hijackthis log; debugger,explorer freezes [RESOLVED]

OTViewIt logfile created on: 10/12/2008 6:45:34 PM - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\XP-User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.23 Mb Total Physical Memory | 525.92 Mb Available Physical Memory | 54.83% Memory free
1.51 Gb Paging File | 0.99 Gb Available in Paging File | 65.62% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.00 Gb Total Space | 106.01 Gb Free Space | 58.25% Space Free | Partition Type: NTFS
Drive D: | 50.87 Gb Total Space | 34.05 Gb Free Space | 66.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPT
Current User Name: XP-User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/09/19 01:32:33 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/06/16 04:12:14 | 00,195,360 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2008/04/24 16:52:22 | 00,066,880 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2007/11/02 19:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2005/09/22 04:42:24 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
[2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[2007/10/19 21:16:26 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2007/11/02 19:36:42 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2008/04/24 16:52:28 | 00,259,392 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
[2008/09/19 01:32:37 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/01/01 17:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
[2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
[2007/01/01 09:31:34 | 00,986,112 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
[2008/08/29 15:27:05 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\XP-User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2004/12/01 15:28:48 | 00,229,376 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Program Files\CASIO\Photo Loader\Plauto.exe
[2007/01/27 09:42:48 | 00,044,384 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
[2006/10/18 22:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
[2007/03/16 19:25:16 | 25,268,264 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2008/09/11 00:46:19 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
[2008/09/11 00:46:19 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
[2008/01/28 00:37:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/10/12 18:16:50 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP-User\Desktop\OTViewIt.exe
[2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

========== (O23) Win32 Services ==========

File not found -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc -- (Adobe LM Service [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (Alerter [Disabled | Stopped])
File not found -- C:\WINDOWS\system32\alg -- (ALG [On_Demand | Running])
File not found -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService -- (Apple Mobile Device [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (AppMgmt [On_Demand | Stopped])
File not found -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state -- (aspnet_state [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (AudioSrv [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (BITS [On_Demand | Running])
File not found -- C:\WINDOWS\system32\svchost -- (Browser [Auto | Running])
File not found -- C:\Program Files\Canon\CAL\CALMAIN -- (CCALib8 [Auto | Running])
File not found -- C:\WINDOWS\system32\cisvc -- (CiSvc [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\clipsrv -- (ClipSrv [Disabled | Stopped])
File not found -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw -- (clr_optimization_v2.0.50727_32 [Auto | Running])
File not found -- C:\WINDOWS\system32\dllhost -- (COMSysApp [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (CryptSvc [Auto | Running])
[2008/10/12 18:29:03 | 00,000,000 | ---D | M] -- C:\WINDOWS\system32 -- (DcomLaunch [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (Dhcp [Auto | Running])
File not found -- C:\WINDOWS\system32\dmadmin -- (dmadmin [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (dmserver [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (Dnscache [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (Dot3svc [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (EapHost [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (ERSvc [Auto | Running])
File not found -- C:\WINDOWS\system32\services -- (Eventlog [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (EventSystem [On_Demand | Running])
File not found -- C:\WINDOWS\system32\svchost -- (FastUserSwitchingCompatibility [On_Demand | Running])
File not found -- C:\WINDOWS\system32\svchost -- (helpsvc [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (HidServ [Disabled | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (hkmsvc [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (HTTPFilter [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\imapi -- (ImapiService [On_Demand | Stopped])
File not found -- C:\Program Files\iPod\bin\iPodService -- (iPod Service [On_Demand | Running])
File not found -- C:\Program Files\Java\jre6\bin\jqs -- (JavaQuickStarterService [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (LanmanServer [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (lanmanworkstation [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (LmHosts [Auto | Running])
File not found -- C:\Program Files\McAfee\SiteAdvisor\McSACore -- (McAfee SiteAdvisor Service [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (Messenger [Disabled | Stopped])
File not found -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\mnmsrvc -- (mnmsrvc [On_Demand | Stopped])
[2006/08/21 11:11:16 | 00,000,000 | ---D | M] -- C:\WINDOWS\system32\msdtc -- (MSDTC [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\msiexec -- (MSIServer [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (napagent [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\netdde -- (NetDDE [Disabled | Stopped])
File not found -- C:\WINDOWS\system32\netdde -- (NetDDEdsdm [Disabled | Stopped])
File not found -- C:\WINDOWS\system32\lsass -- (Netlogon [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (Netman [On_Demand | Running])
File not found -- C:\WINDOWS\system32\svchost -- (Nla [On_Demand | Running])
File not found -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst -- (Norton Internet Security [Auto | Running])
File not found -- C:\WINDOWS\system32\lsass -- (NtLmSsp [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (NtmsSvc [On_Demand | Stopped])
File not found -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV -- (odserv [On_Demand | Stopped])
File not found -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE -- (ose [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\services -- (PlugPlay [Auto | Running])
File not found -- C:\WINDOWS\system32\lsass -- (PolicyAgent [Auto | Running])
File not found -- C:\WINDOWS\system32\lsass -- (ProtectedStorage [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (RasAuto [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (RasMan [On_Demand | Running])
File not found -- C:\WINDOWS\system32\sessmgr -- (RDSessMgr [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (RemoteAccess [Disabled | Stopped])
File not found -- C:\WINDOWS\system32\locator -- (RpcLocator [On_Demand | Stopped])
[2008/04/13 20:12:04 | 00,399,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs [Auto | Running])
File not found -- C:\WINDOWS\system32\rsvp -- (RSVP [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\lsass -- (SamSs [Auto | Running])
File not found -- C:\WINDOWS\system32\scardsvr -- (SCardSvr [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (Schedule [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (seclogon [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (SENS [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (SharedAccess [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (ShellHWDetection [Auto | Running])
File not found -- C:\WINDOWS\system32\spoolsv -- (Spooler [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (srservice [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (SSDPSRV [On_Demand | Running])
File not found -- C:\WINDOWS\system32\svchost -- (stisvc [Auto | Running])
File not found -- C:\WINDOWS\system32\dllhost -- (SwPrv [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\smlogsvc -- (SysmonLog [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (TapiSrv [On_Demand | Running])
[2008/10/12 18:29:03 | 00,000,000 | ---D | M] -- C:\WINDOWS\system32 -- (TermService [On_Demand | Running])
File not found -- C:\WINDOWS\system32\svchost -- (Themes [Auto | Running])
File not found -- C:\Program Files\ThreatFire\TFService -- (ThreatFire [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (TrkWks [Auto | Running])
File not found -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr -- (UleadBurningHelper [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (upnphost [On_Demand | Running])
File not found -- C:\WINDOWS\system32\ups -- (UPS [On_Demand | Stopped])
File not found -- C:\Program Files\MSN Messenger\usnsvc -- (usnjsvc [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\vssvc -- (VSS [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (W32Time [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (WebClient [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (winmgmt [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (WmdmPmSN [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\wbem\wmiapsrv -- (WmiApSrv [On_Demand | Stopped])
File not found -- C:\Program Files\Windows Media Player\wmpnetwk -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (wscsvc [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (wuauserv [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (WudfSvc [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\svchost -- (WZCSVC [Auto | Running])
File not found -- C:\WINDOWS\system32\svchost -- (xmlprov [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\spupdsvc -- (spupdsvc [Auto | Stopped])
File not found -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard -- (idsvc [Unknown | Stopped])
File not found -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache -- (FontCache3.0.0.0 [On_Demand | Stopped])

========== Driver Services ==========

[2005/09/22 04:34:18 | 03,727,680 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/09/11 00:46:22 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys -- (BHDrvx86 [System | Running])
[2008/09/11 00:46:22 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys -- (ccHP [System | Running])
[2008/09/11 00:46:22 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/09/11 00:46:22 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/03/18 04:39:04 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 08:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/09/29 03:35:30 | 00,219,136 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/09/29 03:33:50 | 01,036,928 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/09/11 00:46:23 | 00,274,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081009.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
[2004/03/17 00:04:14 | 00,013,059 | R--- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/09/11 00:46:23 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081012.001\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/09/11 00:46:23 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081012.001\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/02/28 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/09/11 00:46:24 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP [System | Running])
[2008/09/11 00:46:24 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX [System | Running])
[2008/09/11 00:46:24 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
[2008/09/11 00:46:24 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS -- (SymEFA [Boot | Running])
[2008/09/11 00:46:34 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/09/11 00:46:24 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMFW.SYS -- (SYMFW [On_Demand | Running])
[2008/09/11 00:46:24 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
[2008/09/11 00:46:24 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/09/11 00:46:24 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/09/11 00:46:24 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
[2008/09/11 00:46:24 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
[2008/09/11 00:46:24 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMTDI.SYS -- (SYMTDI [System | Running])
[2008/04/24 16:52:38 | 00,051,520 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon [Boot | Running])
[2008/04/24 16:52:42 | 00,033,088 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon [On_Demand | Running])
[2008/04/24 16:52:44 | 00,038,208 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon [Boot | Running])
[2008/04/13 14:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\uagp35.sys -- (uagp35 [Boot | Running])
[2005/07/07 04:58:12 | 00,226,560 | R--- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Running])
[2003/12/15 19:22:00 | 00,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) -- C:\WINDOWS\System32\DRIVERS\VNUSB.sys -- (VNUSB [On_Demand | Stopped])
[2004/09/29 03:34:24 | 00,702,592 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/02/28 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (226781 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
7957 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (HKLM) -- C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll (BitComet)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" File not found
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" File not found
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" File not found
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
"SoundMan"=SOUNDMAN.EXE File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" File not found
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe File not found
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found
"WinampAgent"=C:\Program Files\Winamp\wianmpa.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe File not found
"Google Update"="C:\Documents and Settings\XP-User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" /autostart File not found
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" File not found

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32
File not found -- C:\Documents and Settings\XP-User\Start Menu\Programs\Startup\desktop

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet File not found
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet File not found
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet File not found
Download with GetRight: C:\Program Files\GetRight\GRDownload File not found
Open with GetRight Browser: C:\Program Files\GetRight\GRBrowse File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre6\bin\npjpi160_10.dll [2008/09/19 01:31:49 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{461CC20B-FB6E-4f16-8FE8-C29359DB100E}: Button: BitComet Search -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.7.4.dll [2007/07/04 12:28:28 | 00,513,336 | ---- | M] (BitComet)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- Reg Error: Key does not exist or could not be opened. File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_10.dll [Sun Java Console] -> [2008/09/19 01:31:49 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim [AIM] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.t...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.ma...director/sw.cab -- Shockwave ActiveX Control
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www2.snapfish...fishActivia.cab -- Snapfish Activia
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onec...lscbase5036.cab -- Windows Live Safety Center Base Module
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.micros...b?1175213043000 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macr...ash/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai...l/installer.exe -- Virtools WebPlayer Class
{DA80E089-4648-43D5-93B4-7F37917084E6}: http://www.candystan...acheManager.CAB -- CacheManager.CacheManagerCtrl

========== (O17) DNS Name Servers ==========

{86133EE9-05D6-4911-A4AF-64DA46938647} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
>[2007/02/19 22:08:21 | 00,136,704 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>File not found -- C:\WINDOWS\explorer

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>File not found -- C:\WINDOWS\system32\userinit

"UIHost"=LogonUI.EXE
>File not found -- C:\WINDOWS\system32\logonui

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>File not found -- C:\WINDOWS\system32\sysdm


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WRNotifier: "DllName" = WRLogonNTF.dll -- File not found

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
File not found -- C:\AUTOEXEC -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e281be08-8402-11dd-a58e-0015f2cab767}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e281be08-8402-11dd-a58e-0015f2cab767}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e281be08-8402-11dd-a58e-0015f2cab767}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/12 18:35:30 | 00,136,552 | ---- | C] () -- C:\Documents and Settings\XP-User\Desktop\PhotoAndTravelWaiver.xps
[2008/10/12 18:26:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/10/12 18:25:28 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2008/10/12 18:24:54 | 00,000,214 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2008/10/12 18:23:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/10/12 18:23:44 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2008/10/12 18:23:44 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2008/10/12 18:23:44 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2008/10/12 18:23:43 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2008/10/12 18:23:43 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2008/10/12 18:23:42 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2008/10/12 18:23:42 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2008/10/12 18:23:42 | 00,000,000 | ---D | C] -- C:\92692c8871e3e493a39961
[2008/10/12 18:16:50 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XP-User\Desktop\OTViewIt.exe
[2008/10/10 15:14:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP-User\Desktop\whoknows
[2008/10/05 01:24:21 | 00,056,880 | ---- | C] () -- C:\Documents and Settings\XP-User\Desktop\ASCP.pdf
[2008/10/01 10:39:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP-User\Application Data\Malwarebytes
[2008/10/01 10:39:41 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/01 10:39:40 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/01 10:39:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/01 10:39:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/01 10:38:20 | 02,182,784 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\XP-User\Desktop\mbam-setup.exe
[2008/10/01 10:32:47 | 04,315,674 | -H-- | C] () -- C:\Documents and Settings\XP-User\Local Settings\Application Data\IconCache.db
[2008/09/28 01:33:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/09/27 13:53:12 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/09/27 13:42:26 | 00,166,912 | ---- | C] () -- C:\Documents and Settings\XP-User\Desktop\DirLook.exe
[2008/09/27 13:40:54 | 00,291,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XP-User\Desktop\OTMoveIt2.exe
[2008/09/27 02:48:51 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2008/09/26 23:18:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/09/26 21:09:02 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/09/26 20:10:37 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/09/26 15:08:51 | 00,521,694 | ---- | C] () -- C:\Documents and Settings\XP-User\Desktop\LopSD.exe
[2008/09/25 10:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP-User\Local Settings\Application Data\Symantec
[2008/09/21 23:39:16 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/21 17:26:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP-User\Desktop\DH
[2008/09/19 15:32:29 | 06,931,751 | ---- | C] () -- C:\Documents and Settings\XP-User\Desktop\01AnotherWayToDie.mp3
[2008/09/19 01:55:24 | 00,305,323 | ---- | C] () -- C:\Documents and Settings\XP-User\Desktop\RSIT.exe
[2008/09/19 00:08:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP-User\Desktop\AD
[2008/09/18 13:02:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/18 12:38:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/18 12:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/18 12:38:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/18 12:38:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/18 12:33:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/18 12:23:06 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/18 12:21:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/17 20:36:54 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/17 20:36:51 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/17 20:36:50 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/17 20:36:50 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/17 20:36:47 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/17 20:36:46 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/09/17 20:36:46 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/09/17 20:36:43 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/17 20:36:42 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/17 20:36:39 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/17 20:36:39 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/17 20:36:33 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/17 20:36:32 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/17 20:36:30 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/17 20:36:27 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/17 20:36:26 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/17 20:36:21 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/17 20:36:21 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/17 20:36:21 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/17 20:36:19 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/17 20:36:18 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/17 20:36:15 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/17 20:36:14 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/17 20:36:14 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/17 20:36:10 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/17 20:36:06 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/17 20:35:54 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/17 20:35:51 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/17 20:35:51 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/17 20:35:51 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/17 20:35:50 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/17 20:35:50 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/17 20:35:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/17 20:35:50 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/17 20:35:47 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/17 20:35:47 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/17 20:35:31 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/17 20:35:30 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/17 20:35:30 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/17 20:35:30 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/17 20:35:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/17 20:35:12 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/17 20:35:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/17 20:35:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/17 20:35:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/17 20:35:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/17 20:35:03 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/17 20:34:58 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/17 20:34:58 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/17 20:34:55 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/17 20:34:51 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/17 20:34:48 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/17 20:34:48 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/17 20:34:48 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/17 20:34:48 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/17 20:34:48 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/17 20:34:47 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/17 20:34:47 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/17 20:34:47 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/17 20:34:44 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/17 20:34:44 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/17 20:34:44 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/17 20:34:44 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/17 20:34:44 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/17 20:34:44 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/17 20:34:44 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/17 20:34:42 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/17 20:34:42 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/17 20:34:41 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/17 20:34:39 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/17 20:34:38 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/17 20:34:31 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/17 20:34:30 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/17 20:34:30 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/17 20:34:30 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/17 20:34:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/17 20:34:28 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/17 20:34:24 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/17 20:34:20 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/17 20:34:20 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/17 20:34:19 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/16 23:43:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XP-User\Application Data\U3

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/12 18:35:32 | 00,136,552 | ---- | M] () -- C:\Documents and Settings\XP-User\Desktop\PhotoAndTravelWaiver.xps
[2008/10/12 18:29:03 | 00,501,566 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/12 18:29:03 | 00,428,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/12 18:29:03 | 00,065,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/12 18:24:54 | 00,000,214 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2008/10/12 18:16:50 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP-User\Desktop\OTViewIt.exe
[2008/10/11 19:02:19 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/11 00:43:10 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/11 00:00:53 | 00,137,728 | ---- | M] () -- C:\Documents and Settings\XP-User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/09 14:47:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/09 13:28:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/09 13:28:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/09 13:27:58 | 10,058,99776 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/08 20:20:00 | 00,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2008/10/05 01:24:21 | 00,056,880 | ---- | M] () -- C:\Documents and Settings\XP-User\Desktop\ASCP.pdf
[2008/10/01 10:38:36 | 02,182,784 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\XP-User\Desktop\mbam-setup.exe
[2008/10/01 10:32:47 | 04,315,674 | -H-- | M] () -- C:\Documents and Settings\XP-User\Local Settings\Application Data\IconCache.db
[2008/09/27 13:42:26 | 00,166,912 | ---- |

OTViewIt Extras logfile created on: 10/12/2008 6:45:35 PM - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\XP-User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.23 Mb Total Physical Memory | 525.92 Mb Available Physical Memory | 54.83% Memory free
1.51 Gb Paging File | 0.99 Gb Available in Paging File | 65.62% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.00 Gb Total Space | 106.01 Gb Free Space | 58.25% Space Free | Partition Type: NTFS
Drive D: | 50.87 Gb Total Space | 34.05 Gb Free Space | 66.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPT
Current User Name: XP-User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh File not found
.hlp [@ = hlpfile] -- C:\WINDOWS\system32\winhlp32 File not found
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore File not found
.inf [@ = inffile] -- C:\WINDOWS\system32\notepad File not found
.ini [@ = inifile] -- C:\WINDOWS\system32\notepad File not found
.js [@ = JSFile] -- C:\WINDOWS\system32\wscript File not found
.jse [@ = JSEFile] -- C:\WINDOWS\system32\wscript File not found
.reg [@ = regfile] -- C:\WINDOWS\regedit File not found
.txt [@ = txtfile] -- C:\WINDOWS\system32\notepad File not found
.vbe [@ = VBEFile] -- C:\WINDOWS\system32\wscript File not found
.vbs [@ = VBSFile] -- C:\WINDOWS\system32\wscript File not found
.wsf [@ = WSFFile] -- C:\WINDOWS\system32\wscript File not found
.wsh [@ = WSHFile] -- C:\WINDOWS\system32\wscript File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
"mW[íµ�ˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>�­Ý\†Ð=ŸàÛ±Þ"=
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/12/06 19:39:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2007/12/06 19:37:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
File not found -- C:\Documents and Settings\XP-User\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe:*:Enabled:Google Talk, Labs Edition
File not found -- C:\Downloads\The Dark Knight 2008 Real Proper TS 2CD Xvid\VCD_PLAY.EXE:*:Enabled:Windows Application Service
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/01/29 10:08:23 | 00,868,352 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])
[2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])
ipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2008/06/05 06:01:18 | 00,121,632 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])
[2007/01/12 12:50:48 | 01,828,440 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Professional
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=Google Gmail Notifier
"{0BAA472B-0ACD-4822-93EE-6DAEDCF33BE5}"=USB CASIO Digital Camera Device Driver C
"{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}"=USB CASIO Digital Camera Device Driver
"{1b528532-6979-4f21-9c39-22387da5eea1}"=HIPAARx
"{20D4A895-748C-4D88-871C-FDB1695B0169}"=Platform
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}"=Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}"=McAfee SiteAdvisor
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}"=Skype Plugin Manager
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}"=StuffIt Standard
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}"=Ulead Movie Wizard SE VCD
"{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}"=Google Gears
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{70B45586-B51E-4947-A258-A895596C5CED}"=Photo Loader 2.3E
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{876D2C17-263E-43FD-A7E2-34428E82F239}"=Google Talk, Labs Edition
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}"=Microsoft Visual C Runtime
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-800000000003}"=Chinese Traditional Fonts Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B5C209B1-8DDB-4642-A573-375B951514CB}"=Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{CDF3606C-63B5-4BA1-BA14-6158F36756B1}"=Google Desktop Plugin - Goocal
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}"=Opera 9.60
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}"=iTunes
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FB91E774-867B-4567-ACE7-8144EF036068}"=Olympus Digital Wave Player
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1"=ThreatFire 3.5
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AOL Instant Messenger"=AOL Instant Messenger
"Audacity_is1"=Audacity 1.2.6
"BitComet"=BitComet 0.91
"CAL"=Canon Camera Access Library
"CameraWindowDC"=Canon Utilities CameraWindow DC
"CameraWindowDVC5"=Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher"=Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1"=PCI SoftV92 Modem
"CSCLIB"=Canon Camera Support Core Library
"CVS : Compliance"=CVS : Compliance
"ENTERPRISE"=Microsoft Office Enterprise 2007
"EOS Utility"=Canon Utilities EOS Utility
"ERUNT_is1"=ERUNT 1.1j
"Eyeball Chat 2.2"=Eyeball Chat 2.2
"Folder Marker_is1"=Folder Marker v 1.4
"GetRight_is1"=GetRight
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}"=StuffIt Standard
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"middle_man"=middle_man
"Move Networks Player_is1"=Move Networks Player for Internet Explorer
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera"=Canon Utilities MyCamera
"MyCameraDC"=Canon Utilities MyCamera DC
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NIS"=Norton Internet Security
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMPUninstallKey"=Nero Media Player
"PhotoStitch"=Canon Utilities PhotoStitch
"Rainlendar"=Rainlendar (remove only)
"Rainlendar2"=Rainlendar2 (remove only)
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer
"RemoteCaptureTask"=Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RocketDock_is1"=RocketDock 1.3.5
"Shutterfly Plugin"=Shutterfly Plugin
"Skype_is1"=Skype 3.1
"The Font Thing"=The Font Thing
"VIA/S3G UniChrome Family Win2K/XP Display"=VIA/S3G Display Driver
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer"=Viewpoint Media Player
"Virtools3DLifePlayer"=Virtools 3D Life Player
"VLC media player"=VideoLAN VLC media player 0.8.6f
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WordWeb"=WordWeb
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility"=Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2008 12:44:00 AM | Computer Name = XPT | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/21/2008 2:11:12 AM | Computer Name = XPT | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 8/21/2008 10:39:33 PM | Computer Name = XPT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
xul.dll, version 1.9.0.3105, fault address 0x0006db66.

Error - 8/23/2008 4:28:33 PM | Computer Name = XPT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58.

Error - 8/23/2008 4:28:39 PM | Computer Name = XPT | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 8/23/2008 4:34:38 PM | Computer Name = XPT | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2008 12:33:50 AM | Computer Name = XPT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58.

Error - 8/25/2008 12:34:02 AM | Computer Name = XPT | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 8/26/2008 11:00:06 AM | Computer Name = XPT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58.

Error - 8/26/2008 11:02:24 AM | Computer Name = XPT | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/6/2008 9:36:54 PM | Computer Name = XPT | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 10/7/2008 3:08:26 PM | Computer Name = XPT | Source = Service Control Manager | ID = 7034
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 3 time(s).

Error - 10/8/2008 12:32:54 PM | Computer Name = XPT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32

Error - 10/8/2008 4:49:28 PM | Computer Name = XPT | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 10/8/2008 9:06:20 PM | Computer Name = XPT | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 10/9/2008 1:28:23 PM | Computer Name = XPT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32

Error - 10/10/2008 6:21:04 PM | Computer Name = XPT | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 10/11/2008 2:23:00 PM | Computer Name = XPT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 172.30.40.224 on
the Network Card with network address 0015F2CAB767.

Error - 10/11/2008 8:47:25 PM | Computer Name = XPT | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 10/12/2008 2:58:44 AM | Computer Name = XPT | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.


< End of report >

Hey your OTViewIt logfile got cut off at this line:

[2008/09/27 13:42:26 | 00,166,912 | ---- |

Please continue posting from that line, and make sure it isn't cut off. If you need to, post it in multiple posts. Thanks.

Edited by Ltangelic, 13 October 2008 - 06:40 AM.

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/12 18:35:32 | 00,136,552 | ---- | M] () -- C:\Documents and Settings\XP-User\Desktop\PhotoAndTravelWaiver.xps
[2008/10/12 18:29:03 | 00,501,566 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/12 18:29:03 | 00,428,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/12 18:29:03 | 00,065,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/12 18:24:54 | 00,000,214 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2008/10/12 18:16:50 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP-User\Desktop\OTViewIt.exe
[2008/10/11 19:02:19 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/11 00:43:10 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/11 00:00:53 | 00,137,728 | ---- | M] () -- C:\Documents and Settings\XP-User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/09 14:47:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/09 13:28:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/09 13:28:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/09 13:27:58 | 10,058,99776 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/08 20:20:00 | 00,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2008/10/05 01:24:21 | 00,056,880 | ---- | M] () -- C:\Documents and Settings\XP-User\Desktop\ASCP.pdf
[2008/10/01 10:38:36 | 02,182,784 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\XP-User\Desktop\mbam-setup.exe
[2008/10/01 10:32:47 | 04,315,674 | -H-- | M] () -- C:\Documents and Settings\XP-User\Local Settings\Application Data\IconCache.db
[2008/09/27 13:42:26 | 00,166,912 | ---- | M] () -- C:\Documents and Settings\XP-User\Desktop\DirLook.exe
[2008/09/27 13:40:54 | 00,291,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP-User\Desktop\OTMoveIt2.exe
[2008/09/26 15:08:52 | 00,521,694 | ---- | M] () -- C:\Documents and Settings\XP-User\Desktop\LopSD.exe
[2008/09/19 15:40:54 | 06,931,751 | ---- | M] () -- C:\Documents and Settings\XP-User\Desktop\01AnotherWayToDie.mp3
[2008/09/19 01:55:24 | 00,305,323 | ---- | M] () -- C:\Documents and Settings\XP-User\Desktop\RSIT.exe
[2008/09/18 13:07:53 | 00,286,528 | ---- | M] () -- C:\Documents and Settings\XP-User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/18 13:02:21 | 00,715,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 12:46:36 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/18 12:28:36 | 00,250,048 | RHS- | M] () -- C:\ntldr
< End of report >

Hey sorry, I have been really busy these two days, I'll get a fix for you in a day or so. Thanks for your patience.

Hey coolsparkin,

From your OTViewIt logs, your problem don't seem to be caused by malware. From the error messages recorded from OTViewIt, it could be a explorer error, in that case, you will need to visit the Windows XP forum to sort it out. But before going there, please have a look at my recommendations.

By the way, ThreatFire and Norton can conflict with each other, I would suggest that you remove Threatfire or disable it permanently.

Before the recommendations, we have some housekeeping to do.

1) Cleanup with OTMoveIt2

Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveIt2.exe and select "Run as an Administrator")

* Click on the CleanUp! button
* A list of tool components used in the Cleanup of malware will be downloaded.
* If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
* Click Yes to begin the Cleanup process and remove these components, including this application.
* You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

2) Update Java

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Update Adobe Reader

Please uninstall the current version of Adobe you have and go here to install the latest version.

4) Reset System Restore

• Right click on "My Computer" and click on "Properties".
• Go to "System Restore" tab and check "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
• Then UNcheck "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
• Your System Restore is now turned on.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
* Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
* AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

You should also have a good firewall. Here are 3 free ones available for personal use (please turn OFF your Windows firewall after installing ONE of the following):

• Sygate Personal Firewall
• Kerio Personal Firewall
• ZoneAlarm

It is critical to have only ONE firewall, ONE anti virus and ONE anti-spyware resident protection running to protect your system and to keep them updated. Take note that not ALL programs offer real time protection, for a list of programs that DO offer real time protection, look here

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Please post back telling me if there are any further problems. If everything is working properly, I will ask a staff member to close this topic and you can proceed over to Windows XP forum.

Edited by Ltangelic, 16 October 2008 - 07:18 AM.

I deleted Threatfire.

Sorry to be a pest but could you explain this step to me and what it does? I wasn't sure that if I deleted this and something worse happened, would I be able to fix it?... because it tells me that it will delete all restore points...

4) Reset System Restore

Right click on "My Computer" and click on "Properties".
Go to "System Restore" tab and check "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
Then UNcheck "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
Your System Restore is now turned on.


Thanks.

It will flush away all previously infected restore points and then set new restore points from the time when you turn it back on. It shouldn't be a problem unless you do something wrong right after you flush the restore points, which is highly impossible.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.