1934-731469.jpg
[2011/03/04 10:57:42 | 000,010,691 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\3-stooges-football.jpg
[2011/02/27 17:18:47 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/02/27 17:18:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/27 15:09:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/27 15:09:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/27 15:09:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/27 15:09:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/27 15:09:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/27 15:07:49 | 004,276,140 | R--- | C] () -- C:\Documents and Settings\jody wagner\Desktop\ToolB.exe
[2011/02/27 12:22:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jody wagner\defogger_reenable
[2011/02/27 12:21:31 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Defogger.exe
[2011/02/26 23:56:41 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Microsoft Fix.url
[2011/02/25 03:40:24 | 000,682,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/02/25 03:21:25 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnetv.cat
[2011/02/25 03:21:25 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnetv.inf
[2011/02/25 03:21:24 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnet.cat
[2011/02/25 03:21:24 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symefa.cat
[2011/02/25 03:21:24 | 000,003,374 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symefa.inf
[2011/02/25 03:21:24 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnet.inf
[2011/02/25 03:21:23 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011/02/25 03:21:23 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symds.cat
[2011/02/25 03:21:23 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symds.inf
[2011/02/25 03:21:23 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011/02/25 03:21:22 | 000,007,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\iron.cat
[2011/02/25 03:21:22 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011/02/25 03:21:22 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011/02/25 03:21:22 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\iron.inf
[2011/02/25 03:20:21 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\isolate.ini
[2011/02/25 02:45:02 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/02/25 02:44:23 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2011/02/25 02:44:04 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/02/25 02:43:53 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/02/25 01:48:52 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/25 01:48:51 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/25 01:30:28 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\jody wagner\Start Menu\Programs\Internet Explorer.lnk
[2011/02/25 00:54:48 | 000,001,254 | ---- | C] () -- C:\Documents and Settings\jody wagner\Application Data\SMRResults161.dat
[2011/02/24 23:24:50 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/02/24 23:24:50 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2011/02/24 23:24:50 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/02/24 23:24:50 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2011/02/24 23:24:10 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/02/24 23:24:10 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/02/24 23:24:10 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2011/02/24 23:24:10 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2011/02/24 23:24:08 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/02/24 23:24:08 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2011/02/24 22:50:57 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/02/24 22:50:57 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/02/24 22:50:30 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/02/24 15:02:37 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\jody wagner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/24 15:02:17 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Internet Explorer.lnk
[2011/02/19 20:16:46 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\ultimate.zip
[2011/02/19 19:44:41 | 000,008,627 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/02/19 18:52:06 | 000,899,445 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Piranha Pugs.JPG
[2011/02/19 14:24:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/19 14:03:52 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/19 08:46:27 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\video One.url
[2011/02/19 08:10:10 | 000,030,896 | ---- | C] () -- C:\{82A5DC12-2E55-4337-A5E0-4AD8CF08FEE3}
[2011/02/19 06:57:31 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Philadelphia Area Airsoft • View topic - GENERAL RULES FOR ENTIRE SITE READ ME.url
[2011/02/19 06:51:52 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Mid-Atlantic Airsoft Player Registry© View topic - BG's - For Sale Thread.url
[2011/02/19 06:45:10 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Airsoft Classifieds.url
[2011/02/18 10:24:50 | 000,118,524 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\simsalabim2.jpg
[2011/02/18 10:24:06 | 000,111,317 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\simsalabim1.jpg
[2011/02/18 10:22:07 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\ultimate.url
[2011/02/17 19:39:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\jody wagner\Start Menu\Programs\Windows Media Player.lnk
[2011/02/17 19:39:12 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/17 19:39:12 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/17 19:28:56 | 000,000,092 | ---- | C] () -- C:\ResumeOmgApDeliveryMgrCntrl_SonicStage_EmdDownloadObj.dmf
[2011/02/17 18:35:30 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Sony support.url
[2011/02/16 13:29:40 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\New Internet Shortcut.url
[2011/02/16 10:10:01 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Asian Tube.url
[2011/02/16 08:44:14 | 000,873,654 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Bullwinkle.bmp
[2011/02/15 19:56:45 | 000,056,982 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\pd1813908.jpg
[2011/02/15 19:56:12 | 000,004,633 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\pd1813908_s.jpg
[2011/02/15 17:48:03 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Busty Cats.url
[2011/02/15 09:01:24 | 002,859,048 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\IMG_4536.jpg
[2011/02/15 09:01:18 | 000,707,831 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\IMG_4535.jpg
[2011/02/14 13:36:45 | 000,009,416 | ---- | C] () -- C:\{2EEC6F6A-A909-462F-9C08-196673CDF74A}
[2011/02/14 10:08:58 | 000,303,645 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Rose.jpg
[2011/02/11 22:22:25 | 000,011,584 | ---- | C] () -- C:\{917E6132-14F2-4F95-A832-D4B4EB272616}
[2011/02/11 20:34:25 | 000,120,173 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Algerian_ATE_Superhind_Mk_IIIf_by_siregar (1).jpg
[2011/02/11 12:06:29 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Tokoyo Rose.url
[2011/02/11 11:59:46 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\girls.url
[2011/02/11 11:42:34 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\S.Divas.url
[2011/02/11 10:23:49 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Sheer.url
[2011/02/10 10:56:24 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\OWC.url
[2011/02/10 09:37:52 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\WWW.url
[2011/02/09 20:17:54 | 000,000,960 | ---- | C] () -- C:\{38C27C4A-7118-4C53-9CAB-4F0DE1B5232F}
[2011/02/09 13:26:30 | 000,002,744 | ---- | C] () -- C:\{DD09119A-6150-4370-94EC-32A007C2F92A}
[2011/02/08 03:15:50 | 000,030,944 | ---- | C] () -- C:\{92DF263E-FB4D-44BB-A02E-5881792D6381}
[2011/02/08 01:13:36 | 000,031,640 | ---- | C] () -- C:\{3E908E2F-ADCD-4B40-8ED0-908DBBE7E976}
[2011/02/07 11:59:00 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\stocks.url
[2011/02/07 11:35:49 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\jody wagner\Desktop\Justwanna have fun.url
[2011/01/12 03:59:37 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\jody wagner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/12 10:30:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Agolije.dat
[2010/11/12 10:30:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hqepe.bin
[2010/11/08 16:23:35 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/11/07 08:24:41 | 000,353,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/02 11:25:16 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/06/06 19:45:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jody wagner\Application Data\wklnhst.dat
[2006/11/20 13:23:42 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/10 12:10:36 | 000,117,090 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2006/11/10 12:10:36 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2006/10/05 09:00:01 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/05 08:59:46 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/10/05 08:52:24 | 000,116,638 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/10/05 08:39:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/10/04 20:11:05 | 000,001,423 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/10/04 14:12:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/10/04 13:04:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2006/09/13 14:37:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/08/15 04:48:04 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\jody wagner\Local Settings\Application Data\fusioncache.dat
[2006/08/12 20:47:29 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/12 20:46:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/12 20:34:20 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/08/12 20:31:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/12 20:31:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/12 20:31:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/12 20:31:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/12 20:31:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/12 20:31:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/09/28 16:41:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/28 16:00:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/09/28 16:00:39 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/09/28 15:45:37 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2004/09/28 15:33:39 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/09/28 15:11:23 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/28 15:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/28 15:03:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/28 14:55:15 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/09/28 14:55:06 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/28 14:54:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/28 14:54:38 | 000,493,780 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/28 14:54:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/28 14:54:38 | 000,089,766 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/28 14:54:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/28 14:54:38 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/28 14:54:37 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/28 14:54:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/28 14:54:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/28 14:54:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/28 14:54:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/28 14:54:27 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/28 08:00:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/28 08:00:07 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/06/24 12:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/23 10:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/06 13:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 19:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 19:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe
[2001/10/24 18:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\jody wagner\Desktop\simsalabim2.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\jody wagner\Desktop\simsalabim1.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\jody wagner\Desktop\Rose.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\jody wagner\Desktop\Piranha Pugs.JPG:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\jody wagner\Desktop\IMG_4535.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\jody wagner\Desktop\02fgf.jpg:SummaryInformation

< End of report

OTL Extras logfile created on: 3/8/2011 10:23:47 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\jody wagner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 131.87 Gb Free Space | 73.55% Space Free | Partition Type: NTFS
Drive L: | 3.73 Gb Total Space | 0.24 Gb Free Space | 6.44% Space Free | Partition Type: FAT32

Computer Name: WAGNER1 | User Name: jody wagner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1662331573-978194368-745252875-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\jody wagner\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe" = C:\Documents and Settings\jody wagner\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"C:\Documents and Settings\jody wagner\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe" = C:\Documents and Settings\jody wagner\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35F768BD-330E-4A2C-89C5-A38B588AF08D}" = Canon PIXMA iP6000D Memory Card Utility
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3F262ADC-5AD2-48E5-A586-44315E04A9E9}" = Microsoft Digital Image Library 10
"{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}" = Sony TV Tuner Library 1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Digital Image Pro 10
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.00
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = EOS Capture 1.2
"{750CF8D7-4B04-404F-AFA2-14C129C42373}" = EOS Viewer Utility 1.2.1
"{761C9026-14F0-4352-8658-934558272404}" = VAIO Edit Components
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"{7998F67D-655B-42E3-B651-18D96DD17268}" = Adobe Premiere Standard
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 2.1.10
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98A3A654-3AEF-42D9-BA91-DE5815EA5897}" = Click to DVD 2.0 Menu Data
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9E158BB9-37B9-464B-837E-CC1D5766291B}" = VAIO Update 3
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 1.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}" = Canon Camera WIA Driver
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D002159B-91CD-48E5-96D1-C476BA3DECB3}" = 3100_3200_3300_Help
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D1CB9533-B129-40B7-9B11-BB444BF52403}" = Pure Networks Platform
"{D3227BD6-7D66-4B96-BA01-C21FB1F2224D}" = 3100_3200_3300trb
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}" = SonicStage MP3 Add-on program
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1D94FAD-CFA4-4B76-91D9-28F5AB18A431}" = 3300
"{E492D880-0B07-4769-9E92-6C2B7DE37716}" = Linksys EasyLink Advisor
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins 1.3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP69.DLL" = Canon PIXMA iP6000D
"CobBackup10" = Cobian Backup 10
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"High-Speed Internet Options" = High-Speed Internet Options
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = Canon Utilities EOS Capture 1.2
"InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}" = Canon Utilities EOS Viewer Utility 1.2
"InstallShield_{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"InstallShield_{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}" = Canon EOS-1D Mark II WIA Driver
"InstallShield_{E492D880-0B07-4769-9E92-6C2B7DE37716}" = Linksys EasyLink Advisor
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"Movielink eHome_is1" = Movielink eHome version 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-07-14-01
"PictureItSuite_v10" = Microsoft Digital Image Suite 10
"PROSet" = Intel® PRO Network Adapters and Drivers
"Registry Mechanic_is1" = Registry Mechanic 5.0
"VLC media player" = VLC media player 1.1.7
"Welcome to VAIO life" = Welcome to VAIO life
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2011 4:33:28 PM | Computer Name = WAGNER1 | Source = Application Error | ID = 1000
Description = Faulting application asoelnch.exe, version 18.5.0.125, faulting module
asoelnch.exe, version 18.5.0.125, fault address 0x00001a6d.

Error - 3/3/2011 6:36:18 PM | Computer Name = WAGNER1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 3/4/2011 3:14:28 PM | Computer Name = WAGNER1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 3/4/2011 3:14:58 PM | Computer Name = WAGNER1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 3/4/2011 4:33:30 PM | Computer Name = WAGNER1 | Source = Application Error | ID = 1000
Description = Faulting application asoelnch.exe, version 18.5.0.125, faulting module
asoelnch.exe, version 18.5.0.125, fault address 0x00001a6d.

Error - 3/5/2011 4:33:30 PM | Computer Name = WAGNER1 | Source = Application Error | ID = 1000
Description = Faulting application asoelnch.exe, version 18.5.0.125, faulting module
asoelnch.exe, version 18.5.0.125, fault address 0x00001a6d.

Error - 3/6/2011 4:33:32 PM | Computer Name = WAGNER1 | Source = Application Error | ID = 1000
Description = Faulting application asoelnch.exe, version 18.5.0.125, faulting module
asoelnch.exe, version 18.5.0.125, fault address 0x00001a6d.

Error - 3/8/2011 10:40:47 AM | Computer Name = WAGNER1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 3/8/2011 10:42:01 AM | Computer Name = WAGNER1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 3/8/2011 10:42:50 AM | Computer Name = WAGNER1 | Source = Media Center Scheduler | ID = 0
Description =

[ System Events ]
Error - 3/4/2011 11:45:39 AM | Computer Name = WAGNER1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 3/4/2011 11:45:40 AM | Computer Name = WAGNER1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 3/4/2011 11:45:41 AM | Computer Name = WAGNER1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 3/4/2011 11:45:42 AM | Computer Name = WAGNER1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 3/4/2011 11:45:43 AM | Computer Name = WAGNER1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 3/4/2011 11:45:44 AM | Computer Name = WAGNER1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 3/4/2011 11:45:44 AM | Computer Name = WAGNER1 | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 3/4/2011 11:46:31 AM | Computer Name = WAGNER1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 3/4/2011 11:46:31 AM | Computer Name = WAGNER1 | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 3/4/2011 11:46:34 AM | Computer Name = WAGNER1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.


< End of report >


Thanks for your Help

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:04 PM

Posted 08 March 2011 - 04:11 PM

Hi-

Give me an update on what your computer is doing or not doing that is causing a problem. It appears that ComboFix was already run on this computer. If it was, in your reply, please copy in the contents of the report (ComboFix.txt) located in the root directory (C:\). In either case, delete the ComboFix.exe file since it is out-of-date now.

Please download Malwarebytes' Anti-Malware (MBAM) from HERE.

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If you are unable to get MBAM to run, download one of the following Rkill programs to your desktop, run it, and then try MBAM again. If you are unable run the Rkill you downloaded, download another one, and try it.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 or 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your reply, please copy in the ComboFix report and the MBAM report. Also, update me on the status of your computer.
Shannon

#8 Ochiba

Ochiba
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 09 March 2011 - 03:14 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5999

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/9/2011 1:35:54 PM
mbam-log-2011-03-09 (13-35-54).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 278929
Time elapsed: 2 hour(s), 53 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:04 PM

Posted 09 March 2011 - 04:14 PM

Give me an update on what your computer is doing or not doing that is causing a problem


Can I get an update?
Shannon

#10 Ochiba

Ochiba
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 09 March 2011 - 04:22 PM

Nothing has changed from original Problems ...started w/Media Player problems...Then redirect on IE8 removed both and reloaded
Ran SuperAnti spyware ...and several other fixes Norton,Microsoft,and whatever I could find
Sorry wish I couldbe more Help

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:04 PM

Posted 09 March 2011 - 05:38 PM

Hi-

I didn't ask you to download and run ComboFix again. I just wanted the log from the other day. Please copy into your reply the earlier log (C:\Qoobox\ComboFix2.txt).

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.7.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.

In your reply, please copy in the earlier ComboFix, the TDSSKiller, and the MBRCheck reports.
Shannon

#12 Ochiba

Ochiba
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 10 March 2011 - 11:52 AM

Sorry...I misunderstood your intentions/Directions.
Combfix was run on my Laptop prior to me recieving help from BC.Not this Computer

This is my Desktop wev'e been working on and Combo fix hadn't been run on this before.
I thought you needed the combo log ..so I ran it
The combo log in the previous message is the only one run on this computer
I'm sending your requested TDSS and MBR Logs
Again,Sorry for the confusion

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000bfd

Kernel Drivers (total 151):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7CAF000 \WINDOWS\system32\KDCOM.DLL
0xF7BBF000 \WINDOWS\system32\BOOTVID.dll
0xF7760000 ACPI.sys
0xF7CB1000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF774F000 pci.sys
0xF77AF000 isapnp.sys
0xF77BF000 ohci1394.sys
0xF77CF000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7D77000 pciide.sys
0xF7A2F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7CB3000 intelide.sys
0xF77DF000 MountMgr.sys
0xF7730000 ftdisk.sys
0xF7CB5000 dmload.sys
0xF770A000 dmio.sys
0xF7A37000 PartMgr.sys
0xF77EF000 VolSnap.sys
0xF76F2000 atapi.sys
0xF767F000 iaStor.sys
0xF77FF000 disk.sys
0xF780F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF765F000 fltmgr.sys
0xF7608000 SYMDS.SYS
0xF75F6000 sr.sys
0xF7552000 SYMEFA.SYS
0xF7A3F000 PxHelp20.sys
0xF753B000 KSecDD.sys
0xF74AE000 Ntfs.sys
0xF7481000 NDIS.sys
0xF7467000 Mup.sys
0xF783F000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF784F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7341000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF732D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7305000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7A97000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF72E1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A9F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7220000 \SystemRoot\system32\DRIVERS\smrt.sys
0xF785F000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF71FD000 \SystemRoot\system32\DRIVERS\ks.sys
0xF71DE000 \SystemRoot\system32\DRIVERS\e1000325.sys
0xF786F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7AB7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AC7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF71CA000 \SystemRoot\system32\DRIVERS\parport.sys
0xF787F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF788F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF789F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7EB3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7C73000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF71B3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF78BF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF78CF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7AEF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF71A2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78DF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7AFF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7B0F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF714A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7CC9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF704C000 \SystemRoot\system32\DRIVERS\update.sys
0xF7C97000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF791F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEEDE6000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEEDC2000 \SystemRoot\system32\drivers\portcls.sys
0xF792F000 \SystemRoot\system32\drivers\drmk.sys
0xEED9A000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEEC9B000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xEEBF4000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7B67000 \SystemRoot\System32\Drivers\Modem.SYS
0xF793F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7CCF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B77000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7CD3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7EFB000 \SystemRoot\System32\Drivers\Null.SYS
0xF7CD7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7B8F000 \SystemRoot\System32\drivers\vga.sys
0xF7CDB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7CDF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7B9F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7BAF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7C57000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB67AD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6754000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB66D3000 \SystemRoot\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS
0xB66AD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF796F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF719E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF797F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7A6F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB6687000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF798F000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB6567000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6545000 \SystemRoot\System32\drivers\afd.sys
0xF799F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6521000 \SystemRoot\system32\drivers\NIS\1205000.07D\Ironx86.SYS
0xF79AF000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
0xB64FF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF7AA7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB64D4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF7ABF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6464000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7AD7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF79BF000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6406000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF7182000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB63E9000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF7DF1000 \SystemRoot\system32\DRIVERS\DMICall.sys
0xB6322000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx86.sys
0xEF028000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7B07000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7B27000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF79EF000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xEF00C000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB62D6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF79FF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB62BE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7CF7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6748000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B6F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7EF3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04B000 \SystemRoot\System32\ati2cqag.dll
0xBF087000 \SystemRoot\System32\ati3duag.dll
0xBF2AE000 \SystemRoot\System32\ativvaxx.dll
0xBF324000 \SystemRoot\System32\ATMFD.DLL
0xB5186000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF7B4F000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xF7B5F000 \SystemRoot\system32\DRIVERS\purendis.sys
0xB4F21000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB4DC8000 \SystemRoot\System32\Drivers\HTTP.sys
0xB4CC3000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4EA9000 \SystemRoot\system32\drivers\sysaudio.sys
0xB4A13000 \SystemRoot\system32\DRIVERS\srv.sys
0xB49FB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3B18000 \SystemRoot\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
0xF7D0B000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF7B57000 \??\C:\DOCUME~1\JODYWA~1\LOCALS~1\Temp\catchme.sys
0xB2D25000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110308.003\IDSxpx86.sys
0xB28DF000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110309.039\NAVEX15.SYS
0xB28CB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110309.039\NAVENG.SYS
0xB28A0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
720 csrss.exe
748 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\ati2evxx.exe
1000 C:\WINDOWS\system32\svchost.exe
1124 svchost.exe
1220 C:\WINDOWS\system32\svchost.exe
1388 svchost.exe
1536 svchost.exe
1672 C:\WINDOWS\system32\spoolsv.exe
332 svchost.exe
368 C:\Program Files\Cobian Backup 10\cbVSCService.exe
488 C:\Program Files\Cobian Backup 10\cbService.exe
684 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
860 C:\WINDOWS\system32\inetsrv\inetinfo.exe
1212 C:\Program Files\Java\jre6\bin\jqs.exe
1768 C:\WINDOWS\system32\ati2evxx.exe
1888 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1988 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
256 C:\WINDOWS\ehome\ehtray.exe
1724 C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
444 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
472 C:\WINDOWS\system32\HPZipm12.exe
696 C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
1184 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
1192 C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
700 C:\WINDOWS\SoundMan.exe
1544 C:\WINDOWS\system32\spupdsvc.exe
1796 C:\Program Files\Sony\sHotKey\SHOTKEY.exe
1832 svchost.exe
1348 C:\WINDOWS\system32\svchost.exe
1944 wdfmgr.exe
1900 C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
2160 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
2164 C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
2228 C:\WINDOWS\ehome\medctrro.exe
2260 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2292 C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
2300 C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
2340 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
2428 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
2456 C:\WINDOWS\alcwzrd.exe
2476 C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
2544 C:\Program Files\Cobian Backup 10\cbInterface.exe
2716 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2780 C:\WINDOWS\system32\ctfmon.exe
2816 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2884 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
3020 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
3340 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3468 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3716 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
3856 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
2032 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
1564 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
1288 C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
3300 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2900 alg.exe
3712 C:\WINDOWS\system32\svchost.exe
6112 C:\WINDOWS\explorer.exe
2452 C:\Program Files\Internet Explorer\iexplore.exe
208 C:\Program Files\Internet Explorer\iexplore.exe
4400 C:\Program Files\Internet Explorer\iexplore.exe
1628 C:\Documents and Settings\jody wagner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`c01a2400 (NTFS)

PhysicalDrive0 Model Number: WDCWD2000JD-98HBB0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Attached Files



#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:04 PM

Posted 10 March 2011 - 04:58 PM

Hi-

Both those scans look good.

Let's check your router.


Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

Click on File->Save As. For File Name, enter Router.bat . For Save As Type, select All Files. Save it to your desktop.

Double-click on Router.bat to run it. When finished, it will open a report in Notepad. Please copy that report into your reply. Do not attach it.

Shannon

#14 Ochiba

Ochiba
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 11 March 2011 - 12:00 AM

Windows IP Configuration



Host Name . . . . . . . . . . . . : wagner1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : hsd1.nj.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-11-D8-02-33-F2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 213.109.69.41

213.109.72.20

1.1.1.1

Lease Obtained. . . . . . . . . . : Thursday, March 10, 2011 9:31:15 PM

Lease Expires . . . . . . . . . . : Friday, March 11, 2011 9:31:15 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.69.41

Name: google.com
Addresses: 72.14.204.147, 72.14.204.99, 72.14.204.103, 72.14.204.104

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.69.41

Name: yahoo.com
Addresses: 69.147.125.65, 67.195.160.76, 209.191.122.70, 98.137.149.56
72.30.2.43



Pinging google.com [72.14.204.104] with 32 bytes of data:



Reply from 72.14.204.104: bytes=32 time=19ms TTL=53

Reply from 72.14.204.104: bytes=32 time=16ms TTL=53



Ping statistics for 72.14.204.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 19ms, Average = 17ms



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=14ms TTL=53

Reply from 69.147.125.65: bytes=32 time=14ms TTL=53



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 14ms, Average = 14ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 d8 02 33 f2 ...... Intel® PRO/1000 MT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 10
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 10
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 10
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:04 PM

Posted 11 March 2011 - 02:39 PM

Hi-

The DNS settings in the router have been changed and need to be reset.

We need to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Now we need to flush the DNS on the computer:
  • Click on Start
  • Select run
  • Enter cmd and hit the enter key
  • A black window will open.
  • Please enter the following bold text into that window and hit the enter key-

    ipconfig /flushdns

We need to recheck your router.


Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

Click on File->Save As. For File Name, enter Router.bat . For Save As Type, select All Files. Save it to your desktop.

Double-click on Router.bat to run it. When finished, it will open a report in Notepad. Please copy that report into your reply. Do not attach it.

In your reply, please copy in router report. Also, let me know how your computer is doing.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users