Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My log file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My log file

Unread postby donpatent » June 2nd, 2008, 8:08 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:10 PM, on 5/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/advanced_search?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/17.17/uploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6442901421
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14197 bytes
donpatent
Active Member
 
Posts: 9
Joined: June 2nd, 2008, 6:38 pm
Advertisement
Register to Remove

Re: My log file

Unread postby Elrond » June 6th, 2008, 6:02 am

I'm Elrond and I'll be glad to help you with your computer problems.

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please only use this topic for your replies on this problem. Do not start another thread.
Please note that the fixes we will use are specific to your problems on this computer and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note that you should have Administrator rights to perform the fixes. (XP accounts are Administrator by default) Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.



Please note that I will be off line for about 26 hours (sundown Friday until nightfall Saturday my local time) every week.


End of preliminaries. What follows is related to analyzing what is on your computer and cleaning it up.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


There is nothing showing in the log except somethings that belongs to housekeeping. However before we get to that I want to look a bit deeper.


First of all can you please give me a bit of details about what your problem is. That very often gives me a starting point when it comes to knowing what to look for.


Next please open "HijackThis". Click on "Open Misc.Tool Section".
Use the scroll bar on the right and scroll down to "Open Uninstall Manager". Click it.
On the right you will find "Save List". Click it.
The log that you just saved will appear.
Use "Copy" and "Paste" to add it to your next post.


Now download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.


Post back in this thread
theuninstall Manager List
The two DSS logs
The descripion of the problems you are seeing.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: My log file

Unread postby donpatent » June 6th, 2008, 7:33 pm

My problem:
I am on a two computer network. I do a Google search and the hits provided are locatable, no problem, however when I go to the cashed versions I frequently (not always) get a message from Google saying they can't give me the cashed version because it appears to them that I am part of some attack on their system and that I should look into virus protection (I have Norton) and spyware protection (I have Norton's as well).

HijackThis list:
ABBYY FineReader 5.0 Sprint
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
ATI Control Panel
ATI Display Driver
ATI Multimedia Center 7.8.0.0
AV
ccCommon
Chinese Traditional Fonts Support For Adobe Reader 8
Creative Media Lite
Creative ZEN Stone Plus User's Guide
Creative ZEN Stone User's Guide
Dazzle MovieStar 5
Dazzle Photo Editor
DVC
DVD Complete
Easy CD Creator 5 Basic
FaxTools
Flickr Uploadr 2.5.0.15
Google Desktop
Google Gmail Notifier
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Google Web Accelerator
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HydraVision
Intel Application Accelerator
Intel(R) PRO Network Adapters and Drivers
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Lexmark X74-X75
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0.0.14)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Network Magic
Nikon Message Center
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
Norton Security Scan
OnDVD
OverDrive Media Console
Picasa 2
PictureProject
QuickTax 2007
QuickTime
Reader Drivers and Utilities
Rogers Self Healing Software (remove only)
Rogers Yahoo! Applications
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB941569)
Shockwave
Skype™ 3.6
SoundMAX
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 8
StarOffice 8
Update Manager (remove only)
Viewpoint Media Player
Webcast
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 2002 OEM
Xvid 1.1.3 final uninstall
Yahoo! Music Jukebox
Yahoo! Widgets

Deckards:
Main:
Deckard's System Scanner v20071014.68
Run by Don on 2008-06-06 19:16:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2008-06-06 23:16:38 UTC - RP493 - Deckard's System Scanner Restore Point
90: 2008-06-06 20:16:49 UTC - RP492 - System Checkpoint
89: 2008-06-05 19:36:41 UTC - RP491 - System Checkpoint
88: 2008-06-04 19:23:13 UTC - RP490 - System Checkpoint
87: 2008-06-03 19:03:57 UTC - RP489 - System Checkpoint


-- First Restore Point --
1: 2008-03-09 20:44:53 UTC - RP403 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 84% (more than 75%).


-- HijackThis (run as Don.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:25 PM, on 6/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Don\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Don.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/advanced_search?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/17.17/uploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6442901421
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14493 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SI3112 (SiI-3112 SATALink Controller) - c:\windows\system32\drivers\si3112.sys <Not Verified; Silicon Image, Inc.; SiI 3112 SATALink controller>
R2 Stltrk2k - c:\windows\system32\drivers\stltrk2k.sys <Not Verified; SCM Microsystems Inc.; Support Driver for SCM Win2K Applications>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CTDevice_Srv (CT Device Query service) - c:\program files\creative\shared files\ctdevsrv.exe <Not Verified; Creative Technology Ltd; CTDevSrv Application>

S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-06 17:21:37 404 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-06-05 09:21:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-03 00:25:01 572 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Don.job


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-05-31 21:47:43 0 d-------- C:\Program Files\Trend Micro
2008-05-30 11:24:22 0 d-------- C:\WINDOWS\Prefetch
2008-05-30 10:56:45 0 d-------- C:\Program Files\Messenger
2008-05-30 10:55:53 0 d-------- C:\WINDOWS\system32\scripting
2008-05-30 10:55:49 0 d-------- C:\WINDOWS\l2schemas
2008-05-30 10:55:47 0 d-------- C:\WINDOWS\system32\en
2008-05-30 10:55:45 0 d-------- C:\WINDOWS\system32\bits
2008-05-09 16:06:38 0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2008-06-06 19:18:54 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-06 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-06-06 08:57:10 17891 --a------ C:\Documents and Settings\Don\Application Data\.googlewebacchosts
2008-06-06 07:23:34 0 d-------- C:\Documents and Settings\Don\Application Data\StarOffice8
2008-05-30 16:45:39 0 d-------- C:\Program Files\Symantec
2008-05-30 10:55:45 0 d-------- C:\Program Files\Movie Maker
2008-05-30 10:47:38 0 d-------- C:\Program Files\Windows NT
2008-05-21 19:13:09 0 d-------- C:\Program Files\Google
2008-04-28 18:09:48 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-04-28 17:54:38 0 d-------- C:\Program Files\Common Files
2008-04-28 17:54:04 0 d-------- C:\Program Files\Pure Networks
2008-04-17 13:30:55 0 d-------- C:\Program Files\QuickTax 2007
2008-04-10 13:39:17 0 d-------- C:\Documents and Settings\Don\Application Data\Intuit Canada
2008-04-10 13:38:03 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-10 13:37:55 0 d-------- C:\Program Files\Common Files\Intuit


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [06/26/2002 08:36 PM]
"QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [10/02/2001 02:36 AM]
"POINTER"="point32.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 09:21 PM]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [07/31/2002 05:54 AM]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [03/22/2002 12:41 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/24/2008 08:12 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/13/2002 12:00 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [08/01/2002 03:14 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 02:48 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 07:30 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/2008 05:20 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/2008 10:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [07/05/2007 02:53 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/11/2007 10:00 AM]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [04/23/2007 04:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"ATI Launchpad"="" []
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [05/15/2007 08:25 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Don\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [8/17/2007 10:58:18 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-06-06 19:29:50 ------------

Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 85%
Physical Memory (total/avail): 1022.79 MiB / 145.04 MiB
Pagefile Memory (total/avail): 2461.28 MiB / 1832.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.54 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 107.68 GiB total, 74.59 GiB free.
D: is Fixed (FAT32) - 4.12 GiB total, 4.12 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SV1204H - 111.81 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 107.68 GiB - C:
\PARTITION1 - Unknown - 4.13 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Don\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MDGDON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Don
LOGONSERVER=\\MDGDON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Don\LOCALS~1\Temp
TMP=C:\DOCUME~1\Don\LOCALS~1\Temp
USERDOMAIN=MDGDON
USERNAME=Don
USERPROFILE=C:\Documents and Settings\Don
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Don (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Multimedia Center 7.8.0.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E957696E-6D13-4B92-AF02-2073D7D522B4}\setup.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Chinese Traditional Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
Creative Media Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative ZEN Stone Plus User's Guide --> "C:\Program Files\Creative\Creative ZEN Stone Plus\UGRemove.exe" /Product_Name:ZENStonePlusUG
Creative ZEN Stone User's Guide --> "C:\Program Files\Creative\Creative ZEN Stone\UGRemove.exe" /Product_Name:ZENStoneUG
Dazzle MovieStar 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8766B65-4B9C-11D6-830E-0050DABBB449}\Setup.exe"
Dazzle Photo Editor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39C5A3E0-31AF-11D6-830E-0050DABBB449}\setup.exe"
DVC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B98440-4A0D-11D5-8310-0050DABBB21D}\Setup.exe"
DVD Complete --> MsiExec.exe /X{44A0C48D-D548-4F36-9FFF-600CEC4688EB}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Flickr Uploadr 2.5.0.15 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark X74-X75 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2003 --> MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Network Magic --> C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
OnDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F330A4C0-802E-11D5-8311-0050DABBB21D}\Setup.exe" -L0x0009
OverDrive Media Console --> MsiExec.exe /I{16D9439B-DF3D-43D1-A727-4B335300D07A}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
QuickTax 2007 --> MsiExec.exe /X{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Reader Drivers and Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8811C6B-4C6F-11D6-830E-0050DABBB449}\Setup.exe"
Rogers Self Healing Software (remove only) --> "C:\Program Files\Rogers\SelfHealing\uninst.exe"
Rogers Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
StarOffice 8 --> MsiExec.exe /I{D6BBC858-B557-458C-BB0C-A5AB39C2B780}
Update Manager (remove only) --> "C:\Program Files\Rogers\Update Manager\uninst.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Webcast --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{200E0DC2-2223-11D6-830E-0050DABBB449}\Setup.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office 2002 OEM --> C:\WINDOWS\Corel\uninst32.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type31011 / Error
Event Submitted/Written: 06/05/2008 05:30:38 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Event Record #/Type30750 / Error
Event Submitted/Written: 05/31/2008 08:10:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application nmapp.exe, version 4.5.7228.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type30643 / Warning
Event Submitted/Written: 05/30/2008 10:57:58 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20509 / Error
Event Submitted/Written: 06/06/2008 04:08:38 PM
Event ID/Source: 9 / IdeChnDr
Event Description:
The device, \Device\Ide\IdeDeviceP1T0L0, did not respond within the timeout period.

Event Record #/Type20508 / Warning
Event Submitted/Written: 06/06/2008 04:08:38 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

Event Record #/Type20507 / Error
Event Submitted/Written: 06/06/2008 04:08:25 PM
Event ID/Source: 9 / IdeChnDr
Event Description:
The device, \Device\Ide\IdeDeviceP1T0L0, did not respond within the timeout period.

Event Record #/Type20506 / Warning
Event Submitted/Written: 06/06/2008 04:08:25 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

Event Record #/Type20504 / Error
Event Submitted/Written: 06/06/2008 04:08:13 PM
Event ID/Source: 9 / IdeChnDr
Event Description:
The device, \Device\Ide\IdeDeviceP1T0L0, did not respond within the timeout period.



-- End of Deckard's System Scanner: finished at 2008-06-06 19:29:50 ------------
donpatent
Active Member
 
Posts: 9
Joined: June 2nd, 2008, 6:38 pm

Re: My log file

Unread postby Elrond » June 7th, 2008, 4:18 pm

There is nothing that I can see to indicates that you have an infection. We will have to go still deeper. This is an advanced check for rootkits that can hide nasties.

Please download Icesword v.1.22 from http://www.majorgeeks.com/Icesword_d5199.html

Right click the file IceSword122_en.zip and. Now click Extract here. It will create a new folder called IceSword120_en

Once IceSword is extracted, with all browser and Explorer windows closed, open the folder and run IceSword

  • Once IceSword is open, click the Win32 Service Function on the left Menu Bar
    If any red entries are found, click the blue Log Tab at the top of the screen and save the log to a place where you can easily find it with the name ISservice-list.txt. Let me know if there are any RED entries in the list and if so which ones they are.
  • Now, Click IceSword's Process Function on the left Menu Bar
    If any red entries are found, click the blue Log tab at the top of the screen and save the log to a place where you can easily find it with the name ISprocesslist.txt. Let me know if there are any RED entries in the list and if so which ones they are.
  • Next go to Startup on the left Menu Bar and click it. Let me know if there are any RED entries in the list that opens up and if so which ones they are.
  • Please post ISservicelist.text and/or ISprocesslist.txt in your next post. Let me know if you saw any entries in RED.


The next one is a very good spyware scanner.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: Start -> Run -> Typing in %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


The last scan is one of the better online Anti-Virus scans.

1 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Image
  • Copy and paste the report in your next post.
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.


Please post the information from Icesword and the logs from MalwareBytes AntiMalware and Kaspersky.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: My log file

Unread postby donpatent » June 8th, 2008, 12:45 am

No red entries anywhere!

Process:

System Idle Process
System
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Don\Local Settings\Temp\IceSword122en\IceSword122en\IceSword.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\Program Files\Rogers\SelfHealing\RogersAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.bin
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe

Started Service:

Service Name:ALG Display Name:Application Layer Gateway Service
Service Name:Apple Mobile Device Display Name:Apple Mobile Device
Service Name:AudioSrv Display Name:Windows Audio
Service Name:Automatic LiveUpdate Scheduler Display Name:Automatic LiveUpdate Scheduler
Service Name:Browser Display Name:Computer Browser
Service Name:ccEvtMgr Display Name:Symantec Event Manager
Service Name:ccSetMgr Display Name:Symantec Settings Manager
Service Name:CLTNetCnService Display Name:Symantec Lic NetConnect service
Service Name:Creative Service for CDROM Access Display Name:Creative Service for CDROM Access
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:CTDevice_Srv Display Name:CT Device Query service
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
Service Name:gusvc Display Name:Google Updater Service
Service Name:helpsvc Display Name:Help and Support
Service Name:HidServ Display Name:HID Input Service
Service Name:HTTPFilter Display Name:HTTP SSL
Service Name:iPod Service Display Name:iPod Service
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LexBceS Display Name:LexBce Server
Service Name:LiveUpdate Notice Ex Display Name:LiveUpdate Notice Service Ex
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:nmservice Display Name:Pure Networks Platform Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPSEC Services
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification
Service Name:SharedAccess Display Name:Windows Firewall/Internet Connection Sharing (ICS)
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:SoundMAX Agent Service (default) Display Name:SoundMAX Agent Service
Service Name:Spooler Display Name:Print Spooler
Service Name:srservice Display Name:System Restore Service
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:Symantec Core LC Display Name:Symantec Core LC
Service Name:SymAppCore Display Name:Symantec AppCore Service
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:wscsvc Display Name:Security Center
Service Name:wuauserv Display Name:Automatic Updates
Service Name:WZCSVC Display Name:Wireless Zero Configuration


Malwarebytes' Anti-Malware 1.15
Database version: 839

10:06:30 PM 6/7/2008
mbam-log-6-7-2008 (22-06-30).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 131420
Time elapsed: 1 hour(s), 20 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 08, 2008 12:42:50 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/06/2008
Kaspersky Anti-Virus database records: 838608
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 91705
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:54:40

Infected Object Name / Virus Name / Last Action
C:\BACKUP\Documents and Settings\Don\My Documents\My Downloads\FINDnFIX.exe/keys1/NirComLine.exe Infected: not-a-virus:RemoteAdmin.Win32.NirCmdLine.14 skipped
C:\BACKUP\Documents and Settings\Don\My Documents\My Downloads\FINDnFIX.exe ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-06-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\EDD7BEEE.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FA92592A.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\cert8.db Object is locked skipped
C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\history.dat Object is locked skipped
C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\key3.db Object is locked skipped
C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\parent.lock Object is locked skipped
C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Don\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbdam Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbdao Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbeam Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbeao Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbm Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\fii.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\fim1i.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\fim1ih.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\hp Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Google Desktop\e4e2fdab6e00\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zchxm6i.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Don\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Don\Local Settings\History\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temp\Perflib_Perfdata_e3c.dat Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temp\~DF3A5F.tmp Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temp\~DF78DC.tmp Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Don\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Don\My Documents\My Downloads\FINDnFIX.exe/keys1/NirComLine.exe Infected: not-a-virus:RemoteAdmin.Win32.NirCmdLine.14 skipped
C:\Documents and Settings\Don\My Documents\My Downloads\FINDnFIX.exe ZIP: infected - 1 skipped
C:\Documents and Settings\Don\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Don\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{520B5C7F-56D2-45F7-AD22-6D77DA62411C}\RP494\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{13506471-DBAD-4690-A054-10C4EB624E7A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
donpatent
Active Member
 
Posts: 9
Joined: June 2nd, 2008, 6:38 pm

Re: My log file

Unread postby Elrond » June 8th, 2008, 3:40 am

So far nothing seen but there are a few things that I would like to check:


Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.


Run the following batch files:
  • Copy the contents of the Quote Box below to Notepad. Be sure that Word Wrap is unchecked under Format in the Toolbar.
  • Name the file as Scripting.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
dir /a /s "C:\WINDOWS\system32\scripting" >> scriptinglog.txt
notepad scriptinglog.txt
del scriptinglog.txt

Click Scripting.bat. A black window will open and and a moment later Notepad will open.
Copy the text from Notepad to this thread.

Next repeat the procedure but
  • Name the file l2schemas.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
dir /a /s "C:\WINDOWS\l2schemas" >> l2schemaslog.txt
notepad l2schemaslog.txt
del l2schemaslog.txt

Click l2schemas.bat. A black window will open and and a moment later Notepad will open.
Copy the text from Notepad to this thread.

Next repeat the procedure but
  • Name the file en.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
dir /a /s "C:\WINDOWS\system32\en" >> enlog.txt
notepad enlog.txt
del enlog.txt

Click en.bat. A black window will open and and a moment later Notepad will open.
Copy the text from Notepad to this thread.

Next repeat the procedure but
  • Name the file bits.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
dir /a /s "C:\WINDOWS\system32\bits" >> bitslog.txt
notepad bitslog.txt
del bitslog.txt
[/quote]
Click bits.bat. A black window will open and and a moment later Notepad will open.
Copy the text from Notepad to this thread.

Please mark each of the logs clearly so that they are easy to identify.


Post the Combofix log together with the results from the four bat files.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: My log file

Unread postby donpatent » June 8th, 2008, 2:28 pm

ComboFix 08-06-07.3 - Don 2008-06-08 13:59:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.301 [GMT -4:00]
Running from: C:\Documents and Settings\Don\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 22:16 . 2008-06-07 22:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-07 22:16 . 2008-06-07 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-07 20:43 . 2008-06-07 20:43 <DIR> d-------- C:\Documents and Settings\Don\Application Data\Malwarebytes
2008-06-07 20:42 . 2008-06-07 20:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 20:42 . 2008-06-07 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 20:42 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 20:42 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 19:15 . 2008-06-06 19:15 <DIR> d-------- C:\Deckard
2008-05-31 21:47 . 2008-05-31 21:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-30 10:55 . 2008-05-30 10:55 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-30 10:55 . 2008-05-30 10:55 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-30 10:55 . 2008-05-30 10:55 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-30 10:55 . 2008-05-30 10:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-30 09:48 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-30 09:48 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-30 09:48 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-05-30 09:48 . 2008-04-13 20:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-05-30 09:48 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-30 09:46 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-05-30 09:46 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-05-30 09:46 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-05-30 09:46 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-05-30 09:46 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-05-30 09:46 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-05-30 09:46 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-05-30 09:46 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-05-30 09:46 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-05-30 09:46 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-05-30 09:44 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-10 08:38 . 2008-06-08 08:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 08:38 . 2008-05-10 08:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 16:06 . 2008-05-09 16:06 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 18:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-08 13:04 --------- d-----w C:\Documents and Settings\Don\Application Data\StarOffice8
2008-06-08 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-06 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-30 20:45 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-30 20:45 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-30 20:45 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-30 20:45 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-30 20:45 --------- d-----w C:\Program Files\Symantec
2008-05-21 23:13 --------- d-----w C:\Program Files\Google
2008-04-28 22:09 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-04-28 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-28 21:54 --------- d-----w C:\Program Files\Pure Networks
2008-04-25 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-17 17:30 --------- d-----w C:\Program Files\QuickTax 2007
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-07-05 14:53 136504]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-11 10:00 68856]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51 478968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"ATI Launchpad"="" []
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 20:36 90112]
"QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 02:36 77887]
"POINTER"="point32.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 21:21 28672]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 05:54 57344]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 00:41 94208]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-24 08:12 29744]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-13 00:00 294912]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 03:14 684032]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 14:48 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Don\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2007-08-17 22:58:18 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= nuvyuv.dll
"VIDC.YUY2"= nuvyuv.dll
"VIDC.NTN1"= NUVision.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 SI3112;SiI-3112 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys [2002-11-21 19:20]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-24 08:12]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 17:34]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 13:21:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 04:25:01 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Don.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
"2008-06-06 21:21:37 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:03:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTZDetec.exe = C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-08 14:05:34
ComboFix-quarantined-files.txt 2008-06-08 18:05:16

Pre-Run: 80,160,473,088 bytes free
Post-Run: 80,196,169,728 bytes free

238 --- E O F --- 2008-05-28 17:23:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:21 PM, on 6/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

HIGHJACKTHIS LOG
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/advanced_search?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/17.17/uploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6442901421
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14247 bytes

SCRIPTING
Volume in drive C has no label.
Volume Serial Number is 6C69-4B4E

Directory of C:\WINDOWS\system32\scripting

05/30/2008 10:55 AM <DIR> .
05/30/2008 10:55 AM <DIR> ..
02/23/2008 10:40 AM 11,776 cscript.exe.mui
02/23/2008 10:40 AM 12,800 jscript.dll.mui
02/23/2008 10:40 AM 5,632 msscript.ocx.mui
02/23/2008 10:40 AM 9,216 scrobj.dll.mui
02/23/2008 10:40 AM 9,728 scrrun.dll.mui
02/23/2008 10:40 AM 11,264 vbscript.dll.mui
02/23/2008 10:40 AM 10,240 wscript.exe.mui
02/23/2008 10:40 AM 5,632 wshext.dll.mui
02/23/2008 10:40 AM 7,168 wshom.ocx.mui
9 File(s) 83,456 bytes

Total Files Listed:
9 File(s) 83,456 bytes
2 Dir(s) 80,218,451,968 bytes free

SCHEMAS
Volume in drive C has no label.
Volume Serial Number is 6C69-4B4E

Directory of C:\WINDOWS\l2schemas

05/30/2008 10:55 AM <DIR> .
05/30/2008 10:55 AM <DIR> ..
04/02/2007 09:36 AM 1,066 baseeapconnectionpropertiesv1.xsd
04/02/2007 09:36 AM 612 baseeapmethodconfig.xsd
04/02/2007 09:36 AM 648 baseeapmethodusercredentials.xsd
04/02/2007 09:36 AM 1,116 baseeapuserpropertiesv1.xsd
04/02/2007 09:36 AM 752 eapcommon.xsd
04/02/2007 09:36 AM 1,159 eapconnectionpropertiesv1.xsd
04/02/2007 09:36 AM 1,115 eaphostconfig.xsd
04/02/2007 09:36 AM 1,193 eaphostusercredentials.xsd
04/02/2007 09:36 AM 3,192 eaptlsconnectionpropertiesv1.xsd
04/02/2007 09:36 AM 1,329 eaptlsuserpropertiesv1.xsd
04/02/2007 09:36 AM 789 eapuserpropertiesv1.xsd
06/08/2007 03:50 PM 2,687 lan_policy_v1.xsd
06/08/2007 03:50 PM 2,241 lan_profile_v1.xsd
04/02/2007 09:36 AM 1,271 mschapv2connectionpropertiesv1.xsd
04/02/2007 09:36 AM 1,410 mschapv2userpropertiesv1.xsd
04/02/2007 09:36 AM 2,843 mspeapconnectionpropertiesv1.xsd
04/02/2007 09:36 AM 1,484 mspeapuserpropertiesv1.xsd
06/08/2007 03:51 PM 5,957 onex_v1.xsd
04/02/2007 09:36 AM 15,263 wlan_profile_v1.xsd
19 File(s) 46,127 bytes

Total Files Listed:
19 File(s) 46,127 bytes
2 Dir(s) 80,218,431,488 bytes free

ENBAT
Volume in drive C has no label.
Volume Serial Number is 6C69-4B4E

Directory of C:\WINDOWS\system32\en

05/30/2008 10:55 AM <DIR> .
05/30/2008 10:55 AM <DIR> ..
04/13/2008 08:11 PM 28,672 microsoft.managementconsole.resources.dll
04/13/2008 08:11 PM 40,960 mmcex.resources.dll
04/13/2008 08:11 PM 6,656 mmcfxcommon.resources.dll
3 File(s) 76,288 bytes

Total Files Listed:
3 File(s) 76,288 bytes
2 Dir(s) 80,218,378,240 bytes free

BITS
Volume in drive C has no label.
Volume Serial Number is 6C69-4B4E

Directory of C:\WINDOWS\system32\bits

05/30/2008 10:55 AM <DIR> .
05/30/2008 10:55 AM <DIR> ..
04/13/2008 08:12 PM 409,088 qmgr.dll
1 File(s) 409,088 bytes

Total Files Listed:
1 File(s) 409,088 bytes
2 Dir(s) 80,218,374,144 bytes free
donpatent
Active Member
 
Posts: 9
Joined: June 2nd, 2008, 6:38 pm

Re: My log file

Unread postby Elrond » June 9th, 2008, 3:17 pm

Sorry for the delay but have been off line for the last 28 hours and it is late here. Will try to get back to you tomorrow morning.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: My log file

Unread postby Elrond » June 10th, 2008, 10:47 am

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1

Still nothing to be found. I will ask some of my peers to check it over because anybody can miss something.

In the interim you should up date your Java installation.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 6.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 6 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u6-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1

    and any other Java 3 Runtime Environment, JRE or JSE
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: My log file

Unread postby Elrond » June 10th, 2008, 2:22 pm

Hi again

I have asked somebody else to check what we have done so far and they could not find anything in the system either. The next step in the check out of this computer is running some logs that could be very large. However before we do that I would like to see a DSS log from the second computer on your net. Before I start working on a scan that can be time consuming for you and which will be a time hog for me I want to be sure that the other computer is not the culprit.

On the second computer on your net please
Download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
Please mark them as being from the second computer.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: My log file

Unread postby donpatent » June 10th, 2008, 6:12 pm

From second computer:

Deckard's System Scanner v20071014.68
Run by Patricia on 2008-06-10 17:13:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2008-06-10 21:13:47 UTC - RP997 - Deckard's System Scanner Restore Point
96: 2008-06-10 14:09:33 UTC - RP996 - System Checkpoint
95: 2008-06-09 12:32:56 UTC - RP995 - System Checkpoint
94: 2008-06-08 03:44:59 UTC - RP994 - Software Distribution Service 3.0
93: 2008-06-07 22:23:37 UTC - RP993 - System Checkpoint


-- First Restore Point --
1: 2008-03-13 17:13:20 UTC - RP901 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-10 17:17:57
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Rogers\SelfHealing\RogersAgent.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patricia\Desktop\Deckard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {ee986bed-ea69-4264-bab1-88d590809a23} - C:\WINDOWS\system32\pppm.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.rogershelp.com (HKCU)
O15 - Trusted IP Range: 192.168.2.1 (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.31/uploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1654260796
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/fl ... rashim.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 14054 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-10 12:00:42 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-09 21:30:45 602 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Patricia.job


-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-01 13:04:15 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-05-30 14:22:32 0 d-------- C:\WINDOWS\Prefetch
2008-05-30 14:07:25 0 d-------- C:\WINDOWS\system32\scripting
2008-05-30 14:07:24 0 d-------- C:\WINDOWS\l2schemas
2008-05-30 14:07:22 0 d-------- C:\WINDOWS\system32\en
2008-05-30 14:07:22 0 d-------- C:\WINDOWS\system32\bits
2008-05-30 14:01:44 0 d-------- C:\WINDOWS\ServicePackFiles


-- Find3M Report ---------------------------------------------------------------

2008-06-10 17:15:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-06 18:11:57 0 d-------- C:\Program Files\Google
2008-06-04 08:15:34 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-02 22:01:21 0 d-------- C:\Documents and Settings\Patricia\Application Data\Skype
2008-06-02 19:01:29 0 d-------- C:\Documents and Settings\Patricia\Application Data\skypePM
2008-06-01 13:03:32 0 d-------- C:\Program Files\MSN Games
2008-05-30 21:14:30 0 d-------- C:\Program Files\Symantec
2008-05-30 14:08:25 0 d-------- C:\Program Files\Messenger
2008-05-30 14:07:21 0 d-------- C:\Program Files\Movie Maker
2008-05-30 14:01:10 0 d-------- C:\Program Files\Windows NT
2008-05-25 08:44:11 0 d-------- C:\Program Files\Rogers
2008-04-28 18:49:02 0 d-------- C:\Program Files\Pure Networks
2008-04-28 18:45:49 0 d-------- C:\Program Files\Common Files
2008-04-28 18:45:49 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-04-27 08:48:12 0 d-------- C:\Documents and Settings\Patricia\Application Data\Adobe
2008-04-23 17:04:08 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee986bed-ea69-4264-bab1-88d590809a23}]
C:\WINDOWS\system32\pppm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [10/08/2004 08:04 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/02/2004 10:55 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/02/2004 10:51 AM]
"SoundMan"="SOUNDMAN.EXE" [24/04/2003 04:53 PM C:\WINDOWS\SOUNDMAN.EXE]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 05:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 02:50 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [13/09/2004 05:51 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [05/07/2006 12:01 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 04:30 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/05/2007 12:45 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [26/06/2007 02:48 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [28/09/2006 01:16 PM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [11/10/2006 12:45 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 01:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [14/01/2007 03:11 AM]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [08/01/2008 05:20 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [18/01/2008 10:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [12/05/2004 04:04 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/07/2007 08:42 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [13/04/2008 08:12 PM]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 04:45 PM]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [23/04/2007 04:51 PM]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [12/10/2007 04:30 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2/1/2005 7:45:45 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 5:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-06-10 17:21:27 ------------

NEXT FILE:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.80GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 509.8 MiB / 188.4 MiB
Pagefile Memory (total/avail): 1247.43 MiB / 721.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.02 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 51.6 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00JKA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE1 - Canon MP460Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Patricia\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WILLOW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Patricia
LOGONSERVER=\\WILLOW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Support Tools\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp
USERDOMAIN=WILLOW
USERNAME=Patricia
USERPROFILE=C:\Documents and Settings\Patricia
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Patricia(admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\unmrw.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Ancient Tripeaks And Spiders --> C:\PROGRA~1\eGames\ANCIEN~1\UNWISE.EXE C:\PROGRA~1\eGames\ANCIEN~1\INSTALL.LOG
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP460 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460 /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Card and Board Games --> C:\PROGRA~1\eGames\CARDAN~1\UNWISE.EXE C:\PROGRA~1\eGames\CARDAN~1\INSTALL.LOG
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Cubis Gold --> "C:\Program Files\MSN Games\Cubis Gold\Uninstall.exe" "C:\Program Files\MSN Games\Cubis Gold\install.log"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eGames GameButler --> C:\PROGRA~1\eGames\GAMEBU~1\UNWISE.EXE C:\PROGRA~1\eGames\GAMEBU~1\INSTALL.LOG
Extreme Orchids Special Edition --> C:\PROGRA~1\eGames\EXTREM~1\UNWISE.EXE C:\PROGRA~1\eGames\EXTREM~1\INSTALL.LOG
Four Field Kono --> C:\PROGRA~1\eGames\FOURFI~1\UNWISE.EXE C:\PROGRA~1\eGames\FOURFI~1\INSTALL.LOG
FPAdjust --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Flat Panel Adjust\Uninst.isu"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hearts --> C:\PROGRA~1\eGames\Hearts\UNWISE.EXE C:\PROGRA~1\eGames\Hearts\INSTALL.LOG
Homespun Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62201736-0A1F-4C6F-9C59-1AA3360CEA50}\Setup.exe"
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexicon Special Edition --> C:\PROGRA~1\eGames\LEXICO~1\UNWISE.EXE C:\PROGRA~1\eGames\LEXICO~1\INSTALL.LOG
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic Match --> "C:\Program Files\MSN Games\Magic Match\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match\install.log"
Memory Match --> C:\PROGRA~1\eGames\MEMORY~1\UNWISE.EXE C:\PROGRA~1\eGames\MEMORY~1\INSTALL.LOG
Microsoft Encarta Encyclopedia Standard 2005 --> MsiExec.exe /I{05410044-64A6-4248-A026-9745C1E9E159}
Microsoft Money 2005 --> c:\program files\microsoft money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft Windows Theme Nunavut --> MsiExec.exe /X{047815FB-4E38-42D5-95CB-8A131DDD8668}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft Works 2005 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}
Mini Go --> C:\PROGRA~1\eGames\MINIGO~1\UNWISE.EXE C:\PROGRA~1\eGames\MINIGO~1\INSTALL.LOG
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero PhotoShow Express --> "C:\Program Files\Ahead\Ahead\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
Network Magic --> C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Omar Sharif Bridge --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E30DECE7-42AF-489D-ABB4-BAD765347272}\setup.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Poker Master --> C:\PROGRA~1\eGames\POKERM~1\UNWISE.EXE C:\PROGRA~1\eGames\POKERM~1\INSTALL.LOG
Print Artist 2003 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra\Print Artist 2003\HiUninst.isu" -c"C:\Program Files\Sierra\Print Artist 2003\Uninstpa.DLL"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rogers Self Healing Software (remove only) --> "C:\Program Files\Rogers\SelfHealing\uninst.exe"
Rogers Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Scrabble Complete --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B36649A3-D0DD-4706-B042-F5B384529C7A}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SierraAddressBook 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}\setup.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Solitaire 2 Special Edition --> C:\PROGRA~1\eGames\SOLITA~2\UNWISE.EXE C:\PROGRA~1\eGames\SOLITA~2\INSTALL.LOG
Solitaire Master 5 --> C:\PROGRA~1\eGames\SOLITA~1\UNWISE.EXE C:\PROGRA~1\eGames\SOLITA~1\INSTALL.LOG
Sonic RecordNow! Deluxe --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Tropical Poker Special Edition --> C:\PROGRA~1\eGames\TROPIC~1\UNWISE.EXE C:\PROGRA~1\eGames\TROPIC~1\INSTALL.LOG
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
Update Manager (remove only) --> "C:\Program Files\Rogers\Update Manager\uninst.exe"
WeatherEye --> "C:\Program Files\TheWeatherNetwork\WeatherEye\MMTWNLiveUpdate.exe" /language ENGLISH /uninstall HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WeatherEye,HKEY_CURRENT_USER\Software\MMTWN\WeatherEye
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Word Wiz --> C:\PROGRA~1\eGames\WORDWI~1\UNWISE.EXE C:\PROGRA~1\eGames\WORDWI~1\INSTALL.LOG
WordPerfect Office X3 --> MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}
WordPerfect OfficeReady --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}\setup.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type21060 / Warning
Event Submitted/Written: 06/09/2008 10:13:36 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type21022 / Error
Event Submitted/Written: 06/09/2008 10:23:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type21004 / Warning
Event Submitted/Written: 06/08/2008 09:22:02 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type20988 / Error
Event Submitted/Written: 06/08/2008 00:17:24 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Event Record #/Type20980 / Error
Event Submitted/Written: 06/08/2008 08:28:51 AM
Event ID/Source: 0 / Media Center Scheduler
Event Description:
There are zero configured tuners on this machine, scheduling should not occur in this state!!!



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type52698 / Warning
Event Submitted/Written: 06/10/2008 05:18:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WILLOW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WILLOW27 can't undo changes that you allow.

For more information please see the following:
%WILLOW275

Scan ID: {09A13D03-6AC7-48E0-91D1-1DB11AB94E51}

User: WILLOW\Patricia

Name: %WILLOW271

ID: %WILLOW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %WILLOW276

Alert Type: %WILLOW278

Detection Type: 1.1.1593.02

Event Record #/Type52697 / Warning
Event Submitted/Written: 06/10/2008 05:18:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WILLOW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WILLOW27 can't undo changes that you allow.

For more information please see the following:
%WILLOW275

Scan ID: {0688079F-C0FB-4DF9-8299-49D65256543D}

User: WILLOW\Patricia

Name: %WILLOW271

ID: %WILLOW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %WILLOW276

Alert Type: %WILLOW278

Detection Type: 1.1.1593.02

Event Record #/Type52696 / Warning
Event Submitted/Written: 06/10/2008 05:18:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WILLOW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WILLOW27 can't undo changes that you allow.

For more information please see the following:
%WILLOW275

Scan ID: {F5A299C3-2CAC-4B5A-89DB-00FBFB413FEE}

User: WILLOW\Patricia

Name: %WILLOW271

ID: %WILLOW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %WILLOW276

Alert Type: %WILLOW278

Detection Type: 1.1.1593.02

Event Record #/Type52695 / Warning
Event Submitted/Written: 06/10/2008 05:18:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WILLOW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WILLOW27 can't undo changes that you allow.

For more information please see the following:
%WILLOW275

Scan ID: {3076ECCC-E151-4908-8D3E-2D7B5292E377}

User: WILLOW\Patricia

Name: %WILLOW271

ID: %WILLOW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %WILLOW276

Alert Type: %WILLOW278

Detection Type: 1.1.1593.02

Event Record #/Type52694 / Warning
Event Submitted/Written: 06/10/2008 05:18:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WILLOW27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WILLOW27 can't undo changes that you allow.

For more information please see the following:
%WILLOW275

Scan ID: {F59B9D92-8B3C-4C80-8426-948F6464B773}

User: WILLOW\Patricia

Name: %WILLOW271

ID: %WILLOW272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %WILLOW276

Alert Type: %WILLOW278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-06-10 17:21:27 ------------
donpatent
Active Member
 
Posts: 9
Joined: June 2nd, 2008, 6:38 pm

Re: My log file

Unread postby Elrond » June 11th, 2008, 8:56 am

Let us first take care of the few small problems I see on the second computer:

Disable MS Defender until the computer is clean

Microsoft Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Don't forget to re-enable it, when your computer is clean.


Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.

I would advise you to go to Add/Remove programs and uninstall your poker programs if they are onleine games. If it is a program that is only playing against the computer and has no contact with other computers there is noreason to remove it. Poker Master{/b]

For your reference here are links to some online poker sites regarded as safe .

* http://www.pokerstars.net/ - This is a free to use/play site.
* http://www.pokerstars.com/ - This is the paid for version.


Open HijackThis and click "Do a System Scan Only" or "Scan". Put a check mark by the items that are listed below.
[b]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {ee986bed-ea69-4264-bab1-88d590809a23} - C:\WINDOWS\system32\pppm.dll (file missing)

Close all open windows except HijackThis and then click the "Fix checked" button.


Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 6.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 6 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u6-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java
    J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

    Any other older Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer


Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 8.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 8 is a large program and if you prefer a smaller program you can get Foxit 2.0 instead from http://www.foxitsoftware.com/pdf/rd_intro.php


Download and Run OTMoveIt2

Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\WINDOWS\system32\pppm.dll

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2

Let me know what OTMoveIt2 reported. Let me know how that computer runs.


==============================================================================================================



Now to the difficult part. This is for the first computer:


Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.


OTScanIt

Download OTScanIt to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt to start the program.
    • In the Files Created Within group click 90 days
    • In the Files Modified Within group select 90 days
    • In the File String Search group select Non-Microsoft
    • In drivers click Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please post the resulting log here.


Please post the logs from Gmer and from OTScanIt in the next post or posts. If the logs are too big to post in one post (wwhich is not inprobable) then plese post them in as many parts as necessary but be sure that you have the parts overlap each other.

It will take me a some time to analyze those logs.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: My log file

Unread postby donpatent » June 11th, 2008, 4:16 pm

Computer2
MoveIt2 Results:
File/Folder C:\WINDOWS\system32\pppm.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06112008_161256

Computer runs good - no problems!
donpatent
Active Member
 
Posts: 9
Joined: June 2nd, 2008, 6:38 pm

Re: My log file

Unread postby donpatent » June 11th, 2008, 5:37 pm

Computer 1
Gmer log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-11 17:27:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 872D1528 ZwAlertResumeThread
SSDT 87304D90 ZwAlertThread
SSDT 87193C78 ZwAllocateVirtualMemory
SSDT 872307B8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB041AEB0]
SSDT 87263DE8 ZwCreateMutant
SSDT 870F99B8 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB041B130]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB041B690]
SSDT 87120210 ZwFreeVirtualMemory
SSDT 87191C38 ZwImpersonateAnonymousToken
SSDT 86E8F418 ZwImpersonateThread
SSDT 87120170 ZwMapViewOfSection
SSDT 871592B0 ZwOpenEvent
SSDT 87157790 ZwOpenProcessToken
SSDT 87219290 ZwOpenThreadToken
SSDT 870A5DC8 ZwResumeThread
SSDT 87198E78 ZwSetContextThread
SSDT 87214DA0 ZwSetInformationProcess
SSDT 871220C0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB041B8E0]
SSDT 8715A2D8 ZwSuspendProcess
SSDT 8727C930 ZwSuspendThread
SSDT 8701BE70 ZwTerminateProcess
SSDT 870AAB68 ZwTerminateThread
SSDT 86F0EA48 ZwUnmapViewOfSection
SSDT 872187D8 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3888] kernel32.dll!ExitProcess 7C81CAFA 2 Bytes JMP 050520B4 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3888] kernel32.dll!ExitProcess + 3 7C81CAFD 2 Bytes [ 83, 88 ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3888] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0505205E C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3888] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 05052089 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [014C7376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[2168] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [014C73CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
donpatent
Active Member
 
Posts: 9
Joined: June 2nd, 2008, 6:38 pm

Re: My log file

Unread postby donpatent » June 11th, 2008, 5:54 pm

Computer1
OTScanIt log:

Code: Select all
OTScanIt logfile created on: 6/11/2008 5:48:37 PM
OTScanIt by OldTimer - Version 1.0.15.14     Folder = C:\Documents and Settings\Don\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.79 Mb Total Physical Memory | 387.97 Mb Available Physical Memory | 37.93% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.68 Gb Total Space | 74.32 Gb Free Space | 69.01% Space Free | Partition Type: NTFS
Drive D: | 4.12 Gb Total Space | 4.12 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MDGDON
Current User Name: Don
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr =    ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 4:19:28 AM | Attr =    ]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 303104 bytes | Modified Date = 7/31/2002 5:57:12 AM | Attr =    ]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 174592 bytes | Modified Date = 7/31/2002 5:57:13 AM | Attr =    ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =    ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr =    ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr =    ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 5:48:33 PM | Attr =    ]
smtray.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices, Inc. [Ver = 3, 2, 10, 0 | Size = 90112 bytes | Modified Date = 6/26/2002 8:36:58 PM | Attr =    ]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 9:01:00 AM | Attr =    ]
ctdevsrv.exe -> %ProgramFiles%\Creative\Shared Files\CTDevSrv.exe -> Creative Technology Ltd [Ver = 1, 0, 1, 0 | Size = 61440 bytes | Modified Date = 4/2/2007 2:15:40 PM | Attr =    ]
wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 7.00.0716.0 | Size = 28672 bytes | Modified Date = 7/16/2002 9:21:48 PM | Attr =    ]
lxbbbmgr.exe -> %ProgramFiles%\Lexmark X74-X75\lxbbbmgr.exe -> Lexmark International, Inc. [Ver = 1.0.5.3 | Size = 57344 bytes | Modified Date = 7/31/2002 5:54:52 AM | Attr =    ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 4/24/2008 8:12:20 AM | Attr =    ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.13.10.3041 | Size = 294912 bytes | Modified Date = 10/13/2002 | Attr =    ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 6/11/2007 10:00:06 AM | Attr =    ]
lxbbbmon.exe -> %ProgramFiles%\Lexmark X74-X75\lxbbbmon.exe -> Lexmark International, Inc. [Ver = 1.0.5.3 | Size = 49152 bytes | Modified Date = 7/31/2002 5:55:06 AM | Attr =    ]
directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.1.154 | Size = 684032 bytes | Modified Date = 8/1/2002 3:14:26 AM | Attr =    ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 5, 0 | Size = 45056 bytes | Modified Date = 7/15/2002 7:36:54 PM | Attr =    ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 2:11:04 PM | Attr =    ]
yop.exe -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2007, 6, 26, 2 | Size = 509224 bytes | Modified Date = 6/26/2007 2:48:14 PM | Attr =    ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 1:59:52 AM | Attr =    ]
nmctxth.exe -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmctxth.exe -> Pure Networks, Inc. [Ver = 4.5.7274.0 | Size = 451896 bytes | Modified Date = 1/8/2008 5:20:44 PM | Attr =    ]
nmapp.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 4.5.7228.0 | Size = 451896 bytes | Modified Date = 1/18/2008 10:32:34 AM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =    ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/11/2007 10:00:09 AM | Attr =    ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 4/24/2008 8:12:20 AM | Attr =    ]
rogersagent.exe -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr =    ]
ctzdetec.exe -> %ProgramFiles%\Creative\Creative Media Lite\CTZDetec.exe -> Creative Technology Ltd. [Ver = 1.0.2.0 | Size = 98304 bytes | Modified Date = 5/15/2007 8:25:14 PM | Attr =    ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/16/2007 4:55:20 PM | Attr =    ]
nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 7, 5, 3000 | Size = 118784 bytes | Modified Date = 11/29/2006 5:48:22 PM | Attr =    ]
googlewebaccwarden.exe -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe ->  [Ver =  | Size = 1134592 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr =    ]
ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =    ]
nmsrvc.exe -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.5.7274.0 | Size = 451896 bytes | Modified Date = 1/8/2008 5:20:44 PM | Attr =    ]
soffice.exe -> %ProgramFiles%\Sun\StarOffice 8\program\soffice.exe -> Sun Microsystems, Inc. [Ver = 8.0.0.9292 | Size = 1019904 bytes | Modified Date = 4/8/2008 11:16:02 PM | Attr =    ]
ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 2:18:10 PM | Attr =    ]
soffice.bin -> %ProgramFiles%\Sun\StarOffice 8\program\soffice.bin -> Sun Microsystems, Inc. [Ver = 8.0.0.9292 | Size = 1241088 bytes | Modified Date = 4/8/2008 11:17:04 PM | Attr =    ]
ssdk02.exe -> %ProgramFiles%\Yahoo!\YOP\SSDK02.exe -> Symantec Corporation [Ver = 3.2.0.37 | Size = 628352 bytes | Modified Date = 2/16/2007 1:20:32 PM | Attr =    ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 2:10:54 PM | Attr =    ]
googlewebaccclient.exe -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccClient.exe ->  [Ver =  | Size = 1888256 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 4/18/2008 1:01:12 PM | Attr =    ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 11/21/2007 3:00:07 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.14 | Size = 397312 bytes | Modified Date = 6/10/2008 9:32:36 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =    ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0004 | Size = 110677 bytes | Modified Date = 10/13/2002 | Attr =    ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr =    ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr =    ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr =    ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr =    ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 11:40:58 PM | Attr =    ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 9:01:00 AM | Attr =    ]
(CTDevice_Srv) CT Device Query service [Win32_Own | Auto | Running] -> %ProgramFiles%\Creative\Shared Files\CTDevSrv.exe -> Creative Technology Ltd [Ver = 1, 0, 1, 0 | Size = 61440 bytes | Modified Date = 4/2/2007 2:15:40 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr =    ]
(GoogleDesktopManager-022208-143751) Google Desktop Manager 5.7.802.22438 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 4/24/2008 8:12:20 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 6/11/2007 10:00:06 AM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =    ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 2:10:54 PM | Attr =    ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 3:11:06 AM | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 303104 bytes | Modified Date = 7/31/2002 5:57:12 AM | Attr =    ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr =    ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr =    ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 3/12/2007 7:30:14 PM | Attr =    ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 1/18/2008 10:31:46 AM | Attr =    ]
(nmservice) Pure Networks Platform Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.5.7274.0 | Size = 451896 bytes | Modified Date = 1/8/2008 5:20:44 PM | Attr =    ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 5, 0 | Size = 45056 bytes | Modified Date = 7/15/2002 7:36:54 PM | Attr =    ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 11/21/2007 3:00:07 PM | Attr =    ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 4:19:28 AM | Attr =    ]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 5:07:38 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.25 | Size = 98752 bytes | Modified Date = 8/22/2002 6:57:02 PM | Attr =    ]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6166 | Size = 486528 bytes | Modified Date = 8/15/2002 9:30:06 PM | Attr =    ]
(basic2) basic2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_BSC2.sys -> Conexant [Ver = 3.05.12.04 | Size = 67167 bytes | Modified Date = 8/17/2001 4:28:04 PM | Attr =    ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2432 bytes | Modified Date = 10/18/2006 4:00:00 AM | Attr =    ]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2560 bytes | Modified Date = 10/18/2006 4:00:00 AM | Attr =    ]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\cdudf_xp.sys -> Roxio [Ver = 5.3.1.157 built by: WinDDK | Size = 240128 bytes | Modified Date = 8/14/2002 2:40:22 AM | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr =    ]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\Dvd_2k.sys -> Roxio [Ver = 5.3.1.154 | Size = 25578 bytes | Modified Date = 8/1/2002 3:20:12 AM | Attr =    ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 6.04.14.0000 built by: WinDDK | Size = 140800 bytes | Modified Date = 9/25/2002 9:09:12 AM | Attr =    ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 1/18/2008 5:00:00 AM | Attr =    ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 1/18/2008 5:00:00 AM | Attr =    ]
(Fallback) Fallback [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FALL.sys -> Conexant [Ver = 3.05.12.04 | Size = 289887 bytes | Modified Date = 8/17/2001 4:28:06 PM | Attr =    ]
(Fsks) Fsks [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FSKS.sys -> Conexant [Ver = 3.05.12.04 | Size = 115807 bytes | Modified Date = 8/17/2001 4:28:06 PM | Attr =    ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr =    ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Modified Date = 8/3/2004 10:41:48 PM | Attr =    ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 8/3/2004 10:41:56 PM | Attr =    ]
(hsf_msft) hsf_msft [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_MSFT.sys -> Conexant [Ver = 3.05.12.06 | Size = 542879 bytes | Modified Date = 8/17/2001 4:28:10 PM | Attr =    ]
(IdeBusDr) IdeBusDr [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\IdeBusDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 13891 bytes | Modified Date = 10/15/2002 3:00:00 AM | Attr =    ]
(IdeChnDr) Intel(R) Ultra ATA Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\IdeChnDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 101431 bytes | Modified Date = 10/15/2002 3:00:00 AM | Attr =    ]
(K56) K56 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_K56K.sys -> Conexant [Ver = 3.05.12.04 | Size = 391199 bytes | Modified Date = 8/17/2001 4:28:08 PM | Attr =    ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Modified Date = 8/3/2004 10:41:56 PM | Attr =    ]
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Mmc_2k.sys -> Roxio [Ver = 5.3.1.154 | Size = 30246 bytes | Modified Date = 8/1/2002 3:20:06 AM | Attr =    ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080610.017\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 6/10/2008 4:00:00 AM | Attr =    ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080610.017\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 6/10/2008 4:00:00 AM | Attr =    ]
(nuvaud2) NUVision II Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nuvaud2.sys -> Zoran Ltd. [Ver = 4, 0, 25, 95 | Size = 25024 bytes | Modified Date = 7/11/2001 1:41:08 PM | Attr = R  ]
(NUVision) NUVision II Video Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nuvvid2.sys -> Zoran Ltd. [Ver = 2, 0, 2, 26 | Size = 153760 bytes | Modified Date = 10/28/2001 5:34:46 PM | Attr = R  ]
(pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\pnarp.sys -> Pure Networks, Inc. [Ver = 10.0.8002.2 | Size = 23992 bytes | Modified Date = 1/8/2008 5:16:10 PM | Attr =    ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr =    ]
(purendis) Pure Networks Wireless Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\purendis.sys -> Pure Networks, Inc. [Ver = 10.0.8002.2 | Size = 25272 bytes | Modified Date = 1/8/2008 5:16:10 PM | Attr =    ]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\pwd_2K.sys -> Roxio [Ver = 5.3.1.154 | Size = 132058 bytes | Modified Date = 8/1/2002 3:19:58 AM | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 10/18/2006 4:00:00 AM | Attr =    ]
(Rksample) Rksample [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_SAMP.sys -> Conexant [Ver = 3.05.12.05 | Size = 57471 bytes | Modified Date = 8/17/2001 4:28:10 PM | Attr =    ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 10:31:34 PM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =    ]
(SI3112) SiI-3112 SATALink Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SI3112.sys -> Silicon Image, Inc. [Ver = 1, 0, 0, 37 | Size = 47096 bytes | Modified Date = 11/21/2002 7:20:52 PM | Attr = R  ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3516 | Size = 549672 bytes | Modified Date = 8/23/2002 5:46:22 PM | Attr =    ]
(SoftFax) SoftFax [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FAXX.sys -> Conexant [Ver = 3.05.12.04 | Size = 199711 bytes | Modified Date = 8/17/2001 4:28:06 PM | Attr =    ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.3.1.3 | Size = 418104 bytes | Modified Date = 4/14/2007 3:49:32 AM | Attr =    ]
(SRTSP) SRTSP [File_System | System | Running] -> %SystemRoot%\system32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 12/1/2007 12:57:12 AM | Attr =    ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 12/1/2007 12:57:12 AM | Attr =    ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 12/1/2007 12:57:12 AM | Attr =    ]
(Stltrk2k) Stltrk2k [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\Stltrk2k.sys -> SCM Microsystems Inc. [Ver = 3.00.04 | Size = 13325 bytes | Modified Date = 10/3/2001 3:00:00 AM | Attr =    ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.2.204 | Size = 12848 bytes | Modified Date = 3/7/2008 1:39:54 PM | Attr =    ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 5/30/2008 4:45:29 PM | Attr =    ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.2.204 | Size = 145968 bytes | Modified Date = 3/7/2008 1:39:54 PM | Attr =    ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.2.204 | Size = 39984 bytes | Modified Date = 3/7/2008 1:39:54 PM | Attr =    ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20080609.001\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2/13/2008 12:18:19 PM | Attr =    ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.2.204 | Size = 35120 bytes | Modified Date = 3/7/2008 1:39:54 PM | Attr =    ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.2.204 | Size = 27696 bytes | Modified Date = 3/7/2008 1:39:54 PM | Attr =    ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.2.204 | Size = 191536 bytes | Modified Date = 3/7/2008 1:39:54 PM | Attr =    ]
(Tones) Tones [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_TONE.sys -> Conexant [Ver = 3.05.12.04 | Size = 50751 bytes | Modified Date = 8/17/2001 4:28:12 PM | Attr =    ]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\udfreadr_xp.sys -> Roxio [Ver = 5.3.1.154 built by: WinDDK | Size = 206464 bytes | Modified Date = 8/1/2002 3:16:30 AM | Attr =    ]
(V124) V124 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_V124.sys -> Conexant [Ver = 3.05.12.04 | Size = 488383 bytes | Modified Date = 8/17/2001 4:28:12 PM | Attr =    ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 8/3/2004 10:41:50 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe [C:\Program Files\Google\Gmail Notifier\gnotify.exe] -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 5:48:33 PM | Attr =    ]
AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe ["C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"] -> Roxio [Ver = 5.3.1.154 | Size = 684032 bytes | Modified Date = 8/1/2002 3:14:26 AM | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =    ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> ATI Technologies, Inc. [Ver = 6.13.10.3041 | Size = 294912 bytes | Modified Date = 10/13/2002 | Attr =    ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 1:59:52 AM | Attr =    ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 4/24/2008 8:12:20 AM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 2:11:04 PM | Attr =    ]
Lexmark X74-X75 -> %ProgramFiles%\Lexmark X74-X75\lxbbbmgr.exe ["C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"] -> Lexmark International, Inc. [Ver = 1.0.5.3 | Size = 57344 bytes | Modified Date = 7/31/2002 5:54:52 AM | Attr =    ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> Microsoft® Corporation [Ver = 7.00.0716.0 | Size = 28672 bytes | Modified Date = 7/16/2002 9:21:48 PM | Attr =    ]
nmapp -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe ["C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash] -> Pure Networks, Inc. [Ver = 4.5.7228.0 | Size = 451896 bytes | Modified Date = 1/18/2008 10:32:34 AM | Attr =    ]
nmctxth -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmctxth.exe ["C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"] -> Pure Networks, Inc. [Ver = 4.5.7274.0 | Size = 451896 bytes | Modified Date = 1/8/2008 5:20:44 PM | Attr =    ]
osCheck -> %ProgramFiles%\Symantec\osCheck.exe ["C:\PROGRA~1\Symantec\osCheck.exe"] -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 3:11:10 AM | Attr =    ]
POINTER ->  [point32.exe] -> File not found
QuickFinder Scheduler -> %ProgramFiles%\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE ["C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"] -> Novell, Inc., c/o Corel Corporation Limited [Ver = 10.0.0.663 | Size = 77887 bytes | Modified Date = 10/2/2001 2:36:56 AM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr =    ]
Smapp -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe [C:\Program Files\Analog Devices\SoundMAX\Smtray.exe] -> Analog Devices, Inc. [Ver = 3, 2, 10, 0 | Size = 90112 bytes | Modified Date = 6/26/2002 8:36:58 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =    ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 3/12/2007 7:30:14 PM | Attr =    ]
YOP -> %ProgramFiles%\Yahoo!\YOP\yop.exe [C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart] -> Yahoo! Inc. [Ver = 2007, 6, 26, 2 | Size = 509224 bytes | Modified Date = 6/26/2007 2:48:14 PM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ATI Launchpad ->  [] -> File not found
CTZDetec.exe -> %ProgramFiles%\Creative\Creative Media Lite\CTZDetec.exe [C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe] -> Creative Technology Ltd. [Ver = 1.0.2.0 | Size = 98304 bytes | Modified Date = 5/15/2007 8:25:14 PM | Attr =    ]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2/25/2008 9:23:34 PM | Attr =    ]
RogersAgent -> %ProgramFiles%\Rogers\SelfHealing\RogersAgent.exe [c:\Program Files\Rogers\SelfHealing\rogersagent.exe] -> Rogers Cable Communications [Ver = 1.00.0007 | Size = 478968 bytes | Modified Date = 4/23/2007 4:51:22 PM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/11/2007 10:00:09 AM | Attr =    ]
Update Manager -> %ProgramFiles%\Rogers\Update Manager\UpdateManager.exe ["C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background] -> Rogers Cable Communications Inc.  [Ver = 1.0.0.0 | Size = 136504 bytes | Modified Date = 7/5/2007 2:53:14 PM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/16/2007 4:55:20 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 7, 5, 3000 | Size = 118784 bytes | Modified Date = 11/29/2006 5:48:22 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe ->  [Ver =  | Size = 1134592 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =    ]
< Don Startup Folder > -> C:\Documents and Settings\Don\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\StarOffice 8.lnk -> %ProgramFiles%\Sun\StarOffice 8\program\quickstart.exe ->  [Ver =  | Size = 122880 bytes | Modified Date = 1/21/2008 4:42:18 PM | Attr =    ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.802.22438 | Size = 112128 bytes | Modified Date = 4/24/2008 9:19:51 AM | Attr =    ]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_CD-R/RW_SW-248F_________________R603____\5&18f7ef46&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 4/10/2003 1:10:57 PM | Attr =    ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.ca/advanced_search?hl=en -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =    ]
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] ->  [Ver =  | Size = 311296 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 5/22/2008 10:34:56 AM | Attr =    ]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] ->  [Ver =  | Size = 311296 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] ->  [Ver =  | Size = 311296 bytes | Modified Date = 7/9/2007 10:24:38 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr -> Google Inc. [Ver = 2.0.0.1077 | Size = 2790976 bytes | Modified Date = 9/28/2007 1:42:38 PM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4B41A6D0-DFC0-4900-87D3-EC0F5018235D} ->    (Intel(R) PRO/100 VE Network Connection) -> 
{FA772BF8-1973-48C9-8C75-8611CC0A2A02} ->    (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
intu-qt2007:{026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QuickTax 2007\ic2007pp.dll[qt2007 Pluggable Protocol Handler Class] -> Intuit Canada, a general partnership/une société en nom collectif. [Ver = 1.0.4.0 | Size = 69632 bytes | Modified Date = 1/3/2008 2:29:18 PM | Attr =    ]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Pure Networks Shared\Platform\puresp3.dll[CPureGoProtoInfo Object] -> Pure Networks, Inc. [Ver = 10.0.8023.0 | Size = 140600 bytes | Modified Date = 1/23/2008 4:35:08 PM | Attr =    ]
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 12/12/2007 3:27:32 PM | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15030/CTSUEng.cab[Creative Software AutoUpdate] -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{106E49CF-797A-11D2-81A2-00E02C015623}[HKEY_LOCAL_MACHINE] -> http://www.alternatiff.com/install/00/alttiff.cab[AlternaTIFF ActiveX] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{474F00F5-3853-492C-AC3A-476512BBC336}[HKEY_LOCAL_MACHINE] -> http://picasaweb.google.com/s/v/17.17/uploader2.cab[UploadListView Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176442901421[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15031/CTPID.cab[Creative Software AutoUpdate Support Package] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Mozilla Firefox/Components\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Mozilla Firefox/Components\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Mozilla Firefox/Components\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Mozilla Firefox/Components\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\\.Owner -> {106E49CF-797A-11D2-81A2-00E02C015623} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\\{106E49CF-797A-11D2-81A2-00E02C015623} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\.Owner -> {474F00F5-3853-492C-AC3A-476512BBC336} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\{474F00F5-3853-492C-AC3A-476512BBC336} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 



[Files/Folders - Created Within 90 days]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 211 bytes | Created Date = 6/8/2008 1:26:25 PM | Attr =  HS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 6/8/2008 1:26:05 PM | Attr = RHS]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 6/8/2008 1:26:20 PM | Attr = RHS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 6/6/2008 7:15:55 PM | Attr =    ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 6/8/2008 1:04:35 PM | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 6/10/2008 1:01:51 PM | Attr =  HS]
msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll ->  [Ver =  | Size = 355112 bytes | Created Date = 3/25/2008 12:50:40 AM | Attr =    ]
quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll ->  [Ver =  | Size = 1288192 bytes | Created Date = 5/7/2008 1:12:40 AM | Attr =    ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 6/11/2008 4:24:19 PM | Attr =    ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 5/30/2008 9:45:42 AM | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Created Date = 6/7/2008 8:42:54 PM | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Created Date = 6/7/2008 8:42:54 PM | Attr =    ]
pnarp.sys -> %SystemRoot%\System32\drivers\pnarp.sys -> Pure Networks, Inc. [Ver = 10.0.8002.2 | Size = 23992 bytes | Created Date = 4/28/2008 6:10:06 PM | Attr =    ]
purendis.sys -> %SystemRoot%\System32\drivers\purendis.sys -> Pure Networks, Inc. [Ver = 10.0.8002.2 | Size = 25272 bytes | Created Date = 4/28/2008 6:09:59 PM | Attr =    ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 5/30/2008 10:55:45 AM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 5/30/2008 10:55:47 AM | Attr =    ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/10/2008 1:23:19 PM | Attr =    ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 6/10/2008 1:23:20 PM | Attr =    ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/10/2008 1:23:19 PM | Attr =    ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 6/10/2008 1:23:20 PM | Attr =    ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Created Date = 6/7/2008 10:16:34 PM | Attr =    ]
pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 1261 bytes | Created Date = 5/30/2008 9:45:51 AM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 5/30/2008 10:55:53 AM | Attr =    ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 6/6/2008 7:16:38 PM | Attr =    ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 6/11/2008 4:24:19 PM | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 6/11/2008 4:24:19 PM | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Created Date = 6/11/2008 4:24:23 PM | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 6/11/2008 4:24:19 PM | Attr =    ]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 5/30/2008 10:55:49 AM | Attr =    ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 5/30/2008 11:24:22 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 5/10/2008 8:38:47 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 5/10/2008 8:38:46 AM | Attr =  H ]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 6/8/2008 1:25:59 PM | Attr =    ]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Created Date = 6/8/2008 1:25:39 PM | Attr =    ]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 6/8/2008 2:05:39 PM | Attr =    ]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7680 bytes | Created Date = 3/23/2008 8:49:29 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 6/8/2008 1:58:06 PM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 5/9/2008 4:06:48 PM | Attr =    ]

[Files/Folders - Modified Within 90 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 282 bytes | Modified Date = 6/8/2008 1:26:26 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 6/8/2008 1:26:26 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 6/10/2008 1:23:25 PM | Attr =    ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 6/6/2008 7:15:55 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1072549888 bytes | Modified Date = 6/11/2008 2:27:24 PM | Attr =  HS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 5/30/2008 10:43:25 AM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 6/7/2008 8:42:54 PM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 6/8/2008 2:05:35 PM | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 6/10/2008 1:01:51 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 6/11/2008 4:24:23 PM | Attr =    ]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Modified Date = 4/13/2008 8:09:05 PM | Attr =    ]
dxmasf.dll -> %SystemRoot%\System32\dllcache\dxmasf.dll ->  [Ver =  | Size = 498742 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 4/13/2008 8:09:39 PM | Attr =    ]
msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll ->  [Ver =  | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr =    ]
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Modified Date = 4/13/2008 8:10:34 PM | Attr =    ]
quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll ->  [Ver =  | Size = 1288192 bytes | Modified Date = 5/7/2008 1:12:40 AM | Attr =    ]
adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 4255 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3967 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3615 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3647 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3135 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3711 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3775 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 4/13/2008 2:36:39 PM | Attr =    ]
atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 21183 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11359 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 14143 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 17279 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 15423 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
dmboot.sys -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr =    ]
dmio.sys -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr =    ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 6/11/2008 4:24:19 PM | Attr =    ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 12:36:05 PM | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Modified Date = 6/5/2008 4:04:12 PM | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Modified Date = 6/5/2008 4:04:16 PM | Attr =    ]
siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3901 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =    ]
sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 4/13/2008 2:36:39 PM | Attr =    ]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10671 bytes | Modified Date = 5/30/2008 4:45:29 PM | Attr =    ]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF ->  [Ver =  | Size = 805 bytes | Modified Date = 5/30/2008 4:45:29 PM | Attr =    ]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 5/30/2008 4:45:29 PM | Attr =    ]
vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11325 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr =    ]
amstream.dll -> %SystemRoot%\System32\amstream.dll ->  [Ver =  | Size = 70656 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr =    ]
ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr =    ]
ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr =    ]
ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc.  [Ver = 6.14.01.0009 | Size = 516768 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atmfd.dll -> %SystemRoot%\System32\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 226 | Size = 285696 bytes | Modified Date = 4/13/2008 8:09:01 PM | Attr =    ]
atmlib.dll -> %SystemRoot%\System32\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 226 | Size = 30208 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Modified Date = 5/30/2008 10:55:45 AM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 5/30/2008 11:09:09 AM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 6/11/2008 2:25:22 PM | Attr =    ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 5/30/2008 10:47:49 AM | Attr =    ]
compatui.dll -> %SystemRoot%\System32\compatui.dll ->  [Ver = 1, 0, 0, 1 | Size = 252928 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dcache.bin -> %SystemRoot%\System32\dcache.bin ->  [Ver =  | Size = 1804 bytes | Modified Date = 4/13/2008 8:25:26 PM | Attr =    ]
defrag.exe -> %SystemRoot%\System32\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 25088 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr =    ]
devenum.dll -> %SystemRoot%\System32\devenum.dll ->  [Ver =  | Size = 59904 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dfrgfat.exe -> %SystemRoot%\System32\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 82944 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr =    ]
dfrgntfs.exe -> %SystemRoot%\System32\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 105472 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr =    ]
dfrgsnap.dll -> %SystemRoot%\System32\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 39424 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dfrgui.dll -> %SystemRoot%\System32\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 124416 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dgnet.dll -> %SystemRoot%\System32\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 111104 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 6/11/2008 2:22:17 PM | Attr = RHS]
dmadmin.exe -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr =    ]
dmdlgs.dll -> %SystemRoot%\System32\dmdlgs.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 285184 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
dmdskmgr.dll -> %SystemRoot%\System32\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 200704 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
dmremote.exe -> %SystemRoot%\System32\dmremote.exe -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 15872 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr =    ]
dmserver.dll -> %SystemRoot%\System32\dmserver.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 23552 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
dmutil.dll -> %SystemRoot%\System32\dmutil.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 52224 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 6/11/2008 4:24:19 PM | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 4/28/2008 6:10:06 PM | Attr =    ]
dxmasf.dll -> %SystemRoot%\System32\dxmasf.dll ->  [Ver =  | Size = 498742 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
en -> %SystemRoot%\System32\en ->  [Folder | Modified Date = 5/30/2008 10:55:47 AM | Attr =    ]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 5/30/2008 10:55:56 AM | Attr =    ]
encdec.dll -> %SystemRoot%\System32\encdec.dll ->  [Ver =  | Size = 186880 bytes | Modified Date = 4/13/2008 8:11:53 PM | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 291680 bytes | Modified Date = 5/30/2008 11:21:15 AM | Attr =    ]
hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr =    ]
hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.5512 | Size = 347136 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr =    ]
iac25_32.ax -> %SystemRoot%\System32\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
iccvid.dll -> %SystemRoot%\System32\iccvid.dll -> Radius Inc. [Ver = 1.10.0.11 | Size = 80384 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr =    ]
ir41_32.ax -> %SystemRoot%\System32\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
ir41_qc.dll -> %SystemRoot%\System32\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ir41_qcx.dll -> %SystemRoot%\System32\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ir50_32.dll -> %SystemRoot%\System32\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ivfsrc.ax -> %SystemRoot%\System32\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 3/25/2008 1:28:39 AM | Attr =    ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Modified Date = 3/25/2008 2:37:01 AM | Attr =    ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 3/25/2008 1:28:43 AM | Attr =    ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Modified Date = 3/25/2008 2:37:01 AM | Attr =    ]
jgdw400.dll -> %SystemRoot%\System32\jgdw400.dll -> America Online [Ver = 106 | Size = 163840 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
jgpl400.dll -> %SystemRoot%\System32\jgpl400.dll -> Johnson-Grace Company [Ver = 054 | Size = 27648 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Modified Date = 6/7/2008 10:16:34 PM | Attr =    ]
l3codeca.acm -> %SystemRoot%\System32\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Modified Date = 4/13/2008 8:09:57 PM | Attr =    ]
mciqtz32.dll -> %SystemRoot%\System32\mciqtz32.dll ->  [Ver =  | Size = 35328 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr =    ]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr =    ]
mpeg2data.ax -> %SystemRoot%\System32\mpeg2data.ax ->  [Ver =  | Size = 118272 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax ->  [Ver =  | Size = 148992 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
msdmo.dll -> %SystemRoot%\System32\msdmo.dll ->  [Ver =  | Size = 14336 bytes | Modified Date = 4/13/2008 8:11:59 PM | Attr =    ]
msdxm.ocx -> %SystemRoot%\System32\msdxm.ocx ->  [Ver =  | Size = 844314 bytes | Modified Date = 4/13/2008 8:10:08 PM | Attr =    ]
msdxmlc.dll -> %SystemRoot%\System32\msdxmlc.dll ->  [Ver =  | Size = 4126 bytes | Modified Date = 4/13/2008 8:10:08 PM | Attr =    ]
msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll ->  [Ver =  | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr =    ]
mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Modified Date = 4/13/2008 8:12:01 PM | Attr =    ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 5/30/2008 10:48:11 AM | Attr =    ]
nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr =    ]
odbcconf.rsp -> %SystemRoot%\System32\odbcconf.rsp ->  [Ver =  | Size = 4310 bytes | Modified Date = 4/13/2008 1:26:09 PM | Attr =    ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 5/30/2008 10:46:54 AM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 51464 bytes | Modified Date = 5/30/2008 11:33:13 AM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 337246 bytes | Modified Date = 5/30/2008 11:33:14 AM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 393882 bytes | Modified Date = 5/30/2008 11:33:12 AM | Attr =    ]
proctexe.ocx -> %SystemRoot%\System32\proctexe.ocx -> Intel Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 81920 bytes | Modified Date = 4/13/2008 8:10:35 PM | Attr =    ]
qcap.dll -> %SystemRoot%\System32\qcap.dll ->  [Ver =  | Size = 192512 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
qdv.dll -> %SystemRoot%\System32\qdv.dll ->  [Ver =  | Size = 279040 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
qdvd.dll -> %SystemRoot%\System32\qdvd.dll ->  [Ver =  | Size = 386048 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
qedit.dll -> %SystemRoot%\System32\qedit.dll ->  [Ver =  | Size = 562176 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
qedwipes.dll -> %SystemRoot%\System32\qedwipes.dll ->  [Ver =  | Size = 733696 bytes | Modified Date = 4/13/2008 1:21:32 PM | Attr =    ]
quartz.dll -> %SystemRoot%\System32\quartz.dll ->  [Ver =  | Size = 1288192 bytes | Modified Date = 5/7/2008 1:12:40 AM | Attr =    ]
regwizc.dll -> %SystemRoot%\System32\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 397824 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =    ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 5/30/2008 10:42:09 AM | Attr =    ]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 5/30/2008 10:48:12 AM | Attr =    ]
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Modified Date = 5/30/2008 4:45:29 PM | Attr =    ]
s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =    ]
sbe.dll -> %SystemRoot%\System32\sbe.dll ->  [Ver =  | Size = 270848 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Modified Date = 5/30/2008 10:55:53 AM | Attr =    ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 5/30/2008 11:21:04 AM | Attr =    ]
slbiop.dll -> %SystemRoot%\System32\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2600.2095 (xpsp_sp2_rc1.040310-2010) | Size = 98304 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr =    ]
slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr =    ]
slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr =    ]
slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr =    ]
slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr =    ]
slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr =    ]
sl_anet.acm -> %SystemRoot%\System32\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Modified Date = 4/13/2008 8:10:50 PM | Attr =    ]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 5/30/2008 10:55:56 AM | Attr =    ]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 5/30/2008 11:21:04 AM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 12598 bytes | Modified Date = 6/10/2008 2:14:10 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 6/11/2008 2:21:40 PM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 5/30/2008 10:41:47 AM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 5/30/2008 11:21:04 AM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 6/11/2008 2:27:32 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 5/30/2008 9:19:31 AM | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 6/7/2008 10:16:37 PM | Attr =   S]
EHome -> %SystemRoot%\EHome ->  [Folder | Modified Date = 5/30/2008 10:35:04 AM | Attr =    ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 6/8/2008 1:58:31 PM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 5/30/2008 11:21:03 AM | Attr = R S]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 6/11/2008 4:24:19 PM | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Modified Date = 4/17/2008 9:13:02 PM | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 6/11/2008 5:02:47 PM | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 6/11/2008 4:24:19 PM | Attr =    ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 5/30/2008 10:56:37 AM | Attr =    ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 4/9/2008 4:43:16 PM | Attr =    ]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 5/30/2008 10:56:38 AM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 6/11/2008 2:19:34 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 6/11/2008 2:22:29 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 6/10/2008 1:25:01 PM | Attr =  HS]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Modified Date = 5/30/2008 10:55:50 AM | Attr =    ]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 5/30/2008 10:48:06 AM | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 5/30/2008 10:56:39 AM | Attr =    ]
peernet -> %SystemRoot%\peernet ->  [Folder | Modified Date = 5/30/2008 10:55:45 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 6/11/2008 2:46:03 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 5/10/2008 8:38:47 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 6/11/2008 2:33:18 PM | Attr =  H ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 5/30/2008 11:14:59 AM | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Modified Date = 5/30/2008 10:56:46 AM | Attr =    ]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 6/8/2008 1:25:59 PM | Attr =    ]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Modified Date = 6/8/2008 1:25:56 PM | Attr =    ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr =    ]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 5/30/2008 10:48:02 AM | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 5/30/2008 10:46:51 AM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 6/8/2008 2:03:21 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 6/11/2008 2:27:21 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 5/9/2008 4:06:48 PM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 6/11/2008 5:49:54 PM | Attr =    ]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7680 bytes | Modified Date = 3/23/2008 8:49:29 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
twain_32.dll -> %SystemRoot%\twain_32.dll -> Twain Working Group [Ver = 1,7,1,1 | Size = 50688 bytes | Modified Date = 4/13/2008 8:12:07 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1722 bytes | Modified Date = 6/4/2008 2:50:11 PM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 5/30/2008 10:57:05 AM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 6/5/2008 9:21:08 AM | Attr =    ]
Norton Security Online - Run Full System Scan - Don.job -> %SystemRoot%\tasks\Norton Security Online - Run Full System Scan - Don.job ->  [Ver =  | Size = 572 bytes | Modified Date = 6/9/2008 9:26:31 PM | Attr =    ]
Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job ->  [Ver =  | Size = 404 bytes | Modified Date = 6/6/2008 5:21:37 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 6/11/2008 2:27:58 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache ->  [Folder | Modified Date = 4/10/2003 1:37:58 PM | Attr =    ]
about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\about.dat ->  [Ver =  | Size = 1528 bytes | Modified Date = 7/17/2002 2:00:00 PM | Attr =    ]
college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\college.dat ->  [Ver =  | Size = 327746 bytes | Modified Date = 7/17/2002 2:00:00 PM | Attr =    ]
ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\ylpgscat.dat ->  [Ver =  | Size = 12283223 bytes | Modified Date = 7/17/2002 2:00:00 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 4/11/2007 4:48:52 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 6/11/2008 1:03:05 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 6/11/2008 1:03:05 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 4/10/2007 7:26:09 PM | Attr =    ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 4/10/2007 7:26:13 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 4/11/2007 4:09:36 PM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/11/2007 4:09:34 PM | Attr =    ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat ->  [Ver =  | Size = 687080 bytes | Modified Date = 6/9/2008 8:55:21 AM | Attr =    ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat ->  [Ver =  | Size = 687080 bytes | Modified Date = 6/9/2008 8:55:21 AM | Attr =    ]
C:\Documents and Settings\Don\Local Settings\Temp\ -> C:\Documents and Settings\Don\Local Settings\Temp ->  [Folder | Modified Date = 6/11/2008 5:42:28 PM | Attr =    ]
Perflib_Perfdata_63c.dat -> C:\Documents and Settings\Don\Local Settings\Temp\Perflib_Perfdata_63c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/10/2008 1:40:57 PM | Attr =    ]
Perflib_Perfdata_c30.dat -> C:\Documents and Settings\Don\Local Settings\Temp\Perflib_Perfdata_c30.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/11/2008 2:39:12 PM | Attr =    ]
28 C:\Documents and Settings\Don\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Don\Local Settings\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP ->  [Folder | Modified Date = 6/11/2008 5:49:54 PM | Attr =    ]
rtdrvmon.exe -> C:\WINDOWS\TEMP\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 6/11/2008 2:31:37 PM | Attr =    ]
3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

< End of report >


Note:

When I went to the command prompt (invlving Gmer) and entered what you provided I got this message:
System error 1060 has occurred.
The specified service does not exist as an installed service.
donpatent
Active Member
 
Posts: 9
Joined: June 2nd, 2008, 6:38 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware