Thank you so much for your help! Here are the details requested.
Extra
OTL Extras logfile created on: 6/2/2010 3:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,015.00 Mb Total Physical Memory | 613.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 132.83 Gb Free Space | 92.17% Space Free | Partition Type: NTFS
Drive D: | 255.71 Mb Total Space | 254.50 Mb Free Space | 99.52% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TRACY
Current User Name: Tracy Sanders
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8085:TCP" = 8085:TCP:*:Enabled:MyOKOPort
"80:TCP" = 80:TCP:*:Enabled:webserver
"53:TCP" = 53:TCP:*:Enabled:webserver
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Tracy Sanders\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Tracy Sanders\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (KODAK)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Eee Docking_is1" = Eee Docking 1.3.1.0
"EeePC_1005HA" = EeePC_1005HA Screen Saver
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 5/31/2010 8:13:23 PM | Computer Name = TRACY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402f, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.
Error - 5/31/2010 8:13:29 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 5/31/2010 8:13:42 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 5/31/2010 8:41:46 PM | Computer Name = TRACY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402f, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.
Error - 5/31/2010 8:41:48 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 5/31/2010 8:41:53 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 5/31/2010 9:03:50 PM | Computer Name = TRACY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402f, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.
Error - 5/31/2010 9:03:52 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 5/31/2010 9:08:56 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =
[ System Events ]
Error - 5/31/2010 8:41:53 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error
Error - 5/31/2010 9:03:50 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852
Source
Path:
http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402f Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.
Error - 5/31/2010 9:08:55 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested
header was not found
Error - 5/31/2010 9:08:55 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested
header was not found
Error - 5/31/2010 9:08:55 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested
header was not found
Error - 5/31/2010 9:08:55 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested
header was not found
Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error
Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error
Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error
Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852
Source
Path:
http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error
< End of report >
OTL
OTL logfile created on: 6/2/2010 3:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,015.00 Mb Total Physical Memory | 613.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 132.83 Gb Free Space | 92.17% Space Free | Partition Type: NTFS
Drive D: | 255.71 Mb Total Space | 254.50 Mb Free Space | 99.52% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TRACY
Current User Name: Tracy Sanders
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (captcha) -- C:\WINDOWS\system32\captcha.dll ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (swoko) -- C:\WINDOWS\system32\clbcoko.dll (VoyagerSoft, LLC)
========== Driver Services (SafeList) ========== DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ql600oko) -- C:\WINDOWS\system32\drivers\mrxoko.sys (F5 Networks)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 C6 6C FC 11 01 CB 01 [binary data]
IE - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/05/31 20:25:17 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-4157027243-2821620785-582079427-1006..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/28 01:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ========== [2010/05/31 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/31 18:11:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tracy Sanders\IECompatCache
[2010/05/16 20:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/16 20:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/22 00:02:05 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271908922.exe
[2010/04/21 23:36:44 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/04/21 23:35:33 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907331.exe
[2010/04/21 23:33:14 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907191.exe
[2010/04/21 23:31:08 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907066.exe
[2010/04/21 23:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools
[2010/04/21 22:53:59 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271904837.exe
[2010/04/01 12:28:41 | 000,231,424 | ---- | C] (VIA) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270139319.exe
[2010/04/01 08:31:41 | 000,231,424 | ---- | C] (VIA) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270125097.exe
[2010/03/29 21:20:40 | 000,227,328 | ---- | C] (Agere Systems) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269912038.exe
[2010/03/29 07:55:34 | 000,228,864 | ---- | C] (Syntek America Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269863732.exe
[2010/03/28 18:22:06 | 000,228,864 | ---- | C] (Microsoft Corp.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269814923.exe
[2010/03/27 12:37:12 | 000,227,328 | ---- | C] (Exent Technologies Ltd.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269707828.exe
[2010/03/26 20:12:37 | 000,227,328 | ---- | C] (Exent Technologies Ltd.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269648751.exe
[2010/03/25 12:47:53 | 000,229,888 | ---- | C] (Pivotal Corporation.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269535667.exe
[2010/03/25 08:42:04 | 000,229,888 | ---- | C] (Pivotal Corporation.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269520921.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ========== [2010/06/02 14:52:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1482AEE-FC7E-4A82-BD0A-2B591FC95935}.job
[2010/06/02 14:52:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/02 14:51:18 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/02 14:51:18 | 000,442,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/02 14:51:18 | 000,071,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/02 14:47:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/02 14:47:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/02 14:47:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 21:25:15 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Tracy Sanders\NTUSER.DAT
[2010/05/31 21:25:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tracy Sanders\ntuser.ini
[2010/05/31 21:25:08 | 006,431,250 | -H-- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\IconCache.db
[2010/05/31 20:27:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4157027243-2821620785-582079427-1006UA.job
[2010/05/31 20:25:17 | 000,000,742 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/31 19:07:47 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Desktop\HijackThis.lnk
[2010/05/16 20:08:51 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/16 20:08:11 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Desktop\Google Chrome.lnk
[2010/04/22 00:07:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\lgo
[2010/04/22 00:07:06 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271909225.exe
[2010/04/22 00:02:05 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271908922.exe
[2010/04/21 23:40:34 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907633.exe
[2010/04/21 23:35:33 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907331.exe
[2010/04/21 23:33:14 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907191.exe
[2010/04/21 23:31:08 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907066.exe
[2010/04/21 22:59:38 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0101101529910248.xxe
[2010/04/21 22:59:01 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\captcha.dll
[2010/04/21 22:59:00 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0535049569854.xxe
[2010/04/21 22:53:59 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271904837.exe
[2010/04/01 12:28:41 | 000,231,424 | ---- | M] (VIA) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270139319.exe
[2010/04/01 11:07:55 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0101120101465198.xxe
[2010/04/01 11:02:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270134174.exe
[2010/04/01 08:31:41 | 000,231,424 | ---- | M] (VIA) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270125097.exe
[2010/03/29 21:20:40 | 000,227,328 | ---- | M] (Agere Systems) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269912038.exe
[2010/03/29 08:00:37 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269864034.exe
[2010/03/29 07:55:34 | 000,228,864 | ---- | M] (Syntek America Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269863732.exe
[2010/03/28 18:22:06 | 000,228,864 | ---- | M] (Microsoft Corp.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269814923.exe
[2010/03/28 09:30:40 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269783034.exe
[2010/03/27 12:37:12 | 000,227,328 | ---- | M] (Exent Technologies Ltd.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269707828.exe
[2010/03/26 20:12:37 | 000,227,328 | ---- | M] (Exent Technologies Ltd.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269648751.exe
[2010/03/25 12:47:53 | 000,229,888 | ---- | M] (Pivotal Corporation.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269535667.exe
[2010/03/25 08:42:04 | 000,229,888 | ---- | M] (Pivotal Corporation.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269520921.exe
[2010/03/24 13:21:26 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\010112010146114101.xxe
[2010/03/24 13:21:26 | 000,000,001 | -H-- | M] () -- C:\WINDOWS\bk23567.dat
[2010/03/24 13:21:26 | 000,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2010/03/24 13:21:25 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\010112010146111103.xxe
[2010/03/24 13:21:23 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\01011201014650115.xxe
[2010/03/21 22:27:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4157027243-2821620785-582079427-1006Core.job
[2010/03/11 23:27:02 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/05/31 19:07:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Desktop\HijackThis.lnk
[2010/05/31 18:11:04 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1482AEE-FC7E-4A82-BD0A-2B591FC95935}.job
[2010/05/16 20:14:00 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/16 20:08:51 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/22 00:07:06 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271909225.exe
[2010/04/21 23:40:34 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907633.exe
[2010/04/21 22:59:38 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0101101529910248.xxe
[2010/04/21 22:59:01 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\captcha.dll
[2010/04/21 22:59:00 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0535049569854.xxe
[2010/04/01 11:07:55 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0101120101465198.xxe
[2010/04/01 11:02:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270134174.exe
[2010/03/29 08:00:37 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269864034.exe
[2010/03/28 09:30:40 | 000,225,792 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269783034.exe
[2010/03/24 13:21:26 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\010112010146114101.xxe
[2010/03/24 13:21:26 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bk23567.dat
[2010/03/24 13:21:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\lgo
[2010/03/24 13:21:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2010/03/24 13:21:25 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\010112010146111103.xxe
[2010/03/24 13:21:23 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\01011201014650115.xxe
[2009/05/05 14:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 13:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/05 12:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/05 12:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/05 11:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/28 00:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/28 00:51:36 | 000,020,590 | ---- | C] () -- C:\WINDOWS\default32.dll
< End of report >
GMER
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-02 16:19:07
Windows 5.1.2600 Service Pack 3
Running: 8zevfb07.exe; Driver: C:\DOCUME~1\TRACYS~1\LOCALS~1\Temp\fxtdipog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip mrxoko.sys (Windows product Orbit/F5 Networks)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mrxoko.sys (Windows product Orbit/F5 Networks)
AttachedDevice \Driver\Tcpip \Device\Udp mrxoko.sys (Windows product Orbit/F5 Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp mrxoko.sys (Windows product Orbit/F5 Networks)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----