jrbarker
-
Content Count
18 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by jrbarker
-
-
I haven't had any popups over the last few days. I think we might be good. Thanks so much for all your help!!
-
This is what it came up with...
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4004 (20090413)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=97394a74460f01439bb22e9598d7b13d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-14 03:19:09
# local_time=2009-04-13 10:19:09 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=1307438
# found=3
# scan_time=21891
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinWebdirb7.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Nero\INSTALL Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE\Nero-7.7.5.1_all_trial.exe Win32/Toolbar.AskSBar application (deleted) 00000000000000000000000000000000
C:\Program Files\Nero\INSTALL Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE\Nero-7.7.5.1_all_trial.exe »RAR »Toolbar.exe Win32/Toolbar.AskSBar application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
-
Yes, I can get Windows Updates now.
But I noticed yesterday that the Trojan.KillAV came back. Norton blocked it from doing something every 11 seconds from 12:53:39 PM until 2:15:18 PM. Then nothing happened until 5:22 PM when something called ~.exe was detected and removed by Norton. Then at 12:26:31 AM the Trojan.KillAV was detected and actually removed instead of being blocked.
This scenario also happened a couple days ago. I thought Norton took care of it then, but apparently it didn't.
When I go to "Risk Details" in Norton it says there were two affected files. C:\windows\system32\~.exe and C:\windows\okxnn.ogs
-
Here's the report. But looking back through the Norton History, I think the Trojan was found and removed by Norton automatically early this morning. So I think we're good (I hope). Thanks for all your help on this. Is there anything else I should do to protect my computer and keep it running smoothly?
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\windows\okxycnn.ogs not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\alm.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\amt.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_OSCAQAiGnmc5ZXspDn0p scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Photoshop Temp46128254324 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET1E66.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_138.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\FA7DE7A1d01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_215254
-
Let's see, it if I look under details for "Unauthorized access blocked" it says the Actor is C:\program files\update\googleupdate.exe and the Target is C:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
For the Trojan.KillAV it says the file name is C:\windows\okxycnn.ogs
-
Update:
I restarted my computer and seem to be able to get Windows updates now. Also my Norton hasn't crashed either.
But I'm still getting fairly constant threats from Trojan.killAV and also warnings of "Unauthorized access blocked", as Norton says.
A quick Norton and Spybot scan doesn't find anything.
-
Okay I downloaded and ran the HostsXpert.exe but I'm still unable to download the updates. It keeps timing out or freezing when it's "check for the latest updates for your computer".
Norton is running after I restarted my computer. And now it's detecting Trojan.KillAV every 20 seconds or so.
What should I do, run another virus scan?
Now, while I was typing I got a popup that says "Generic Host Process for Win32 Services has encountered a problem and needs to close."
-
It seems to be running better so far. The browser hasn't crashed in the last 24 hours or so. But Norton is still shutting down. It says "Symantec service framework encountered a problem and needed to close." [App: ccSvchste.exe Offset 10031e39] I've reinstalled Norton but it keeps happening.
Also, I still am not able to download the newest Windows Updates.
-
I believe that was the whole log. I will paste it again. (This site won't let me upload the log file to this thread.)
Should I run something again?
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\SYSTEM32\HQ13235.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ55564.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ57060.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ73597.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ99302.DLL not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_200023
Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl moved successfully.
-
It seemed to work. Thank you very much!
-
I rebooted after using OTMoveIt3 and was given this report upon start up...
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\SYSTEM32\HQ13235.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ55564.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ57060.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ73597.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ99302.DLL not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_200023
Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js not found!
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl moved successfully.
-
Here's the report...
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\SYSTEM32\HQ13235.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ55564.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ57060.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ73597.DLL not found.
File/Folder C:\WINDOWS\SYSTEM32\HQ99302.DLL not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_uZBadbUKjhBS5105anct scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_dashercomp[388].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_detailsset[389].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_doozercomp[390].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_eventformc[391].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_extrascomp[392].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_offlinecom[393].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120calendarjs_searchcomp[394].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120doozercompiled_offli[395].css scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\[email protected]_managed[4]#localserver\d910826e8062ba438618b67c04e7b120offline_workercompile[397].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[3]#localserver\d910826e8062ba438618b67c04e7b120locallogin_compiled[265].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6o278igo.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_200023
-
Thanks, here is the report...
Scanning Report
Saturday, April 04, 2009 13:56:30 - 16:59:03
Computer name: BARKER
Scanning type: Scan system for malware, rootkits
Target: C:\ L:\
Result: 8 malware found
Exploit.Win32.Pidief.ans (virus)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0FZL9QFK\DS[1].PDF (Renamed & Submitted)
TrackingCookie.2o7 (spyware)
* System
Trojan.Win32.BHO (virus)
* System
Trojan.Win32.BHO.nui (virus)
* C:\WINDOWS\SYSTEM32\HQ13235.DLL
* C:\WINDOWS\SYSTEM32\HQ55564.DLL
* C:\WINDOWS\SYSTEM32\HQ57060.DLL
* C:\WINDOWS\SYSTEM32\HQ73597.DLL
* C:\WINDOWS\SYSTEM32\HQ99302.DLL
Statistics
Scanned:
* Files: 119493
* System: 4386
* Not scanned: 8
Actions:
* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 7
* Submitted: 1
Files not scanned:
* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ETILQS_NUWCXH4BAHX9UP9DGTUB
Options
Scanning engines:
* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.8.9080, 2009-04-03
* F-Secure AVP: 7.0.171, 2009-04-04
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics
Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
-
Here is the Extras.Txt
OTListIt Extras logfile created on: 4/2/2009 8:43:34 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 90.11% Memory free
3.71 Gb Paging File | 3.34 Gb Available in Paging File | 90.02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 87.60 Gb Free Space | 47.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 59.83 Mb Total Space | 59.73 Mb Free Space | 99.84% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.88 Gb Total Space | 94.19 Gb Free Space | 40.45% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 713.16 Gb Free Space | 76.56% Space Free | Partition Type: NTFS
Computer Name: BARKER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2008/04/13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2008/04/13 19:12:33 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing
File not found -- C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe:*:Enabled:LimeWire: The most advanced file sharing program on the planet.
File not found -- C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe:*:Enabled:LimeWire
[2004/12/19 19:53:54 | 00,462,848 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.1.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
[2004/12/21 18:21:38 | 00,663,552 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
[2009/03/28 20:57:41 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2005/04/17 17:08:11 | 03,112,960 | ---- | M] () -- C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek Client
[2005/03/29 19:42:46 | 00,484,799 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2005/04/20 21:49:38 | 00,482,604 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2005/06/07 13:59:21 | 00,492,176 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2005/10/11 20:19:53 | 00,489,816 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
File not found -- C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000
File not found -- C:\Documents and Settings\Owner\Desktop\DOWNLOADS\WoW-1.6.1.4544v2-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
File not found -- C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client
[2005/09/19 21:34:49 | 00,492,476 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2005/10/24 20:29:29 | 00,490,690 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
File not found -- C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui
File not found -- C:\Documents and Settings\Owner\My Documents\Software\Photoshop\Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II
File not found -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2006/01/25 21:56:48 | 00,768,094 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.9.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2008/04/13 19:12:21 | 00,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice
[2005/03/04 14:25:26 | 12,705,792 | ---- | M] (Curious Labs, Inc.) -- C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Enabled:Poser executable file
[2006/08/23 08:34:50 | 00,764,021 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2008/12/25 14:56:32 | 02,429,584 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft
[2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/16 15:16:10 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
File not found -- C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7
[2006/12/17 05:11:30 | 00,225,280 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Maya8.5\bin\maya.exe:*:Enabled:Maya
File not found -- C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion
File not found -- C:\Program Files\Microsoft Games\Age of Mythology\AOM.EXE:*:Enabled:Age of Mythology
File not found -- C:\Program Files\Fox\No One Lives Forever\eReg\NAVBROWSER.EXE:*:Disabled:NAVBrowser
File not found -- C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo
[2009/01/05 16:19:14 | 07,697,712 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player
[2006/09/06 03:39:14 | 00,425,984 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor
[2006/09/06 03:39:10 | 00,110,592 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager
[2006/09/06 03:39:12 | 00,110,592 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server
[2005/06/06 11:56:04 | 00,081,920 | ---- | M] (Scanvec Amiable) -- C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\App.exe:*:Enabled:Design Software
[2007/09/24 19:24:22 | 06,518,272 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit
File not found -- C:\Program Files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:*:Enabled:Lost Empire - Immortals
[2007/10/21 03:20:34 | 28,064,848 | R--- | M] () -- C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3
[2008/12/18 21:13:10 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/03/10 01:22:52 | 07,299,072 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server
File not found -- L:\Xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/01/12 18:57:22 | 05,140,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime
[2009/03/11 13:52:24 | 13,499,176 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18A265FA-A1F2-413E-940E-A6A255733CA3}" = ZHelp
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1EC60864-A294-44BF-984A-3E8867D74EA2}" = Adobe After Effects 6.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21AFBC54-4053-476B-9907-F0345311233C}" = Boris Continuum Complete
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FAFE5D-A94C-4B5A-A628-DFF2FAB32885}" = Autodesk MotionBuilder 7.5 Extension 1
"{28C74612-2C48-4421-BF67-3949CD90748E}" = Autodesk DirectConnect 2.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2A9C3F41-DACA-37AB-84FB-2E6193C42151}" = Google Gears
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{38EC4486-44FF-49da-8FFF-87DA9DCBC06B}" = Autodesk 3ds Max 2008 32-bit Help
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C106CBD-3E5A-4275-94F9-23FFE687D090}" = Autodesk 3ds Max 2008 32-bit Architectural Materials Library
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CDC3396-0169-41FC-B7E8-C7AE080DB3E8}" = Jamorama Software
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48A8ADFF-D6E4-409D-B2BA-5CABB7FE5A84}" = AirPort
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{49389932-51FA-4D26-8B4F-CE86B24302C2}" = TortoiseSVN 1.5.5.14361 (32 bit)
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{53C92981-4972-11D7-A947-F895376BBB42}" = Pro Motion
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{679035C8-CEB8-4a5c-847A-5FB3FFADC0EB}" = Autodesk 3ds Max 2008 32-bit Vault 2008 Plug-In
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D6C1253-F5A2-4E0C-9070-F3C1176C1033}" = Nero 7
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72019134-3A61-4C39-A540-245600C4CDFA}" = Turbo Squid Tentacles 3ds Max 2008
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{81525B87-9344-4834-883C-C6A9D78EA1DF}" = Maya 8.5 Documentation (en_US)
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1086DA0-903E-4DEA-A83F-6317923CC63D}" = headus UVLayout v2 Professional
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}" = Maya 8.5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2037C6-FE46-41fd-B1B2-4D62FBB1E57A}" = Autodesk 3ds Max 2008 32-bit Videos
"{AB7E8EC4-D04C-4A2B-A33B-4A3725C72285}" = Sony ACID Pro 6.0
"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000704}" = Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BC352445-5DD8-4C4F-909A-21A9E75017B1}" = ZAppLink
"{BF658A51-6D4F-4CB0-8D40-D183692B995D}" = Autodesk 3ds Max 2008 32-bit
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C86A8B40-0702-45FA-BFEC-82B0C5932038}" = Sony Media Manager 2.1
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CADA5B76-F134-416A-997C-9A0E21FFC8C4}" = Silo 2.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}" = Sony Sound Forge 9.0
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1B7094B-8CAC-492a-9EE6-D1576ED35208}" = Autodesk 3ds Max 2008 32-bit Vault 5 Plug-In
"{D3605F22-A55C-4462-B714-70ADED5BCC18}" = MrMikes Timeline Addin 1.0
"{D459A7BB-F85E-4C0E-8AEC-3D90C4549740}" = Debugging Tools for Windows
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}" = iTunes
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EDC8D89C-DC3D-4a3d-ABE7-97D281C0A13A}" = Autodesk 3ds Max 2008 32-bit Additional Maps and Material Libraries
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DC9BD1-8DB8-461C-80B2-7264AFA54EE2}" = Mudbox 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"1Click DVD Copy" = 1Click DVD Copy
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ADShareit.com SWF2Video Converter Pro_is1" = version 5.0.0
"Autodesk FBX Converter 2009.3" = Autodesk FBX Converter 2009.3
"Autodesk FBX for QuickTime" = Autodesk FBX for QuickTime 7.0
"Autodesk FBX Plugin 2009.3 - 3ds Max 2008" = Autodesk FBX Plugin 2009.3 - 3ds Max 2008
"AVI Codec Pack" = AVI Codec Pack
"AVS Video Converter 4.3_is1" = AVS Video Converter 4.3.1.371
"BigFix" = BigFix
"Blender" = Blender (remove only)
"Bryce" = Bryce 6.1
"Bryce Lightning" = Bryce Lightning 2.0 c
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"DAZ|Studio" = DAZ|Studio 1.4.16.0
"Deep Exploration" = Deep Exploration
"Deep Paint 3D" = Deep Paint 3D
"DeepUV" = DeepUV
"DigiCel FlipBook 4.5" = DigiCel FlipBook 4.5
"Di-O-Matic Character Pack v1.14" = Di-O-Matic Character Pack v1.14
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FBX Plugin 2006.11.1 for Max 2008" = FBX Plugin 2006.11.1 for Max 2008
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FlexiSIGN-PRO 7.6v2" = FlexiSIGN-PRO 7.6v2
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"gBurner" = gBurner
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InFlac" = InFlac 1.1.1
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{22FAFE5D-A94C-4B5A-A628-DFF2FAB32885}" = Autodesk MotionBuilder 7.5 Extension 1
"InstallShield_{48A8ADFF-D6E4-409D-B2BA-5CABB7FE5A84}" = AirPort
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"IomegaWare" = IomegaWare 4.0.2
"JEOPARDY! 21.0" = JEOPARDY! 2
"Karen's Directory Printer" = Karen's Directory Printer
"Luxor - Amun Rising" = Luxor - Amun Rising (remove only)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic ISO Maker v5.4 (build 0247)" = Magic ISO Maker v5.4 (build 0247)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mozilla Thunderbird (1.0.6)" = Mozilla Thunderbird (1.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Poser 6" = Poser 6
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Adapters and Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 6.0
"SCLS" = MSU Screen Capture Lossless Codec v1.2 (Remove Only)
"SecondLife" = SecondLife (remove only)
"Soulseek" = SoulSeek Client 156c
"StorageSync" = StorageSync Backup Software
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"Tablet Driver" = Tablet
"Texporter_max11_x86" = Texporter v3.5.23.11_x86
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Uninstaller_B1FFA000_517142 - ZBrush (Windows)" = 517142 - ZBrush (Windows) (Shared Components)
"V-Ray for 3dsmax R9 for x86" = V-Ray for 3dsmax R9 for x86
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.0
"xNormal 3.15.1 Beta 1" = xNormal 3.15.1 Beta 1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/1/2009 4:36:35 PM | Computer Name = BARKER | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module
unknown, version 0.0.0.0, fault address 0x10031e39.
Error - 4/1/2009 4:49:49 PM | Computer Name = BARKER | Source = Windows Search Service | ID = 3102
Description = The per-user filter pool for session 0 could not be added. Details:
The
operation being requested was not performed because the user has not logged on
to the network. The specified service does not exist. (0x800704dd)
Error - 4/1/2009 7:17:14 PM | Computer Name = BARKER | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.
Error - 4/1/2009 7:18:11 PM | Computer Name = BARKER | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.
Error - 4/1/2009 7:34:29 PM | Computer Name = BARKER | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module
unknown, version 0.0.0.0, fault address 0x10031e39.
Error - 4/1/2009 10:19:31 PM | Computer Name = BARKER | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module
unknown, version 0.0.0.0, fault address 0x10031e39.
Error - 4/1/2009 10:56:19 PM | Computer Name = BARKER | Source = Windows Search Service | ID = 3102
Description = The per-user filter pool for session 0 could not be added. Details:
The
operation being requested was not performed because the user has not logged on
to the network. The specified service does not exist. (0x800704dd)
Error - 4/1/2009 10:58:21 PM | Computer Name = BARKER | Source = Windows Search Service | ID = 3102
Description = The per-user filter pool for session 0 could not be added. Details:
The
operation being requested was not performed because the user has not logged on
to the network. The specified service does not exist. (0x800704dd)
Error - 4/1/2009 11:12:39 PM | Computer Name = BARKER | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module
unknown, version 0.0.0.0, fault address 0x10031e39.
Error - 4/1/2009 11:30:49 PM | Computer Name = BARKER | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.0.24, faulting module
unknown, version 0.0.0.0, fault address 0x10031e39.
[ OSession Events ]
Error - 4/23/2008 12:48:36 AM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/31/2008 4:38:13 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 81296
seconds with 4440 seconds of active time. This session ended with a crash.
Error - 9/11/2008 6:57:20 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/18/2008 2:02:19 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/29/2008 6:58:30 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/15/2008 7:27:18 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
Error - 1/6/2009 8:26:02 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2/10/2009 10:07:00 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/17/2009 4:39:21 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2009 3:27:43 PM | Computer Name = BARKER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/1/2009 9:30:54 PM | Computer Name = BARKER | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 4/1/2009 10:17:49 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7034
Description = The Norton AntiVirus service terminated unexpectedly. It has done
this 3 time(s).
Error - 4/1/2009 10:58:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%3
Error - 4/1/2009 10:58:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7000
Description = The mysql service failed to start due to the following error: %%3
Error - 4/1/2009 10:58:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%2
Error - 4/1/2009 10:58:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde
Error - 4/1/2009 11:10:59 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7031
Description = The Norton AntiVirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 4/1/2009 11:23:50 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7031
Description = The Norton AntiVirus service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 4/1/2009 11:29:12 PM | Computer Name = BARKER | Source = Service Control Manager | ID = 7034
Description = The Norton AntiVirus service terminated unexpectedly. It has done
this 3 time(s).
Error - 4/2/2009 2:40:47 AM | Computer Name = BARKER | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{60782738-0E3C-4F6E-8E00-40C1025C6C0D}. The
backup browser is stopping.
< End of report >
-
Thank you for your help! Here is the OTListit.Txt
OTListIt logfile created on: 4/2/2009 8:43:34 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 90.11% Memory free
3.71 Gb Paging File | 3.34 Gb Available in Paging File | 90.02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 87.60 Gb Free Space | 47.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 59.83 Mb Total Space | 59.73 Mb Free Space | 99.84% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.88 Gb Total Space | 94.19 Gb Free Space | 40.45% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 713.16 Gb Free Space | 76.56% Space Free | Partition Type: NTFS
Computer Name: BARKER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/02/22 13:56:52 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/01/23 18:16:54 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2002/09/04 15:11:04 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
PRC - [2008/12/16 22:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/09/24 18:05:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
PRC - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/10/18 16:28:34 | 00,131,072 | ---- | M] (Di-O-Matic) -- C:\Program Files\ALPServer\ProtectionServer.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2008/05/02 09:51:46 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/10/19 15:31:52 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/24 19:31:12 | 00,576,512 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2004/03/11 17:18:54 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconem.exe
PRC - [2004/07/01 14:58:14 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2008/09/08 18:58:39 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2005/10/19 15:52:32 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2009/04/02 08:41:04 | 00,500,224 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - [2005/09/12 04:03:22 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - File not found -- -- (Apache2.2 [Auto | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/02/22 13:56:52 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/10 21:54:06 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/23 18:16:54 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c97db0b0c489da [Auto | Stopped])
SRV - [2009/03/24 06:06:55 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])
SRV - File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])
SRV - [2002/09/04 15:11:04 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Auto | Running])
SRV - [2009/03/11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/02/16 15:44:13 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD [On_Demand | Stopped])
SRV - [2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/03/12 18:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2008/12/16 22:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/09/24 18:05:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe -- (mi-raysat_3dsMax2008_32 [Auto | Running])
SRV - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - File not found -- -- (mysql [Auto | Stopped])
SRV - [2007/01/15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/01/15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/02/27 05:57:27 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (Norton AntiVirus [Auto | Stopped])
SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/10/18 16:28:34 | 00,131,072 | ---- | M] (Di-O-Matic) -- C:\Program Files\ALPServer\ProtectionServer.exe -- (ProtectionServer [Auto | Running])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2008/05/02 09:51:46 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2005/10/19 15:31:52 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2009/02/27 05:57:36 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys -- (BHDrvx86 [system | Running])
DRV - [2009/04/01 00:02:22 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys -- (ccHP [system | Running])
DRV - [2005/09/26 00:08:16 | 00,002,560 | ---- | M] () -- C:\WINDOWS\System32\Drivers\d3dutil.sys -- (d3dutil [On_Demand | Stopped])
DRV - [1998/07/10 04:31:00 | 00,007,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D [Auto | Running])
DRV - [2004/02/10 16:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/03/31 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])
DRV - [2009/03/31 03:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2005/08/18 01:00:00 | 00,007,168 | ---- | M] () -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver [On_Demand | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/07/28 08:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2008/10/14 19:56:13 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2004/03/17 17:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/11/13 21:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/13 21:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/06/06 14:09:10 | 00,730,653 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2009/01/29 16:50:18 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.003\IDSxpx86.sys -- (IDSxpx86 [system | Running])
DRV - [2005/09/26 00:08:16 | 00,245,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igdmini.sys -- (igdmini [On_Demand | Stopped])
DRV - [2004/07/06 19:59:44 | 02,185,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2002/09/04 15:11:08 | 00,030,258 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk [boot | Running])
DRV - [2005/09/26 00:08:16 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\Drivers\lvds.sys -- (lvds [On_Demand | Stopped])
DRV - [2008/12/16 22:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008/12/17 01:01:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2009/02/24 19:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2004/01/16 17:21:48 | 00,012,970 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2004/08/19 22:10:28 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2009/03/31 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090401.025\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/31 03:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090401.025\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/02/18 14:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/11/21 15:49:49 | 00,035,744 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2001/04/09 13:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass [boot | Running])
DRV - [2008/12/17 00:54:30 | 00,495,640 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Running])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/07 18:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [boot | Running])
DRV - [2006/06/05 09:08:33 | 00,030,556 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])
DRV - [2005/09/26 00:08:16 | 00,012,928 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sdvo.sys -- (sdvo [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2002/12/16 00:41:10 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2002/12/16 00:41:10 | 00,026,120 | ---- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])
DRV - [2007/02/15 20:39:00 | 00,646,392 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])
DRV - [2009/02/27 05:57:36 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS -- (SRTSP [system | Running])
DRV - [2009/02/27 05:57:36 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS -- (SRTSPX [system | Running])
DRV - [2004/03/22 13:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])
DRV - [2004/03/22 13:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt39.sys -- (SunkFilt39 [On_Demand | Stopped])
DRV - [2009/02/27 05:57:36 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS -- (SymEFA [boot | Running])
DRV - [2009/04/01 00:03:52 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/27 05:57:36 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/27 05:57:36 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/27 05:57:28 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/27 05:57:28 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2006/02/03 14:09:13 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2009/02/27 05:57:36 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/27 05:57:36 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS -- (SYMTDI [system | Running])
DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2003/11/13 21:18:36 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2005/04/12 19:21:28 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
DRV - [2005/04/12 19:21:32 | 00,022,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Running])
DRV - [2005/04/12 19:21:28 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
DRV - [2005/04/12 19:21:26 | 00,045,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.cnn.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {31E65147-5A53-4e52-8A64-FF6EBFA36D76}:1.5.19
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:1.9
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.0.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.4.1
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.4.2
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.5.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:1.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009/01/23 18:17:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 20:57:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 20:57:54 | 00,000,000 | ---D | M]
[2008/06/19 13:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/06/19 13:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 17:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions
[2007/11/29 21:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{0B9D558E-6983-486b-9AAD-B6CBCD2FC807}
[2008/10/31 20:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}
[2009/02/16 19:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{31E65147-5A53-4e52-8A64-FF6EBFA36D76}
[2009/03/27 09:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/09/06 13:47:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/06/19 14:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/02/16 19:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2008/01/17 16:58:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/03/25 21:22:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/02/16 19:37:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/27 09:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/03/25 21:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/02/19 12:47:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2009/03/25 21:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/03/23 20:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/06/24 22:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2009/02/05 23:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/05 23:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/03/23 20:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2008/11/15 09:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\[email protected]
[2009/03/23 20:09:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\[email protected]
[2009/03/26 21:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6o278igo.default\extensions\[email protected]
[2007/02/07 02:19:40 | 00,007,931 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\elance-project-search.xml
[2009/03/23 04:37:55 | 00,002,125 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\flickr-tags.xml
[2009/03/23 04:37:55 | 00,005,500 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\food-network-recipes.xml
[2008/06/24 16:51:47 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\imdb.xml
[2008/06/03 07:07:46 | 00,001,071 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\lonely-planet-online.xml
[2008/06/24 16:51:45 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\webster.xml
[2008/06/24 16:51:45 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\wikipedia-en.xml
[2009/03/31 12:09:43 | 00,001,166 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\6o278igo.default\searchplugins\wow-akz.xml
[2009/04/01 17:11:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 20:57:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/28 20:57:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 20:57:40 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 14:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 14:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 14:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 14:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 14:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 14:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 14:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - Reg Error: Value error.
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/23 09:34:10 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 20:14:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[5 C:\WINDOWS\*.tmp files]
[2009/04/02 08:41:02 | 00,500,224 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/01 15:42:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/01 15:42:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/01 15:42:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/01 15:42:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/01 15:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/01 15:39:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/01 15:38:26 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/01 15:36:22 | 00,794,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Comedian.exe
[2009/04/01 12:30:12 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2009/04/01 09:14:43 | 00,646,094 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB
[2009/04/01 09:14:14 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/04/01 00:03:46 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symtdi.sys
[2009/04/01 00:03:46 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.inf
[2009/04/01 00:03:45 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symfw.sys
[2009/04/01 00:03:45 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndisv.sys
[2009/04/01 00:03:45 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndis.sys
[2009/04/01 00:03:45 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symids.sys
[2009/04/01 00:03:45 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.cat
[2009/04/01 00:03:44 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.sys
[2009/04/01 00:03:44 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.sys
[2009/04/01 00:03:44 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.cat
[2009/04/01 00:03:44 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.inf
[2009/04/01 00:03:44 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.inf
[2009/04/01 00:03:43 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.sys
[2009/04/01 00:03:43 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.cat
[2009/04/01 00:03:43 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.inf
[2009/04/01 00:03:42 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.sys
[2009/04/01 00:03:42 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.cat
[2009/04/01 00:03:42 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.cat
[2009/04/01 00:03:42 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.inf
[2009/04/01 00:03:41 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.CAT
[2009/04/01 00:03:41 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.inf
[2009/04/01 00:02:22 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys
[2009/04/01 00:02:12 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini
[2009/04/01 00:02:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1005000.086
[2009/03/31 22:17:33 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/31 22:17:33 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/03/31 22:17:33 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/31 22:17:33 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/03/31 22:17:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/03/31 22:17:03 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/03/31 20:35:26 | 00,676,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup.exe
[2009/03/31 14:33:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\TrendMicro_TIS_17.10_en-US_32-bit
[2009/03/31 14:31:43 | 74,627,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\TrendMicro_TIS_17.10_en-US_32-bit.exe
[2009/03/31 13:58:28 | 25,488,75264 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/31 13:05:54 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/31 13:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
[2009/03/29 13:31:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/29 12:54:09 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Owner\Desktop\WinsockxpFix.exe
[2009/03/29 12:51:35 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/29 12:48:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/03/29 12:47:01 | 10,246,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v2.8.exe
[2009/03/28 20:18:24 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq55564.dll
[2009/03/28 20:04:38 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq13235.dll
[2009/03/28 19:47:55 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq73597.dll
[2009/03/28 19:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/28 19:28:01 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq57060.dll
[2009/03/27 11:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
[2009/03/26 20:28:20 | 00,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/24 18:57:43 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hq99302.dll
[2009/03/24 06:06:57 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/23 20:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\iMacros
[2009/03/23 09:04:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/03/23 09:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/03/23 09:02:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/03/23 08:58:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/03/23 08:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/03/23 08:50:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/17 23:06:05 | 00,000,082 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._Pic Edits
[2009/03/13 11:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/13 11:44:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/11 15:52:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV57164656.TMP
[2009/03/11 15:18:19 | 00,212,711 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2009/03/11 15:18:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV51321700.TMP
[2009/03/11 15:16:57 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/03/11 15:10:40 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/03/11 15:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2009/03/10 22:11:25 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/03/10 22:05:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/09 21:04:41 | 00,000,082 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._for Joe
[2009/03/06 18:20:42 | 00,000,805 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\zmtl02.rtf
[2009/03/04 12:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Pic Edits
[2009/03/04 11:22:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/04 11:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/04 11:07:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/03 22:02:07 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2009/03/03 22:02:05 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
========== Files - Modified Within 30 Days ==========
[5 C:\WINDOWS\*.tmp files]
[2009/04/02 08:41:04 | 00,500,224 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/02 00:00:13 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3070113376-1340541817-468247195-1003.job
[2009/04/02 00:00:13 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/01 23:13:21 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/01 22:00:59 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/01 21:59:18 | 00,205,820 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/01 21:58:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/01 21:58:22 | 00,013,926 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/04/01 21:58:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/04/01 21:58:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/01 21:57:44 | 25,488,75264 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/01 15:36:27 | 00,794,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Comedian.exe
[2009/04/01 10:22:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/01 09:14:57 | 00,646,094 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB
[2009/04/01 00:03:52 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/01 00:03:52 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/01 00:03:52 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/04/01 00:03:52 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/04/01 00:02:22 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys
[2009/04/01 00:02:12 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini
[2009/03/31 21:18:34 | 00,676,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup.exe
[2009/03/31 19:12:24 | 00,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2009/03/31 14:33:32 | 74,627,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\TrendMicro_TIS_17.10_en-US_32-bit.exe
[2009/03/29 12:55:31 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/29 12:54:10 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Owner\Desktop\WinsockxpFix.exe
[2009/03/29 12:47:06 | 10,246,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v2.8.exe
[2009/03/28 20:18:24 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq55564.dll
[2009/03/28 20:04:38 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq13235.dll
[2009/03/28 19:47:55 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq73597.dll
[2009/03/28 19:28:01 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq57060.dll
[2009/03/27 20:12:43 | 04,330,086 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/03/27 11:35:27 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 21:15:45 | 00,000,170 | ---- | M] () -- C:\WINDOWS\game.ini
[2009/03/24 18:57:43 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hq99302.dll
[2009/03/23 14:50:16 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/23 11:06:52 | 00,199,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/23 09:00:19 | 00,000,899 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2009/03/20 10:16:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/17 23:06:05 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._Pic Edits
[2009/03/11 14:52:57 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._Grocery_List.xls
[2009/03/11 14:52:48 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Grocery_List.xls
[2009/03/11 10:05:26 | 02,576,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:02:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 22:32:33 | 00,110,336 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/10 18:25:37 | 00,582,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/10 18:25:37 | 00,483,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/10 18:25:37 | 00,086,890 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/09 21:04:41 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._Movie_List.xls
[2009/03/09 21:04:41 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._for Joe
[2009/03/04 11:32:06 | 00,002,568 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
< End of report >
-
I have a pretty bad virus infection that I've been dealing with for the past few days but I haven't been able to clear it out yet. I currently have Norton Antivirus and Windows Defender. They haven't been able to clear out everything. (In fact I think Defender actually made things worse.) I've also run Spybot which did find some spyware.
The symtoms I've been having are that my web browsers are closing for no reason, my browser is being redirected, I can not connect to Windows Update, Norton Anti-virus is being closed, and I have overall system slowdown.
So I came to these boards and read all the stickies at the top. I first ran The Comedian. Then I downloaded and ran Malwarebyte's anti malware software. It found 9 entries the others didn't find. I ran Norton again which didn't find anything else. Then I ran Hijack This.
Please help me if you can.
First, here is the Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:28 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ALPServer\ProtectionServer.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - L:\Xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c97db0b0c489da) (gupdate1c97db0b0c489da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mysql - Unknown owner - L:\Xampp\mysql\bin\mysqld.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtectionServer - Di-O-Matic - C:\Program Files\ALPServer\ProtectionServer.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 13631 bytes
Second, here is the MBAM log:
Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3
4/1/2009 3:48:13 PM
mbam-log-2009-04-01 (15-48-13).txt
Scan type: Quick Scan
Objects scanned: 77928
Time elapsed: 4 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86c510e9-97ef-4749-914f-0280247be3a6} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56bb3b-025a-3bba-b570-1bda2a8e7197} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab56bb3b-025a-3bba-b570-1bda2a8e7197} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\hhupd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\KB25721.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB45362.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB49261.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB52536.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB52582.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB54205.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB55237.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB56147.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB56180.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhupd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\EGPFFT.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hq13125.dll (Trojan.BHO) -> Quarantined and deleted successfully.
-
I'm sorry if this has been covered. I tried to search for this problem on the boards with no luck yet.
So recently I've been getting an error every time I start my machine. [sony Vaio notebook PCG-691L]
It says there is an error with SXBIOS.DLL and BSNTSBS.DLL.
And now I can only access the internet in safe mode. I can't download Windows updates at all in regular or safe mode. What should I do to correct this problem? It doesn't appear to be a virus. Maybe some kind of corrupt file.
Thank you so much for any help.
Windows XP Pro
V. 2002
Service Pack 3
Pentium M 1400mhz
1.39ghz 512 mb ram
Virus Infection[RESOLVED]
in Malware Removal
Posted
Thank you for all your help!