Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.sonar 1 [RESOLVED]


  • This topic is locked This topic is locked

#1
nat4599

nat4599

    Member

  • Member
  • PipPip
  • 20 posts
I have followed all the steps in the 'You Must Read This Before Posting a Hijackthis Log'. My problem is that Norton Internet Security has repeatedly came up with Bloodhound.sonar 1 virus along with 2 Trojan horses viruses problems for the last few weeks. It reported that the problems were resolved but they kept coming back with each scans. Norton reported that a.exe has infected processes, program files ect. and each of these has been fixed but apparently they have not since subsequent scans keep fixing the same things. Here is my HijackThis Log. Please help and thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:01 PM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Reader\msreader.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...o&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 6638 bytes
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nat4599, and welcome to Geeks to go. Sorry about the delay, everyone here has been very busy.

Please post a new HijackThis log in your next reply.
  • 0

#3
nat4599

nat4599

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here is the new HijackThis file per your previous post:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:36 PM, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...o&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 6469 bytes


Thanks for helping me with this problem. Question: When I last update SD Spybot, there is a new 1.6 version update, but Norton has identified this as a problem and prevent access unless I override it. I came across some mention that Norton and SD have some conflicts so is it o.k. to update to version 1.6? or should I switch to another SD similar product that does not conflict w/ Norton?
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nat4599,

Question: When I last update SD Spybot, there is a new 1.6 version update, but Norton has identified this as a problem and prevent access unless I override it. I came across some mention that Norton and SD have some conflicts so is it o.k. to update to version 1.6?

There should be no problems doing that. It should be ok to go ahead and update Spybot.

STEP 1
I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 2
Please reopen HijackThis and click on Do a system scan only. And put a check next to the following lines.

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

Once you have the checks in those lines please make sure all open windows are closed (keep HijackThis open) and click Fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click Yes. After you have fixed those lines you can close HijackThis.

STEP 3
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum
~~~~~~~~~~~
In your next reply please have these logs.
The OTViewIt log
And a fresh HijackThis log
  • 0

#5
nat4599

nat4599

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Regarding Step 1, I have Norton Internet Security 2008, under "Computer" "Inbound Firewall" it shows 'secured'. Under "Internet" "Advanced Firewall" it shows 'secured'. Is there some virus that prevent these protections being active? Do I still need to download additional firewall products?

Step 2 - done

Step 3

OTViewIt logfile created on: 8/26/2008 1:14:47 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Sailing\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.48 Mb Total Physical Memory | 77.25 Mb Available Physical Memory | 34.72% Memory free
543.54 Mb Paging File | 253.09 Mb Available in Paging File | 46.56% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.01 Gb Free Space | 64.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OCT2005
Current User Name: Sailing
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[07/09/2008 07:27 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[02/09/2008 08:06 PM | 00,238,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[08/26/2008 01:13 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Sailing\Desktop\Downloads\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[07/09/2008 07:27 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

(Apple Mobile Device) Apple Mobile Device [Disabled | Stopped]
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Ati HotKey Poller) Ati HotKey Poller [Disabled | Stopped]
[04/11/2005 09:31 AM | 00,360,448 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running]
[02/09/2008 08:06 PM | 00,238,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(comHost) COM Host [On_Demand | Stopped]
[08/22/2007 04:21 AM | 00,055,640 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 08:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(hpqwmi) HP WMI Interface [Disabled | Stopped]
[03/04/2005 03:16 PM | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\HPQ\Shared\hpqwmi.exe

(iPod Service) iPod Service [Disabled | Stopped]
[01/15/2008 04:22 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LightScribeService) LightScribeService Direct Disc Labeling Service [Disabled | Stopped]
[02/22/2005 07:32 PM | 00,038,912 | ---- | M] () - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[08/04/2008 11:20 AM | 03,220,856 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

(LiveUpdate Notice) LiveUpdate Notice [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(Symantec Core LC) Symantec Core LC [On_Demand | Stopped]
[07/06/2008 05:31 PM | 01,245,064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped]
[01/29/2008 04:09 PM | 00,394,704 | ---- | M] (Symantec, Inc.) - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

===== Driver Services - Non-Microsoft Only =====

(AliIde) AliIde [Boot | Running]
[08/17/2001 11:51 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(AmdK8) AMD Processor Driver [System | Running]
[08/11/2004 07:30 PM | 00,039,424 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(ati2mtag) ati2mtag [On_Demand | Running]
[04/11/2005 09:33 AM | 01,035,264 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(BCM43XX) Broadcom 802.11 Network Adapter Driver [On_Demand | Running]
[03/10/2005 05:41 AM | 00,371,712 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\BCMWL5.SYS

(BTWUSB) WIDCOMM USB Bluetooth Driver [On_Demand | Stopped]
[01/18/2005 12:52 PM | 00,055,320 | ---- | M] (Broadcom Corporation.) - C:\WINDOWS\system32\drivers\btwusb.sys

(CAMCAUD) Conexant AMC Audio [On_Demand | Running]
[02/18/2005 11:41 AM | 00,038,016 | ---- | M] (Conexant Systems Inc.) - C:\WINDOWS\system32\drivers\camc6aud.sys

(CAMCHALA) CAMCHALA [On_Demand | Running]
[02/18/2005 11:42 AM | 00,349,696 | ---- | M] (Conexant Systems Inc.) - C:\WINDOWS\system32\drivers\camc6hal.sys

(COH_Mon) COH_Mon [On_Demand | Stopped]
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\COH_Mon.sys

(CO_Mon) CO_Mon [Auto | Running]
[08/08/2007 08:39 PM | 00,036,056 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\CO_Mon.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 02:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[04/13/2008 02:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/04/2004 04:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(eabfiltr) eabfiltr [System | Running]
[04/14/2004 10:36 AM | 00,007,432 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\eabfiltr.sys

(eabusb) eabusb [On_Demand | Stopped]
[06/06/2003 02:46 PM | 00,005,220 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\EabUsb.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/20/2008 04:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/20/2008 04:00 AM | 00,099,376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[09/19/2006 02:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HSFHWATI) HSFHWATI [On_Demand | Running]
[12/15/2004 11:18 AM | 00,200,192 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWATI.sys

(HSF_DP) HSF_DP [On_Demand | Running]
[12/15/2004 11:18 AM | 01,038,208 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys

(MCSTRM) MCSTRM [Auto | Running]
[06/15/2007 02:59 PM | 00,008,413 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\drivers\mcstrm.sys

(mdmxsdk) mdmxsdk [Auto | Running]
[03/17/2004 07:04 AM | 00,013,059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/23/2008 04:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080824.021\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/23/2008 04:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080824.021\NAVEX15.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 04:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[01/26/2005 05:03 AM | 00,020,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Running]
[03/03/2005 03:10 PM | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys

(Secdrv) Secdrv [Auto | Running]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SMCIRDA) SMC IrCC Miniport Device Driver [On_Demand | Stopped]
[08/17/2001 03:10 PM | 00,035,913 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[01/17/2008 12:05 AM | 00,447,024 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SRTSP) SRTSP [On_Demand | Running]
[01/31/2008 09:51 PM | 00,279,088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[01/31/2008 09:51 PM | 00,317,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[01/31/2008 09:51 PM | 00,043,696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspx.sys

(SYMDNS) SYMDNS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,013,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[07/06/2008 06:22 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[06/13/2008 02:13 PM | 00,096,432 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symfw.sys

(SYMIDS) SYMIDS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,038,576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symids.sys

(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[03/20/2008 04:37 PM | 00,240,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080818.001\SymIDSCo.sys

(SymIM) Symantec Network Security Intermediate Filter Service [On_Demand | Stopped]
[06/13/2008 02:14 PM | 00,031,280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys

(SymIMMP) SymIMMP [On_Demand | Running]
[06/13/2008 02:14 PM | 00,031,280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys

(SYMNDIS) SYMNDIS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,037,424 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symndis.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[06/13/2008 02:13 PM | 00,022,320 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[06/13/2008 02:13 PM | 00,184,240 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[02/02/2005 07:58 AM | 00,191,456 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys

(tifm21) tifm21 [On_Demand | Stopped]
[03/16/2005 08:43 AM | 00,159,488 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys

(winachsf) winachsf [On_Demand | Running]
[12/15/2004 11:18 AM | 00,703,232 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 09:47 PM | 00,051,048 | ---- | M] (Symantec Corporation)
"osCheck" = "C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 02:49 AM | 00,718,704 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Sailing Startup Folder - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup]
[10/20/2005 12:04 PM | 00,038,912 | ---- | M] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 05:17 PM | 00,054,248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [08/14/2008 01:39 PM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
HKLM CLSID: (Symantec Intrusion Prevention) - [07/06/2008 05:34 PM | 00,116,088 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe File not found
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [01/15/2008 04:22 AM | 19,926,824 | ---- | M] (Apple Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe File not found
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [04/11/2005 09:31 AM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"WMPNetworkSvc" = 3
"LightScribeService" = 2
"iPod Service" = 3
"hpqwmi" = 3
"gusvc" = 3
"Ati HotKey Poller" = 2
"Apple Mobile Device" = 2
"aawservice" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk File not found
"backup" = C:\WINDOWS\pss\Microsoft Office.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Microsoft Office\Office\OSA9.EXE [02/17/1999 04:05 PM | 00,065,588 | ---- | M] (Microsoft Corporation)
"item" = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" =
"hkey" = HKCU
"command" =
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = atiptaxx
"hkey" = HKLM
"command" = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [04/11/2005 01:00 PM | 00,339,968 | ---- | M] (ATI Technologies, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cpqset]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = cpqset
"hkey" = HKLM
"command" = C:\Program Files\HPQ\Default Settings\Cpqset.exe [02/17/2005 05:01 PM | 00,233,534 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\ctfmon.exe [04/13/2008 08:12 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKCU
"command" = C:\WINDOWS\system32\ctfmon.exe [04/13/2008 08:12 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eabconfg.cpl]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = EabServr
"hkey" = HKLM
"command" = C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe [12/03/2004 04:24 PM | 00,290,816 | ---- | M] (Hewlett-Packard )
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HPWuSchd2
"hkey" = HKLM
"command" = C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe [02/16/2005 11:11 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpWirelessAssistant]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HP Wireless Assistant
"hkey" = HKLM
"command" = C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [04/01/2005 06:11 PM | 00,794,624 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = ISUSPM
"hkey" = HKLM
"command" = C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [07/27/2004 07:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = issch
"hkey" = HKLM
"command" = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [07/27/2004 07:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [01/15/2008 04:22 AM | 00,267,048 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LSBWatcher]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = lsburnwatcher
"hkey" = HKLM
"command" = c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [10/14/2004 04:54 PM | 00,253,952 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [04/13/2008 08:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = QTTask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [01/10/2008 04:27 PM | 00,385,024 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = TeaTimer
"hkey" = HKCU
"command" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = jusched
"hkey" = HKLM
"command" = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [03/04/2005 06:36 AM | 00,036,975 | ---- | M] (Sun Microsystems, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPEnh
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [02/02/2005 08:11 AM | 00,692,316 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPLpr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPLpr
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [02/02/2005 08:12 AM | 00,102,492 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [06/15/2007 01:56 PM | 00,185,784 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = dumprep 0 -u
"hkey" = HKLM
"command" = %systemroot%\system32\dumprep 0 -u
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 1

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C70CEC3D-FEE7-4640-B4E9-FDB4A18D353B}]
Servers: | Description: Broadcom 802.11b/g WLAN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FC0011C8-2F6F-4CDD-B1EE-1DAD02C7174B}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== MountPoints2 =====

===== Hosts File =====

HOSTS File = (261973 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 www.miosearch.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com



[Files/Folders - Created Within 30 days]
[08/19/2008 12:31 PM | 00,000,164 | ---- | C] () - C:\install.dat
[04/13/2008 02:36 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[04/13/2008 02:36 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[04/13/2008 08:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 08:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 08:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 08:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 08:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 08:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 08:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 08:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 08:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 08:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 08:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 08:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 08:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 08:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 08:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[04/13/2008 12:36 PM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2004 11:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 11:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 11:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 11:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 11:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 11:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 11:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 11:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 11:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 11:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 11:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 11:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 11:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 11:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 11:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 11:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 11:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 11:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 11:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 11:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 11:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 11:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 11:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 11:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 11:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 11:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 11:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 11:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 11:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 11:29 PM | 01,897,408 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\drivers\nv4_mini.sys
[08/03/2004 11:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 11:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 11:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 11:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 11:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 11:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 11:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 11:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 11:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2004 11:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 11:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[3 C:\WINDOWS\System32\*.tmp files]
[04/13/2008 08:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/13/2008 08:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[04/13/2008 08:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/13/2008 08:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/13/2008 08:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/13/2008 08:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[04/13/2008 08:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/13/2008 08:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/13/2008 08:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/13/2008 08:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/13/2008 08:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/13/2008 08:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/13/2008 08:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[04/13/2008 08:12 PM | 04,274,816 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\nv4_disp.dll
[08/20/2008 09:28 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/20/2008 09:28 PM | ---D | C] - C:\WINDOWS\System32\en
[08/20/2008 09:29 PM | ---D | C] - C:\WINDOWS\System32\scripting
[09/17/2007 04:48 AM | 00,001,261 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[2 C:\WINDOWS\*.tmp files]
[04/13/2008 08:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[08/20/2008 06:18 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/20/2008 09:00 PM | ---D | C] - C:\WINDOWS\EHome
[08/20/2008 09:07 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 09:29 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/20/2008 09:30 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/25/2008 11:48 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/20/2008 05:29 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/14/2008 09:27 PM | 00,000,182 | ---- | C] () - C:\Documents and Settings\Sailing\Application Data\wklnhst.dat
[08/14/2008 09:27 PM | ---D | C] - C:\Documents and Settings\Sailing\Application Data\Template
[08/20/2008 05:30 PM | ---D | C] - C:\Documents and Settings\Sailing\Application Data\Malwarebytes
[08/17/2008 04:54 PM | 00,000,313 | ---- | C] () - C:\Documents and Settings\Sailing\My Documents\My Documents.lnk
[08/20/2008 05:29 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/20/2008 05:23 PM | 00,000,592 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\ERUNT.lnk
[08/20/2008 10:33 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\HijackThis.lnk
[08/25/2008 11:50 PM | 00,000,933 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\Spybot - Search & Destroy.lnk
[08/26/2008 01:13 AM | ---D | C] - C:\Documents and Settings\Sailing\Desktop\Downloads
[08/20/2008 05:23 PM | 00,000,767 | ---- | C] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/20/2008 05:28 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/17/2008 03:44 PM | ---D | C] - C:\Program Files\Alwil Software
[08/19/2008 12:34 PM | ---D | C] - C:\Program Files\AskSBar
[08/20/2008 05:23 PM | ---D | C] - C:\Program Files\ERUNT
[08/20/2008 05:29 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/20/2008 10:33 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/19/2008 03:31 PM | ---D | M] - C:\Documents and Settings
[08/19/2008 12:31 PM | 00,000,164 | ---- | M] () - C:\install.dat
[08/20/2008 05:11 PM | -HSD | M] - C:\System Volume Information
[08/20/2008 09:11 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/20/2008 10:33 PM | R--D | M] - C:\Program Files
[08/25/2008 11:41 PM | 23,336,1408 | -HS- | M] () - C:\hiberfil.sys
[08/25/2008 11:44 PM | ---D | M] - C:\WINDOWS
[07/28/2008 03:33 PM | 00,257,052 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080815-163150.backup
[08/19/2008 01:08 PM | 00,260,525 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080823-143411.backup
[08/23/2008 02:34 PM | 00,261,973 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080826-000148.backup
[08/26/2008 12:01 AM | 00,261,973 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[07/30/2008 05:28 PM | 00,000,706 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.inf
[07/30/2008 05:28 PM | 00,010,537 | ---- | M] () - C:\WINDOWS\System32\drivers\coh_mon.cat
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\COH_Mon.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/26/2008 12:01 AM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[3 C:\WINDOWS\System32\*.tmp files]
[08/17/2008 03:46 PM | ---D | M] - C:\WINDOWS\System32\config
[08/17/2008 11:34 PM | 00,002,577 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/20/2008 09:08 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[08/20/2008 09:20 PM | ---D | M] - C:\WINDOWS\System32\oobe
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\Com
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\npp
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\System32\bits
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\System32\en
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\en-US
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\usmt
[08/20/2008 10:04 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\Setup
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/20/2008 10:10 PM | 00,252,680 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/20/2008 10:21 PM | 00,053,166 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/20/2008 10:21 PM | 00,380,918 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/20/2008 10:21 PM | 00,439,376 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/21/2008 07:30 PM | 00,000,004 | ---- | M] () - C:\WINDOWS\System32\9E3A79
[08/21/2008 07:30 PM | 00,870,128 | ---- | M] () - C:\WINDOWS\System32\mcs.rma
[08/22/2008 06:38 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 11:17 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/25/2008 11:45 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[2 C:\WINDOWS\*.tmp files]
[08/13/2008 09:14 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/19/2008 03:31 PM | --SD | M] - C:\WINDOWS\Tasks
[08/19/2008 12:39 PM | 00,000,715 | ---- | M] () - C:\WINDOWS\win.ini
[08/20/2008 06:18 PM | ---D | M] - C:\WINDOWS\ERDNT
[08/20/2008 07:34 PM | ---D | M] - C:\WINDOWS\SoftwareDistribution
[08/20/2008 07:43 PM | ---D | M] - C:\WINDOWS\Debug
[08/20/2008 09:00 PM | ---D | M] - C:\WINDOWS\EHome
[08/20/2008 09:07 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 09:19 PM | ---D | M] - C:\WINDOWS\system
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\msagent
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\srchasst
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\PeerNet
[08/20/2008 09:28 PM | -HSD | M] - C:\WINDOWS\Installer
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\Help
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\ime
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/20/2008 09:30 PM | ---D | M] - C:\WINDOWS\ServicePackFiles
[08/20/2008 09:30 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/20/2008 10:05 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\security
[08/20/2008 10:09 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/21/2008 11:18 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/22/2008 06:38 AM | ---D | M] - C:\WINDOWS\system32
[08/22/2008 06:39 AM | -H-D | M] - C:\WINDOWS\inf
[08/25/2008 11:42 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/25/2008 11:48 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 01:00 AM | ---D | M] - C:\WINDOWS\Temp
[08/25/2008 11:43 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/04/2008 06:13 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/20/2008 05:29 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 01:40 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google
[08/26/2008 12:02 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/14/2008 09:27 PM | 00,000,182 | ---- | M] () - C:\Documents and Settings\Sailing\Application Data\wklnhst.dat
[08/14/2008 09:27 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Template
[08/20/2008 05:30 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Malwarebytes
[08/25/2008 10:52 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Mozilla
[08/17/2008 04:54 PM | 00,000,313 | ---- | M] () - C:\Documents and Settings\Sailing\My Documents\My Documents.lnk
[08/23/2008 01:09 PM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\Finance
[08/23/2008 10:54 PM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My eBooks
[08/25/2008 10:11 PM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My Downloads
[08/26/2008 12:07 AM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My Library
[08/20/2008 05:29 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/09/2008 11:34 AM | 00,002,485 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\eReader.lnk
[08/20/2008 05:23 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\ERUNT.lnk
[08/20/2008 10:33 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\HijackThis.lnk
[08/23/2008 10:53 PM | 00,002,523 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\Mobipocket Reader.lnk
[08/25/2008 11:50 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\Spybot - Search & Destroy.lnk
[08/26/2008 01:13 AM | ---D | M] - C:\Documents and Settings\Sailing\Desktop\Downloads
[08/20/2008 05:23 PM | 00,000,767 | ---- | M] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/20/2008 05:28 PM | ---D | M] - C:\Program Files\Common Files\Download Manager
[08/20/2008 09:20 PM | ---D | M] - C:\Program Files\Common Files\System
[08/25/2008 11:47 PM | ---D | M] - C:\Program Files\Common Files\Symantec Shared

< End of report >




Extras log:
OTViewIt Extras logfile created on: 8/26/2008 1:14:48 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Sailing\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.48 Mb Total Physical Memory | 77.25 Mb Available Physical Memory | 34.72% Memory free
543.54 Mb Paging File | 253.09 Mb Available in Paging File | 46.56% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.01 Gb Free Space | 64.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [08/25/2008 10:51 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{1BC21146-767D-427D-BC91-2AB88B5ECE73}" = eReader
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D0C9C350-C5C7-443A-BAE1-EF1ED58C9EFC}" = SymNet
"{D6E6FA4A-5445-4850-8365-CF216C1CB
  • 0

#6
nat4599

nat4599

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:13 AM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...o&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 6009 bytes

Not certain that this is related but since the 'bloodhound.sonar' virus manifested, email via bellsouth.net has been delayed with 'transferring data from servedby.advertising.com' as well. This only occurs with email website not with any others.
  • 0

#7
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nat4599,

Your OTViewIt Extras log got cut off, please repost it in your next reply. To do this please open the Extras file on your Desktop and copy/paste the text inside that file in your reply.
  • 0

#8
nat4599

nat4599

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I don't know what happens between yesterday and now but the Downloads was not on my desktop anymore so I download and ran again here are both files:

OTViewIt logfile created on: 8/26/2008 3:48:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Sailing\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.48 Mb Total Physical Memory | 27.20 Mb Available Physical Memory | 12.23% Memory free
543.54 Mb Paging File | 128.98 Mb Available in Paging File | 23.73% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.00 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OCT2005
Current User Name: Sailing
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[07/09/2008 07:27 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[02/09/2008 08:06 PM | 00,238,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[07/06/2008 05:31 PM | 01,245,064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[08/25/2008 10:51 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/26/2008 03:43 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Sailing\Desktop\Downloads\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[07/09/2008 07:27 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

(Apple Mobile Device) Apple Mobile Device [Disabled | Stopped]
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Ati HotKey Poller) Ati HotKey Poller [Disabled | Stopped]
[04/11/2005 09:31 AM | 00,360,448 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running]
[02/09/2008 08:06 PM | 00,238,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(comHost) COM Host [On_Demand | Stopped]
[08/22/2007 04:21 AM | 00,055,640 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 08:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(hpqwmi) HP WMI Interface [Disabled | Stopped]
[03/04/2005 03:16 PM | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\HPQ\Shared\hpqwmi.exe

(iPod Service) iPod Service [Disabled | Stopped]
[01/15/2008 04:22 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LightScribeService) LightScribeService Direct Disc Labeling Service [Disabled | Stopped]
[02/22/2005 07:32 PM | 00,038,912 | ---- | M] () - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[08/04/2008 11:20 AM | 03,220,856 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

(LiveUpdate Notice) LiveUpdate Notice [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(Symantec Core LC) Symantec Core LC [On_Demand | Running]
[07/06/2008 05:31 PM | 01,245,064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped]
[01/29/2008 04:09 PM | 00,394,704 | ---- | M] (Symantec, Inc.) - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

===== Driver Services - Non-Microsoft Only =====

(AliIde) AliIde [Boot | Running]
[08/17/2001 11:51 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(AmdK8) AMD Processor Driver [System | Running]
[08/11/2004 07:30 PM | 00,039,424 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(ati2mtag) ati2mtag [On_Demand | Running]
[04/11/2005 09:33 AM | 01,035,264 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(BCM43XX) Broadcom 802.11 Network Adapter Driver [On_Demand | Running]
[03/10/2005 05:41 AM | 00,371,712 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\BCMWL5.SYS

(BTWUSB) WIDCOMM USB Bluetooth Driver [On_Demand | Stopped]
[01/18/2005 12:52 PM | 00,055,320 | ---- | M] (Broadcom Corporation.) - C:\WINDOWS\system32\drivers\btwusb.sys

(CAMCAUD) Conexant AMC Audio [On_Demand | Running]
[02/18/2005 11:41 AM | 00,038,016 | ---- | M] (Conexant Systems Inc.) - C:\WINDOWS\system32\drivers\camc6aud.sys

(CAMCHALA) CAMCHALA [On_Demand | Running]
[02/18/2005 11:42 AM | 00,349,696 | ---- | M] (Conexant Systems Inc.) - C:\WINDOWS\system32\drivers\camc6hal.sys

(COH_Mon) COH_Mon [On_Demand | Stopped]
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\COH_Mon.sys

(CO_Mon) CO_Mon [Auto | Running]
[08/08/2007 08:39 PM | 00,036,056 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\CO_Mon.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 02:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[04/13/2008 02:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/04/2004 04:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(eabfiltr) eabfiltr [System | Running]
[04/14/2004 10:36 AM | 00,007,432 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\eabfiltr.sys

(eabusb) eabusb [On_Demand | Stopped]
[06/06/2003 02:46 PM | 00,005,220 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\EabUsb.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/20/2008 04:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/20/2008 04:00 AM | 00,099,376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[09/19/2006 02:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HSFHWATI) HSFHWATI [On_Demand | Running]
[12/15/2004 11:18 AM | 00,200,192 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWATI.sys

(HSF_DP) HSF_DP [On_Demand | Running]
[12/15/2004 11:18 AM | 01,038,208 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys

(MCSTRM) MCSTRM [Auto | Running]
[06/15/2007 02:59 PM | 00,008,413 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\drivers\mcstrm.sys

(mdmxsdk) mdmxsdk [Auto | Running]
[03/17/2004 07:04 AM | 00,013,059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/23/2008 04:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080824.021\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/23/2008 04:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080824.021\NAVEX15.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 04:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[01/26/2005 05:03 AM | 00,020,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Running]
[03/03/2005 03:10 PM | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys

(Secdrv) Secdrv [Auto | Running]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SMCIRDA) SMC IrCC Miniport Device Driver [On_Demand | Stopped]
[08/17/2001 03:10 PM | 00,035,913 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[01/17/2008 12:05 AM | 00,447,024 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SRTSP) SRTSP [On_Demand | Running]
[01/31/2008 09:51 PM | 00,279,088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[01/31/2008 09:51 PM | 00,317,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[01/31/2008 09:51 PM | 00,043,696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspx.sys

(SYMDNS) SYMDNS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,013,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[07/06/2008 06:22 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[06/13/2008 02:13 PM | 00,096,432 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symfw.sys

(SYMIDS) SYMIDS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,038,576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symids.sys

(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[03/20/2008 04:37 PM | 00,240,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080818.001\SymIDSCo.sys

(SymIM) Symantec Network Security Intermediate Filter Service [On_Demand | Stopped]
[06/13/2008 02:14 PM | 00,031,280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys

(SymIMMP) SymIMMP [On_Demand | Running]
[06/13/2008 02:14 PM | 00,031,280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys

(SYMNDIS) SYMNDIS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,037,424 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symndis.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[06/13/2008 02:13 PM | 00,022,320 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[06/13/2008 02:13 PM | 00,184,240 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[02/02/2005 07:58 AM | 00,191,456 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys

(tifm21) tifm21 [On_Demand | Stopped]
[03/16/2005 08:43 AM | 00,159,488 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys

(winachsf) winachsf [On_Demand | Running]
[12/15/2004 11:18 AM | 00,703,232 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 09:47 PM | 00,051,048 | ---- | M] (Symantec Corporation)
"osCheck" = "C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 02:49 AM | 00,718,704 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Sailing Startup Folder - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup]
[10/20/2005 12:04 PM | 00,038,912 | ---- | M] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 05:17 PM | 00,054,248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [08/14/2008 01:39 PM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
HKLM CLSID: (Symantec Intrusion Prevention) - [07/06/2008 05:34 PM | 00,116,088 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe File not found
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [01/15/2008 04:22 AM | 19,926,824 | ---- | M] (Apple Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe File not found
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [04/11/2005 09:31 AM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"WMPNetworkSvc" = 3
"LightScribeService" = 2
"iPod Service" = 3
"hpqwmi" = 3
"gusvc" = 3
"Ati HotKey Poller" = 2
"Apple Mobile Device" = 2
"aawservice" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk File not found
"backup" = C:\WINDOWS\pss\Microsoft Office.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Microsoft Office\Office\OSA9.EXE [02/17/1999 04:05 PM | 00,065,588 | ---- | M] (Microsoft Corporation)
"item" = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" =
"hkey" = HKCU
"command" =
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = atiptaxx
"hkey" = HKLM
"command" = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [04/11/2005 01:00 PM | 00,339,968 | ---- | M] (ATI Technologies, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cpqset]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = cpqset
"hkey" = HKLM
"command" = C:\Program Files\HPQ\Default Settings\Cpqset.exe [02/17/2005 05:01 PM | 00,233,534 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\ctfmon.exe [04/13/2008 08:12 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKCU
"command" = C:\WINDOWS\system32\ctfmon.exe [04/13/2008 08:12 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eabconfg.cpl]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = EabServr
"hkey" = HKLM
"command" = C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe [12/03/2004 04:24 PM | 00,290,816 | ---- | M] (Hewlett-Packard )
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HPWuSchd2
"hkey" = HKLM
"command" = C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe [02/16/2005 11:11 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpWirelessAssistant]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HP Wireless Assistant
"hkey" = HKLM
"command" = C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [04/01/2005 06:11 PM | 00,794,624 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = ISUSPM
"hkey" = HKLM
"command" = C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [07/27/2004 07:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = issch
"hkey" = HKLM
"command" = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [07/27/2004 07:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [01/15/2008 04:22 AM | 00,267,048 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LSBWatcher]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = lsburnwatcher
"hkey" = HKLM
"command" = c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [10/14/2004 04:54 PM | 00,253,952 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [04/13/2008 08:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = QTTask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [01/10/2008 04:27 PM | 00,385,024 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = TeaTimer
"hkey" = HKCU
"command" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = jusched
"hkey" = HKLM
"command" = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [03/04/2005 06:36 AM | 00,036,975 | ---- | M] (Sun Microsystems, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPEnh
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [02/02/2005 08:11 AM | 00,692,316 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPLpr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPLpr
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [02/02/2005 08:12 AM | 00,102,492 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [06/15/2007 01:56 PM | 00,185,784 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = dumprep 0 -u
"hkey" = HKLM
"command" = %systemroot%\system32\dumprep 0 -u
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 1

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C70CEC3D-FEE7-4640-B4E9-FDB4A18D353B}]
Servers: | Description: Broadcom 802.11b/g WLAN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FC0011C8-2F6F-4CDD-B1EE-1DAD02C7174B}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== MountPoints2 =====

===== Hosts File =====

HOSTS File = (261973 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 www.miosearch.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com



[Files/Folders - Created Within 30 days]
[08/19/2008 12:31 PM | 00,000,164 | ---- | C] () - C:\install.dat
[04/13/2008 02:36 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[04/13/2008 02:36 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[04/13/2008 08:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 08:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 08:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 08:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 08:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 08:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 08:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 08:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 08:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 08:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 08:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 08:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 08:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 08:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 08:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[04/13/2008 12:36 PM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2004 11:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 11:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 11:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 11:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 11:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 11:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 11:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 11:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 11:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 11:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 11:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 11:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 11:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 11:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 11:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 11:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 11:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 11:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 11:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 11:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 11:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 11:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 11:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 11:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 11:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 11:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 11:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 11:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 11:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 11:29 PM | 01,897,408 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\drivers\nv4_mini.sys
[08/03/2004 11:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 11:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 11:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 11:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 11:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 11:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 11:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 11:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 11:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2004 11:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 11:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[3 C:\WINDOWS\System32\*.tmp files]
[04/13/2008 08:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/13/2008 08:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[04/13/2008 08:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/13/2008 08:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/13/2008 08:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/13/2008 08:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[04/13/2008 08:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/13/2008 08:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/13/2008 08:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/13/2008 08:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/13/2008 08:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/13/2008 08:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/13/2008 08:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[04/13/2008 08:12 PM | 04,274,816 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\nv4_disp.dll
[08/20/2008 09:28 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/20/2008 09:28 PM | ---D | C] - C:\WINDOWS\System32\en
[08/20/2008 09:29 PM | ---D | C] - C:\WINDOWS\System32\scripting
[09/17/2007 04:48 AM | 00,001,261 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[2 C:\WINDOWS\*.tmp files]
[04/13/2008 08:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[08/20/2008 06:18 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/20/2008 09:00 PM | ---D | C] - C:\WINDOWS\EHome
[08/20/2008 09:07 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 09:29 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/20/2008 09:30 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/25/2008 11:48 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/20/2008 05:29 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/14/2008 09:27 PM | 00,000,182 | ---- | C] () - C:\Documents and Settings\Sailing\Application Data\wklnhst.dat
[08/14/2008 09:27 PM | ---D | C] - C:\Documents and Settings\Sailing\Application Data\Template
[08/20/2008 05:30 PM | ---D | C] - C:\Documents and Settings\Sailing\Application Data\Malwarebytes
[08/17/2008 04:54 PM | 00,000,313 | ---- | C] () - C:\Documents and Settings\Sailing\My Documents\My Documents.lnk
[08/20/2008 05:29 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/20/2008 05:23 PM | 00,000,592 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\ERUNT.lnk
[08/20/2008 10:33 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\HijackThis.lnk
[08/25/2008 11:50 PM | 00,000,933 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\Spybot - Search & Destroy.lnk
[08/26/2008 03:43 PM | ---D | C] - C:\Documents and Settings\Sailing\Desktop\Downloads
[08/20/2008 05:23 PM | 00,000,767 | ---- | C] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/20/2008 05:28 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/17/2008 03:44 PM | ---D | C] - C:\Program Files\Alwil Software
[08/19/2008 12:34 PM | ---D | C] - C:\Program Files\AskSBar
[08/20/2008 05:23 PM | ---D | C] - C:\Program Files\ERUNT
[08/20/2008 05:29 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/20/2008 10:33 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/19/2008 03:31 PM | ---D | M] - C:\Documents and Settings
[08/19/2008 12:31 PM | 00,000,164 | ---- | M] () - C:\install.dat
[08/20/2008 05:11 PM | -HSD | M] - C:\System Volume Information
[08/20/2008 09:11 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/20/2008 10:33 PM | R--D | M] - C:\Program Files
[08/25/2008 11:41 PM | 23,336,1408 | -HS- | M] () - C:\hiberfil.sys
[08/25/2008 11:44 PM | ---D | M] - C:\WINDOWS
[07/28/2008 03:33 PM | 00,257,052 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080815-163150.backup
[08/19/2008 01:08 PM | 00,260,525 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080823-143411.backup
[08/23/2008 02:34 PM | 00,261,973 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080826-000148.backup
[08/26/2008 12:01 AM | 00,261,973 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[07/30/2008 05:28 PM | 00,000,706 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.inf
[07/30/2008 05:28 PM | 00,010,537 | ---- | M] () - C:\WINDOWS\System32\drivers\coh_mon.cat
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\COH_Mon.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/26/2008 12:01 AM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[3 C:\WINDOWS\System32\*.tmp files]
[08/17/2008 03:46 PM | ---D | M] - C:\WINDOWS\System32\config
[08/17/2008 11:34 PM | 00,002,577 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/20/2008 09:08 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[08/20/2008 09:20 PM | ---D | M] - C:\WINDOWS\System32\oobe
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\Com
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\npp
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\System32\bits
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\System32\en
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\en-US
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\usmt
[08/20/2008 10:04 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\Setup
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/20/2008 10:10 PM | 00,252,680 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/20/2008 10:21 PM | 00,053,166 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/20/2008 10:21 PM | 00,380,918 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/20/2008 10:21 PM | 00,439,376 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/21/2008 07:30 PM | 00,000,004 | ---- | M] () - C:\WINDOWS\System32\9E3A79
[08/21/2008 07:30 PM | 00,870,128 | ---- | M] () - C:\WINDOWS\System32\mcs.rma
[08/22/2008 06:38 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 11:17 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/25/2008 11:45 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[2 C:\WINDOWS\*.tmp files]
[08/13/2008 09:14 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/19/2008 03:31 PM | --SD | M] - C:\WINDOWS\Tasks
[08/19/2008 12:39 PM | 00,000,715 | ---- | M] () - C:\WINDOWS\win.ini
[08/20/2008 06:18 PM | ---D | M] - C:\WINDOWS\ERDNT
[08/20/2008 07:34 PM | ---D | M] - C:\WINDOWS\SoftwareDistribution
[08/20/2008 07:43 PM | ---D | M] - C:\WINDOWS\Debug
[08/20/2008 09:00 PM | ---D | M] - C:\WINDOWS\EHome
[08/20/2008 09:07 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 09:19 PM | ---D | M] - C:\WINDOWS\system
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\msagent
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\srchasst
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\PeerNet
[08/20/2008 09:28 PM | -HSD | M] - C:\WINDOWS\Installer
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\Help
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\ime
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/20/2008 09:30 PM | ---D | M] - C:\WINDOWS\ServicePackFiles
[08/20/2008 09:30 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/20/2008 10:05 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\security
[08/20/2008 10:09 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/21/2008 11:18 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/22/2008 06:38 AM | ---D | M] - C:\WINDOWS\system32
[08/22/2008 06:39 AM | -H-D | M] - C:\WINDOWS\inf
[08/25/2008 11:42 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/25/2008 11:48 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 03:40 PM | ---D | M] - C:\WINDOWS\Temp
[08/25/2008 11:43 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/04/2008 06:13 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/20/2008 05:29 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 01:40 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google
[08/26/2008 12:02 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/14/2008 09:27 PM | 00,000,182 | ---- | M] () - C:\Documents and Settings\Sailing\Application Data\wklnhst.dat
[08/14/2008 09:27 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Template
[08/20/2008 05:30 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Malwarebytes
[08/25/2008 10:52 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Mozilla
[08/17/2008 04:54 PM | 00,000,313 | ---- | M] () - C:\Documents and Settings\Sailing\My Documents\My Documents.lnk
[08/23/2008 01:09 PM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\Finance
[08/26/2008 09:18 AM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My Downloads
[08/26/2008 09:18 AM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My Library
[08/26/2008 09:57 AM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My eBooks
[08/20/2008 05:29 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/09/2008 11:34 AM | 00,002,485 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\eReader.lnk
[08/20/2008 05:23 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\ERUNT.lnk
[08/20/2008 10:33 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\HijackThis.lnk
[08/25/2008 11:50 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\Spybot - Search & Destroy.lnk
[08/26/2008 03:43 PM | ---D | M] - C:\Documents and Settings\Sailing\Desktop\Downloads
[08/26/2008 09:20 AM | 00,002,523 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\Mobipocket Reader.lnk
[08/20/2008 05:23 PM | 00,000,767 | ---- | M] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/20/2008 05:28 PM | ---D | M] - C:\Program Files\Common Files\Download Manager
[08/20/2008 09:20 PM | ---D | M] - C:\Program Files\Common Files\System
[08/26/2008 01:23 AM | ---D | M] - C:\Program Files\Common Files\Symantec Shared

< End of report >


OTViewIt Extras logfile created on: 8/26/2008 3:48:55 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Sailing\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.48 Mb Total Physical Memory | 27.20 Mb Available Physical Memory | 12.23% Memory free
543.54 Mb Paging File | 128.98 Mb Available in Paging File | 23.73% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.00 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [08/25/2008 10:51 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{1BC21146-767D-427D-BC91-2AB88B5ECE73}" = eReader
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D0C9C350-C5C7-443A-BAE1-EF1ED58C9EFC}" = SymNet
"{D6E6FA4A-5445-4850-
  • 0

#9
nat4599

nat4599

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here is the Extras file:

OTViewIt Extras logfile created on: 8/26/2008 3:48:55 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Sailing\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.48 Mb Total Physical Memory | 27.20 Mb Available Physical Memory | 12.23% Memory free
543.54 Mb Paging File | 128.98 Mb Available in Paging File | 23.73% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.00 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [08/25/2008 10:51 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{1BC21146-767D-427D-BC91-2AB88B5ECE73}" = eReader
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D0C9C350-C5C7-443A-BAE1-EF1ED58C9EFC}" = SymNet
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"All ATI Software" = ATI - Software Uninstall Utility
"AskSBar Uninstall" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"Coastal Living v3" = Coastal Living v3 Screen Saver
"Collapse! Deluxe " = Collapse! Deluxe
"Cubis Deluxe" = Cubis Deluxe
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MBT Navigator" = MBT Navigator
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"RepliGo Viewer" = RepliGo Viewer (remove only)
"Rhapsody" = Rhapsody
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >
  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nat4599,

Regarding Step 1, I have Norton Internet Security 2008, under "Computer" "Inbound Firewall" it shows 'secured'. Under "Internet" "Advanced Firewall" it shows 'secured'. Is there some virus that prevent these protections being active? Do I still need to download additional firewall products?

There is no need to download any of the firewalls. Your logs did not show a firewall, that why I asked you to download one. And as far as it not showing in the logs I don't think that is anything to worry about. :)

Not certain that this is related but since the 'bloodhound.sonar' virus manifested, email via bellsouth.net has been delayed with 'transferring data from servedby.advertising.com' as well. This only occurs with email website not with any others.

I would not thing that the virus has anything to do with that.

I don't know what happens between yesterday and now but the Downloads was not on my desktop anymore so I download and ran again here are both files:

Thats strange, was anything else missing that you know of?


STEP 1
Please download DirLook by jpshortstuff from here.
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    C:\WINDOWS\System32\9E3A79
  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.

STEP 2
Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~
In your next reply please have these logs.
The Dirlook log
The Kaspersky log
And please tell me if you are still having any problems with your computer
  • 0

Advertisements


#11
nat4599

nat4599

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thats strange, was anything else missing that you know of?

Not that I'm aware of.

Regarding Kaspersky scanner, do I need to disable Norton, Spybot SD, Ad-Aware any or all? Thanks for your help so far.
Here's the DirLook log:
DirLook.exe by jpshortstuff
Log created at 18:28:04 on Tue 08/26/2008

==============================

Contents of "C:\WINDOWS\System32\9E3A79" (inc. hidden/system files/folders)

---FOLDERS---

chrome (created: 08/25/2008 10:52 PM) d--------
components (created: 08/26/2008 06:19 PM) d--------
defaults (created: 10/24/2005 03:42 PM) d--------
dictionaries (created: 08/25/2008 10:52 PM) d--------
extensions (created: 08/25/2008 10:53 PM) d--------
greprefs (created: 08/25/2008 10:52 PM) d--------
modules (created: 08/25/2008 10:51 PM) d--------
plugins (created: 08/26/2008 05:05 PM) d--------
res (created: 08/25/2008 10:52 PM) d--------
searchplugins (created: 08/25/2008 10:52 PM) d--------
uninstall (created: 08/25/2008 10:52 PM) d--------
updates (created: 03/03/2007 11:08 AM) d--------

---FILES---

.autoreg (0 bytes, created: 08/26/2008 06:12 PM) --a------
AccessibleMarshal.dll (17408 bytes, created: 08/25/2008 10:51 PM) --a------
application.ini (2035 bytes, created: 08/25/2008 10:51 PM) --a------
blocklist.xml (1338 bytes, created: 08/25/2008 10:51 PM) --a------
browserconfig.properties (232 bytes, created: 08/25/2008 10:51 PM) --a------
components.ini (24 bytes, created: 10/24/2005 03:42 PM) --a------
crashreporter.exe (185856 bytes, created: 08/25/2008 10:51 PM) --a------
crashreporter.ini (3558 bytes, created: 08/25/2008 10:51 PM) --a------
crashreporter-override.ini (583 bytes, created: 08/25/2008 10:51 PM) --a------
defaults.ini (24 bytes, created: 10/24/2005 03:42 PM) --a------
firefox.exe (307712 bytes, created: 08/25/2008 10:51 PM) --a------
freebl3.chk (476 bytes, created: 08/25/2008 10:51 PM) --a------
freebl3.dll (233472 bytes, created: 08/25/2008 10:51 PM) --a------
install.log (31513 bytes, created: 04/22/2008 10:26 PM) --a------
js3250.dll (695296 bytes, created: 08/25/2008 10:51 PM) --a------
LICENSE (31393 bytes, created: 08/25/2008 10:51 PM) --a------
mozcrt19.dll (710144 bytes, created: 08/25/2008 10:51 PM) --a------
nspr4.dll (198144 bytes, created: 08/25/2008 10:51 PM) --a------
nss3.dll (697856 bytes, created: 08/25/2008 10:52 PM) --a------
nssckbi.dll (304640 bytes, created: 08/25/2008 10:52 PM) --a------
nssdbm3.dll (103936 bytes, created: 08/25/2008 10:52 PM) --a------
nssutil3.dll (87552 bytes, created: 08/25/2008 10:52 PM) --a------
old-homepage-default.properties (112 bytes, created: 08/25/2008 10:52 PM) --a------
platform.ini (48 bytes, created: 08/25/2008 10:52 PM) --a------
plc4.dll (20480 bytes, created: 08/25/2008 10:52 PM) --a------
plds4.dll (17408 bytes, created: 08/25/2008 10:52 PM) --a------
README.txt (181 bytes, created: 08/25/2008 10:51 PM) --a------
removed-files (15884 bytes, created: 08/25/2008 10:52 PM) --a------
smime3.dll (103936 bytes, created: 08/25/2008 10:52 PM) --a------
softokn3.chk (476 bytes, created: 08/25/2008 10:52 PM) --a------
softokn3.dll (151552 bytes, created: 08/25/2008 10:52 PM) --a------
sqlite3.dll (395776 bytes, created: 08/25/2008 10:52 PM) --a------
ssl3.dll (136704 bytes, created: 08/25/2008 10:52 PM) --a------
tempbat.bat (1987 bytes, created: 08/26/2008 06:27 PM) --a------
updater.exe (241664 bytes, created: 08/25/2008 10:52 PM) --a------
updater.ini (706 bytes, created: 08/25/2008 10:52 PM) --a------
xpcom.dll (17920 bytes, created: 08/25/2008 10:52 PM) --a------
xul.dll (9704960 bytes, created: 08/25/2008 10:52 PM) --a------

==============================

=EOF=
  • 0

#12
nat4599

nat4599

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Never mind my question on disabling Norton I just read the Kaspersky information to disable Norton. I'm still not sure about SD and Ad-aware
  • 0

#13
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nat4599,

I'm still not sure about SD and Ad-aware

You should be able to run the Kaspersky scan without disabling SD or Ad-aware.
  • 0

#14
nat4599

nat4599

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The DirLook was posted in another post. Here is the Kapersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 27, 2008 01:24:51
Records in database: 1149676
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 58712
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:52:50


File name / Threat name / Threats count
C:\Documents and Settings\Sailing\Local Settings\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.dw 1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\WINDOWS\system32\dbxDgrevCheck.dll Infected: not-a-virus:AdWare.Win32.Agent.cb 1

The selected area was scanned.


What do I need to do about the infected objects?
  • 0

#15
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nat4599,

What do I need to do about the infected objects?

We will take care of those this post. :)


STEP 1
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
    C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE
    C:\WINDOWS\system32\dbxDgrevCheck.dll
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
And the Malwarebytes log

Edited by Jimmy2012, 27 August 2008 - 11:42 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP