Dear Muppy03,
Thanks for the help. I was able to re-download Mozilla Firefox, update Symantec anti-virus, and re-install and run Malwarebytes.
Unfortunately, Firefox has crashed several times in past day.
Also, I opened up the CPU case and blew out any dust with compressed air from the fans.
Aside, I was able to run all of the scans you advised. The results are provided as follows:
RSIT log 3/6/09:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Valued Customer at 2009-03-06 08:55:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 1014 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:40 AM, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Valued Customer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Valued Customer.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{30834042-DDCB-4BC2-94FC-2A35D290E0D2}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{30834042-DDCB-4BC2-94FC-2A35D290E0D2}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{30834042-DDCB-4BC2-94FC-2A35D290E0D2}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7337 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-06 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-06 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-06-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-06-06 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-23 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-09-24 2559488]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-07-19 26112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-06 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-06-06 344064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1121793549\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1121793549\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02766943-c786-11d9-95f2-806d6172696f}]
shell\AutoRun\command - D:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dada6c81-e86c-11d9-ab6b-806d6172696f}]
shell\AutoRun\command - D:\setup.exe
======List of files/folders created in the last 1 months======
2009-03-06 08:55:38 ----D---- C:\rsit
2009-03-06 08:37:33 ----D---- C:\WINDOWS\Cache
2009-03-06 08:37:32 ----D---- C:\Program Files\Coupons
2009-03-05 19:07:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-04 05:43:24 ----D---- C:\Documents and Settings\Valued Customer\Application Data\Malwarebytes
2009-03-04 05:43:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-27 04:59:44 ----D---- C:\Program Files\Trend Micro
2009-02-27 02:59:47 ----D---- C:\Documents and Settings\Valued Customer\Application Data\Mozilla
2009-02-27 02:56:26 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-27 02:53:23 ----RD---- C:\Documents and Settings\Valued Customer\Application Data\Brother
2009-02-27 01:57:06 ----D---- C:\Documents and Settings\Valued Customer\Application Data\Mozilla(3)
2009-02-27 01:53:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-26 15:09:05 ----D---- C:\Documents and Settings\Valued Customer\Application Data\Mozilla(2)
2009-02-25 16:00:36 ----DC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-21 15:06:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-17 12:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-02-12 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-02-12 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-12 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-11 22:28:33 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-02-11 22:28:32 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-11 22:28:15 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-11 22:28:03 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-02-11 22:26:59 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-02-11 22:26:08 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-02-11 22:25:24 ----SHD---- C:\Config.Msi
2009-02-11 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
======List of files/folders modified in the last 1 months======
2009-03-06 08:54:07 ----D---- C:\Program Files\Mozilla Firefox
2009-03-06 08:40:28 ----A---- C:\WINDOWS\BRWMARK.INI
2009-03-06 08:37:43 ----D---- C:\WINDOWS\system32
2009-03-06 08:37:33 ----D---- C:\WINDOWS
2009-03-06 08:37:32 ----RD---- C:\Program Files
2009-03-06 07:29:05 ----SHD---- C:\WINDOWS\Installer
2009-03-06 07:28:54 ----D---- C:\WINDOWS\Temp
2009-03-06 07:28:41 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-06 07:28:41 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-06 07:28:41 ----A---- C:\WINDOWS\system32\java.exe
2009-03-06 07:28:41 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-06 07:28:38 ----D---- C:\Program Files\Java
2009-03-06 07:28:14 ----D---- C:\WINDOWS\Prefetch
2009-03-06 07:16:05 ----D---- C:\Program Files\Symantec AntiVirus
2009-03-05 21:25:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-05 19:07:36 ----D---- C:\WINDOWS\system32\drivers
2009-03-05 15:32:23 ----D---- C:\Program Files\Common Files
2009-03-05 15:32:23 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-03-05 15:14:51 ----D---- C:\WINDOWS\WinSxS
2009-03-05 15:13:22 ----D---- C:\Program Files\AOL Deskbar
2009-03-05 15:06:19 ----HD---- C:\WINDOWS\inf
2009-03-05 15:05:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-04 05:55:54 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-03-04 05:48:06 ----SD---- C:\WINDOWS\system32\Microsoft
2009-03-04 05:47:09 ----D---- C:\WINDOWS\Minidump
2009-02-27 03:44:22 ----D---- C:\WINDOWS\system32\Restore
2009-02-27 03:10:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-27 03:06:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-27 03:03:00 ----D---- C:\WINDOWS\system32\config
2009-02-27 03:02:08 ----D---- C:\WINDOWS\system32\wbem
2009-02-27 03:02:07 ----D---- C:\WINDOWS\Registration
2009-02-27 03:01:02 ----D---- C:\Documents and Settings\Valued Customer\Application Data\uTorrent
2009-02-27 02:57:15 ----D---- C:\Program Files\Windows Media Player
2009-02-27 02:55:29 ----D---- C:\Program Files\Internet Explorer
2009-02-27 02:54:50 ----RSD---- C:\WINDOWS\Fonts
2009-02-27 02:52:04 ----D---- C:\Program Files\Brownie
2009-02-27 02:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-27 02:00:24 ----D---- C:\Program Files\Windows Media Connect
2009-02-25 16:00:46 ----A---- C:\WINDOWS\imsins.BAK
2009-02-25 14:05:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-22 18:58:03 ----D---- C:\Documents and Settings\Valued Customer\Application Data\FrostWire
2009-02-21 02:37:04 ----D---- C:\Program Files\PeerGuardian2
2009-02-11 22:28:22 ----A---- C:\WINDOWS\win.ini
2009-02-11 22:28:11 ----D---- C:\WINDOWS\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-18 20747]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-07-19 8552]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-06-06 730653]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-09-24 2276672]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090303.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090303.003\navex15.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-05-18 6912]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2004-06-07 36484]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys [2006-12-27 46080]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver; C:\WINDOWS\system32\DRIVERS\wind502u.sys [2004-03-25 336256]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-06 152984]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
RSIT info 3/6/09:
info.txt logfile of random's system information tool 1.05 2009-03-06 08:55:42
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBDEC232-FFE3-42BC-8C92-6137ED5FB7A9}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brother HL-2040-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D95E09EF-78DD-4227-8A98-A1706FEB773D}\setup.exe" -l0x9 -removeonly /uninst
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
D-Link DFE-530TX+-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{98E3252E-3CE5-4B15-929D-D18F7BE6EED4}
D-Link PCI Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $D-Link
FLIQLO Screen Saver-->C:\WINDOWS\system32\FLIQLO.scr /u
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Cameras 3.5-->C:\Program Files\HP\Digital Imaging\{068BE4C0-51E8-41E4-B5C3-0BA5F6984693}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
NTI Backup NOW! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
NTI CD-Maker Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
NTI DriveBackup! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8FDD2A92-9F75-4706-B8C2-08499A9863E6} /l1033 DIBText
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
=====HijackThis Backups=====
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ycomp_ ... .yahoo.comO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ycomp_ ... ch/ie.html======Security center information======
AV: Symantec AntiVirus Corporate Edition
System event log
Computer Name: RICKROSS
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.
Record Number: 8209
Source Name: Service Control Manager
Time Written: 20090130021154.000000-300
Event Type: information
User:
Computer Name: RICKROSS
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.
Record Number: 8208
Source Name: Service Control Manager
Time Written: 20090130021149.000000-300
Event Type: information
User:
Computer Name: RICKROSS
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.
Record Number: 8207
Source Name: Service Control Manager
Time Written: 20090130021149.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: RICKROSS
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.
Record Number: 8206
Source Name: Service Control Manager
Time Written: 20090130021147.000000-300
Event Type: information
User: RICKROSS\Valued Customer
Computer Name: RICKROSS
Event Code: 7036
Message: The Telephony service entered the running state.
Record Number: 8205
Source Name: Service Control Manager
Time Written: 20090130021147.000000-300
Event Type: information
User:
Application event log
Computer Name: RICKROSS
Event Code: 3
Message:
Scan started on selected drives and folders and all extensions.
Record Number: 478
Source Name: Symantec AntiVirus
Time Written: 20081025144123.000000-240
Event Type: information
User:
Computer Name: RICKROSS
Event Code: 1517
Message: Windows saved user RICKROSS\Valued Customer registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 477
Source Name: Userenv
Time Written: 20081025144059.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: RICKROSS
Event Code: 2
Message:
Scan Complete: Risks: 0 Scanned: 694 Files/Folders/Drives Omitted: 0
Record Number: 476
Source Name: Symantec AntiVirus
Time Written: 20081025143953.000000-240
Event Type: information
User:
Computer Name: RICKROSS
Event Code: 3
Message:
Scan started on selected drives and folders and all extensions.
Record Number: 475
Source Name: Symantec AntiVirus
Time Written: 20081025143935.000000-240
Event Type: information
User:
Computer Name: RICKROSS
Event Code: 11728
Message: Product: WebFldrs XP -- Configuration completed successfully.
Record Number: 474
Source Name: MsiInstaller
Time Written: 20081025143923.000000-240
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
GMER gmerrk 3/6/09:
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-03-06 09:04:02
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT 86CDC8A8 ZwAlertResumeThread
SSDT 86C600C0 ZwAlertThread
SSDT 86C7DB28 ZwAllocateVirtualMemory
SSDT 86B38D08 ZwConnectPort
SSDT 86C6A318 ZwCreateMutant
SSDT 86C7E470 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAAB69350]
SSDT 867B82E0 ZwFreeVirtualMemory
SSDT 86C6AA70 ZwImpersonateAnonymousToken
SSDT 86C6BD70 ZwImpersonateThread
SSDT 86B10ED8 ZwMapViewOfSection
SSDT 86C70C68 ZwOpenEvent
SSDT 8695F9B8 ZwOpenProcessToken
SSDT 86C19228 ZwOpenThreadToken
SSDT 86C39658 ZwQueryValueKey
SSDT 86CFD378 ZwResumeThread
SSDT 86C53C78 ZwSetContextThread
SSDT 86774AD0 ZwSetInformationProcess
SSDT 86C52CE8 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAAB69580]
SSDT 86C6FD50 ZwSuspendProcess
SSDT 86C60818 ZwSuspendThread
SSDT 86C69DF8 ZwTerminateProcess
SSDT 86C697B0 ZwTerminateThread
SSDT 86B6B008 ZwUnmapViewOfSection
SSDT 86C7D0C8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.14 ----
.text ipnat.sys AA89E6E5 1 Byte [ FE ]
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[212] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\System32\alg.exe[212] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\svchost.exe[256] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\svchost.exe[256] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[384] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[384] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[468] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[468] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[548] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[548] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[712] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\winlogon.exe[744] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\winlogon.exe[744] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\ctfmon.exe[792] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\ctfmon.exe[792] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\lsass.exe[800] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\lsass.exe[800] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\svchost.exe[960] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\svchost.exe[960] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Messenger\msmsgs.exe[980] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Messenger\msmsgs.exe[980] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\svchost.exe[1028] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\svchost.exe[1028] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\System32\svchost.exe[1068] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\System32\svchost.exe[1068] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\svchost.exe[1164] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\svchost.exe[1164] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\svchost.exe[1220] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\svchost.exe[1220] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1320] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1320] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1380] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1468] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1468] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1572] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1572] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\spoolsv.exe[1624] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\spoolsv.exe[1624] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1776] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1896] kernel32.dll!SetConsoleOutputCP + 44 7C8752C5 1 Byte [ 57 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1896] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1896] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[1916] SHELL32.dll!SHChangeNotify + 1D9C 7CA266A5 1 Byte [ FE ]
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[1916] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[1916] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\System32\svchost.exe[1996] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\System32\svchost.exe[1996] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\System32\svchost.exe[1996] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\WINDOWS\System32\svchost.exe[1996] USERENV.dll!RsopResetPolicySettingStatus + FFF707C6 769C16E5 1 Byte [ 3B ]
.text C:\Program Files\iPod\bin\iPodService.exe[2072] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2464] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2464] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2464] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2484] ntdll.dll!RtlDeleteAce + B164 7C943285 1 Byte [ 3B ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2484] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2484] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2484] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2900] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2900] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2900] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\Explorer.EXE[3348] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\Explorer.EXE[3348] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\WINDOWS\Explorer.EXE[3348] NETAPI32.dll!NetUserModalsGet + 4FFE 5B87B43D 1 Byte [ 5D ]
.text C:\WINDOWS\Explorer.EXE[3348] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\igfxtray.exe[3540] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\igfxtray.exe[3540] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\WINDOWS\system32\igfxtray.exe[3540] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Documents and Settings\Valued Customer\Desktop\GMER\gmer.exe[3564] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Documents and Settings\Valued Customer\Desktop\GMER\gmer.exe[3564] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\WINDOWS\system32\hkcmd.exe[3568] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\system32\hkcmd.exe[3568] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\system32\hkcmd.exe[3568] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\WINDOWS\SOUNDMAN.EXE[3608] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\WINDOWS\SOUNDMAN.EXE[3608] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\WINDOWS\SOUNDMAN.EXE[3608] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\WINDOWS\ALCWZRD.EXE[3640] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3648] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3648] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3648] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3668] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3668] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3668] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3676] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3676] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3676] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3676] NETAPI32.dll!NetUserModalsGet + 4FFE 5B87B43D 1 Byte [ 5D ]
.text C:\Program Files\QuickTime\QTTask.exe[3696] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\QuickTime\QTTask.exe[3696] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\QuickTime\QTTask.exe[3696] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[3716] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[3716] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[3716] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3820] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3820] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3820] netapi32.dll!NetUserModalsGet + 4FFE 5B87B43D 1 Byte [ 5D ]
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[3972] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[3972] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[3972] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[3972] netapi32.dll!NetUserModalsGet + 4FFE 5B87B43D 1 Byte [ 5D ]
.text C:\Program Files\iTunes\iTunesHelper.exe[4008] SHLWAPI.dll!SHCreateStreamWrapper + D2A 77FC8855 1 Byte [ D9 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[4008] ole32.dll!ComPs_IUnknown_Release_Proxy + 6AF 775A16A5 1 Byte [ FE ]
.text C:\Program Files\iTunes\iTunesHelper.exe[4008] SHELL32.dll!Options_RunDLLW + FB 7CB5C6A5 1 Byte [ 74 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[4008] NETAPI32.dll!NetUserModalsGet + 4FFE 5B87B43D 1 Byte [ 5D ]
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cl5465.dll
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cl5465.dll@0 0x00 0x00 0x28 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\cl5465.dll@1 0x16 0xE2 0x37 0xCA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{2447902A-29D9-4101-8C63-55D46C78CBC5}
Reg HKLM\SOFTWARE\Classes\CLSID\{2447902A-29D9-4101-8C63-55D46C78CBC5}@ LEDMeter Property Page 2.0
Reg HKLM\SOFTWARE\Classes\CLSID\{2447902A-29D9-4101-8C63-55D46C78CBC5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{2447902A-29D9-4101-8C63-55D46C78CBC5}\InprocServer32@ C:\PROGRA~1\Ahead\NEROWA~1\AUDIOC~1.OCX
Reg HKLM\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSINN@ 1.0
Reg HKLM\SOFTWARE\Classes\Interface\{310AFA62-0575-11D2-9CA9-0060B0EC3D39}\ProxyStubClsid32
Reg HKLM\SOFTWARE\Classes\Interface\{310AFA62-0575-11D2-9CA9-0060B0EC3D39}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{FA682F24-3A3C-390D-B8A2-96F1106F4B37}\ProxyStubClsid
Reg HKLM\SOFTWARE\Classes\Interface\{FA682F24-3A3C-390D-B8A2-96F1106F4B37}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
---- EOF - GMER 1.0.14 ----
GMER gmerautos 3/6/09:
GMER 1.0.14.14536 -
http://www.gmer.netAutostart scan 2009-03-06 09:06:25
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxsrvc.dll
NavLogon@DLLName = C:\WINDOWS\system32\NavLogon.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
ccEvtMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccSetMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
DefWatch@ = "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SPBBCSvc@ = "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
Symantec AntiVirus@ = "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
Viewpoint Manager Service@ = "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
WMPNetworkSvc@ = "C:\Program Files\Windows Media Player\WMPNetwk.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@High Definition Audio Property Page ShortcutHDAudPropShortcut.exe = HDAudPropShortcut.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@AlcWzrdALCWZRD.EXE = ALCWZRD.EXE
@type32"C:\Program Files\Microsoft IntelliType Pro\type32.exe" = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
@IntelliPoint"C:\Program Files\Microsoft IntelliPoint\point32.exe" = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
@RealTrayC:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER /*file not found*/ = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER /*file not found*/
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@HP Software Update"C:\Program Files\HP\HP Software Update\HPWuSchd.exe" = "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
@vptrayC:\PROGRA~1\SYMANT~1\VPTray.exe = C:\PROGRA~1\SYMANT~1\VPTray.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Aim6 /*file not found*/ = /*file not found*/
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{97FA8AA2-EE77-4FF2-9449-424D8924EF21} /*IntelliType Pro Zooming Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"
@{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} /*IntelliType Pro Scrolling Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"
@{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} /*IntelliType Pro Key Settings Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"
@{A2569D1F-4E06-43EC-9825-0088B471BE47} /*IntelliType Pro Wireless Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplact.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
@{BDA77241-42F6-11d0-85E2-00AA001FE28C} /*LDVP Shell Extensions*/C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\FLIQLO.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157@Start
Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://www.google.com/ =
http://www.google.com/@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30834042-DDCB-4BC2-94FC-2A35D290E0D2} /*Local Area Connection 2*/ >>>
@IPAddress192.168.1.27 = 192.168.1.27
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup = HP Digital Imaging Monitor.lnk
---- EOF - GMER 1.0.14 ----
Thanks again for your time and knowledgeable advice.
Best regards,
Tom