Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32/adware.virtumonde and win32.privacyremover.m64 [RESOLVED]


  • This topic is locked This topic is locked

#1
Danzilla

Danzilla

    Member

  • Member
  • PipPip
  • 19 posts
Hi,
I ended up getting I think win32/adware.virtumonde and win32.privacyremover.m64 by accidently clicking on a pop-up. An alert started showing in my shortcut bar. Then my background changed and had a big warning on it saying "Your comp is at risk. YOu have win32/adware.virtumonde and win32.privacyremover.m64 ." I already had Semantic Antivirus, Adaware SE 2007, and SuperAntiSpyware FE. I ran those and got rid of whatever it found. My comp ended up freezing and had to restart. Virus was still there.
I found your site and attempted to follow the steps. I had to use my gf's comp to download all these programs and transfer onto my comp using a flash drive.

Preparation:
Step 1 - Got ATF and cleaned out temp files.
Step 2 - Unable to complete. I tried this and it said "System restore was not able to create a new restore point."
Checked under safe mode and there was no restore point to go back to.
Step 3 - Used ERUNT to make a back-up of registry.
Actual Attempt:
Step 1 - I got Malewarebytes Anti-Malware and ran it. Here is the log from it.
Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

2:31:43 AM 8/25/2008
mbam-log-8-25-2008 (02-31-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 83817
Time elapsed: 26 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\phcag8j0er9g.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Step 2: Ran Symantec again, but couldn't update today as the virus wouldn't allow me to connect to that site. Symantec had 2 things in quarantine under the name

I also ran VundoFix and when that came up with nothing I ran Virtumundobegone. The log from the last one is here:

[08/25/2008, 3:32:53] - VirtumundoBeGone v1.5 ( "c:\documents and settings\thadeus mcgriddle\desktop\virtumundobegone.exe" )
[08/25/2008, 3:32:55] - Detected System Information:
[08/25/2008, 3:32:55] - Windows Version: 5.1.2600, Service Pack 2
[08/25/2008, 3:32:55] - Current Username: Thadeus McGriddle (Admin)
[08/25/2008, 3:32:55] - Windows is in NORMAL mode.
[08/25/2008, 3:32:55] - Searching for Browser Helper Objects:
[08/25/2008, 3:32:55] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} ()
[08/25/2008, 3:32:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/25/2008, 3:32:55] - No filename found. Continuing.
[08/25/2008, 3:32:55] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/25/2008, 3:32:55] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/25/2008, 3:32:55] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/25/2008, 3:32:55] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/25/2008, 3:32:55] - Finished Searching Browser Helper Objects
[08/25/2008, 3:32:55] - Finishing up...
[08/25/2008, 3:32:55] - Nothing found! Exiting...

Step 3: Couldn't do a Windows Update because virus wouldn't allow me to connect to this site either. I do have auto updates on for this though.

Step4: Rebooted. Something I ran got rid of the background that the virus had put on my comp, but as soon as I tried to connect to internet it still wouldn't allow connections to sites like symantec, windows updates, etc.

Step 5: Got hijackthis and ran the program. Here is the log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47:53, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
c:\windows\system32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.201.0.80:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Acidcast] C:\DOCUME~1\THADEU~1\APPLIC~1\MP3HID~1\Activeplaydrive.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9501 bytes

Please help me. I really don't want to have to wipe my computer if I don't have to.
Thanks in advance. Hope I put this in the correct place and with the correct info.
-Dan
  • 0

Advertisements


#2
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello Danzilla !

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
  • 0

#3
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

You did a good job yourself, but there are still some things to do, so let's go :)

1) Disable real-time protections :

Please disable Norton and Ad-aware real-time protection, more help here : http://www.bleepingc...opic114351.html

2) Update Adobe Acrobate Reader :

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

3) Restore default host file :

Download the HostsXpert 4.2 - Hosts File Manager.
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Posted Image4) Check a file on viruscan :

* Please go to VirScan
* Copy and paste the following file path into the Suspicious files to scan box.
o C:\DOCUME~1\THADEU~1\APPLIC~1\MP3HID~1\Activeplaydrive.exe ( docume~1 is a shortcut name folder, idem for the following )
* Click on the Upload button
* Once the Scan has completed, click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
* Paste the contents of the Clipboard in your next reply.

5) Run OTviewIT :

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

Regards,
Egwene.
  • 0

#4
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Egwene,
Step 1 - I disabled real-time for Symantec (don't have Norton) and I don't have Ad-aware real time protection. I only have the free version.

Step 2 - Got the updated Adobe. I was able to access the net for this, but when I tried to get onto geekstogo.com, it didn't work. Had to type this from gf's comp.

Step 3 - Completed all steps for HostsXpert 4.2

Step 4 - Couldn't complete. I went to VirScan and put in the file path you requested I put in.
This is exactly what I put in: C:\DOCUME~1\THADEU~1\APPLIC~1\MP3HID~1\Activeplaydrive.exe
I didn't know what ( docume~1 is a shortcut name folder, idem for the following ) meant because I didn't see anything following it.
I clicked upload and nothing would happen. I tried clicking on browse and the activeplaydrive.exe file came up. When I clicked on open, i got this message: Activeplaydrive.exe not found
File not found
Please verify the correct file name was given.
I tried reloading this page and doing it all again, but got the same results.

Step 5 - Completed scan with OTViewIT
UNfortunately, I can't post the log. Everytime I try, it tells me I have an outdated version of HijackThis even though I am not using that just to reply to this. How can I post the log from OTViewIT?

Edited by Danzilla, 29 August 2008 - 05:35 AM.

  • 0

#5
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Trying this, log part 1

OTViewIt logfile created on: 8/29/2008 7:09:18 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Thadeus McGriddle\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 548.51 Mb Available Physical Memory | 54.09% Memory free
2.38 Gb Paging File | 2.02 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 53.34 Gb Free Space | 71.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 491.23 Mb Total Space | 221.05 Mb Free Space | 45.00% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THADEUS-F4061AA
Current User Name: Thadeus McGriddle
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[11/02/2006 04:48 AM | 00,020,480 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE
[12/14/2005 09:41 AM | 00,077,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[12/14/2005 09:45 AM | 00,118,784 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe
[05/21/2007 10:16 AM | 00,457,728 | ---- | M] (SlySoft, Inc.) - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[12/14/2005 09:41 AM | 00,159,744 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxsrvc.exe

===== Win32 Services - Non-Microsoft Only =====

(SavRoam) SavRoam [On_Demand | Stopped]
[04/18/2005 04:30 AM | 00,124,608 | ---- | M] (symantec) - C:\Program Files\Symantec AntiVirus\SavRoam.exe

(wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running]
[11/02/2006 04:48 AM | 00,020,480 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE

(getPlus® Helper) getPlus® Helper [On_Demand | Stopped]
[06/26/2008 10:24 AM | 00,031,592 | ---- | M] (NOS Microsystems Ltd.) - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

===== Driver Services - Non-Microsoft Only =====

(Afc) PPdus ASPI Shell [On_Demand | Running]
[02/24/2005 06:58 AM | 00,011,776 | ---- | M] (Arcsoft, Inc.) - C:\WINDOWS\system32\drivers\afc.sys

(AnyDVD) AnyDVD [On_Demand | Running]
[04/05/2006 05:42 AM | 00,019,200 | ---- | M] (SlySoft, Inc.) - C:\WINDOWS\system32\drivers\AnyDVD.sys

(APPDRV) APPDRV [System | Running]
[08/13/2005 08:50 AM | 00,016,128 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\APPDRV.SYS

(cercsr6) cercsr6 [Boot | Stopped]
[12/14/2004 06:14 AM | 00,039,904 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\System32\drivers\cercsr6.sys

(ElbyCDIO) ElbyCDIO Driver [Auto | Running]
[04/21/2005 08:40 PM | 00,010,624 | ---- | M] (Elaborate Bytes AG) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys

(ialm) ialm [On_Demand | Running]
[12/14/2005 10:09 AM | 01,364,574 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(PAC7311) VGA USB Camera [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\PA707UCM.SYS

(SASDIFSV) SASDIFSV [System | Running]
[06/14/2008 10:22 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

(SASENUM) SASENUM [On_Demand | Stopped]
[02/16/2006 05:51 PM | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[06/14/2008 10:22 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(UIUSys) Conexant Setup API [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AnyDVD" = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [05/21/2007 10:16 AM | 00,457,728 | ---- | M] (SlySoft, Inc.)
"Apoint" = C:\Program Files\Apoint\Apoint.exe [10/08/2005 06:13 AM | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.)
"Broadcom Wireless Manager UI" = C:\WINDOWS\system32\WLTRAY.exe [11/02/2006 04:48 AM | 01,392,640 | ---- | M] (Dell Inc.)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/09/2005 07:52 AM | 00,048,752 | ---- | M] (Symantec Corporation)
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/07/2006 02:51 AM | 00,049,152 | ---- | M] (CyberLink Corp.)
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/14/2004 07:49 AM | 00,049,152 | ---- | M] (Hewlett-Packard Company)
"igfxhkcmd" = C:\WINDOWS\system32\hkcmd.exe [12/14/2005 09:41 AM | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" = C:\WINDOWS\system32\igfxpers.exe [12/14/2005 09:45 AM | 00,118,784 | ---- | M] (Intel Corporation)
"igfxtray" = C:\WINDOWS\system32\igfxtray.exe [12/14/2005 09:44 AM | 00,098,304 | ---- | M] (Intel Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"Monitor" = C:\WINDOWS\PixArt\PAC7311\Monitor.exe [11/03/2006 11:01 AM | 00,319,488 | ---- | M] (PixArt Imaging Incorporation)
"MSPY2002" = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [08/04/2004 07:00 PM | 00,059,392 | ---- | M] ()
"NeroFilterCheck" = C:\WINDOWS\system32\NeroCheck.exe [07/10/2001 03:50 AM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" = stsystra.exe [07/28/2006 06:19 AM | 00,282,624 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\VPTray.exe [04/18/2005 04:30 AM | 00,085,184 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"getPlusUninstall" = "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1 [06/26/2008 10:24 AM | 00,031,592 | ---- | M] (NOS Microsystems Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acidcast" = C:\DOCUME~1\THADEU~1\APPLIC~1\MP3HID~1\Activeplaydrive.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/05/2004 11:28 AM | 00,258,048 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[11/05/2004 11:50 AM | 00,053,248 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[09/30/2006 03:55 AM | 00,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

[Thadeus McGriddle Startup Folder - C:\Documents and Settings\Thadeus McGriddle\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
HKLM CLSID: (Skype add-on (mastermind)) - [02/01/2008 05:22 PM | 01,377,576 | ---- | M] (Skype Technologies S.A.) C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [05/21/2007 07:56 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [05/21/2007 07:56 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [05/21/2007 07:56 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

========== AppInit_Dlls ==========

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" =
HKLM CLSID: (SABShellExecuteHook Class) - [06/14/2008 10:22 AM | 00,077,824 | ---- | M] (SuperAdBlocker.com) C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 07:23 PM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 07:00 PM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 07:00 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 07:00 PM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [04/19/2007 01:41 PM | 00,294,912 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [12/14/2005 09:40 AM | 00,139,264 | ---- | M] (Intel Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [04/18/2005 04:30 AM | 00,043,712 | ---- | M] (Symantec Corporation)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 PM | 00,140,800 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 09:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe [03/31/2006 02:51 AM | 11,747,976 | ---- | M] (Firaxis Games)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe [05/21/2008 08:35 PM | 00,254,976 | ---- | M] (Azureus Inc)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe [11/26/2007 04:34 PM | 01,888,256 | ---- | M] (www.sopcast.com)
"C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\Thadeus McGriddle\Application Data\SopCast\adv\SopAdver.exe [09/17/2007 06:53 PM | 00,260,944 | ---- | M] (www.sopcast.com)
"C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe" = C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe [03/31/2004 05:15 PM | 01,302,529 | ---- | M] (funkitron)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe File not found
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe [09/01/2007 09:18 PM | 02,179,072 | ---- | M] (Zhejiang University)
"C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe [11/20/2007 04:30 PM | 01,427,560 | ---- | M] ()
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe [11/20/2007 04:30 PM | 00,567,384 | ---- | M] (www.sopcast.com)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe [08/04/2004 07:00 PM | 00,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe [08/04/2004 07:00 PM | 00,033,280 | ---- | M] (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe [06/17/2007 07:14 PM | 00,096,256 | ---- | M] ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)
"C:\WINDOWS\system32\a.exe" = C:\WINDOWS\system32\a.exe File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe [08/01/2008 10:16 PM | 00,307,712 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [02/01/2008 05:22 PM | 21,898,024 | R--- | M] (Skype Technologies S.A.)

========== Desktop Components ==========

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========
Unable to open key or key not present!


========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[05/21/2007 08:52 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]
  • 0

#6
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK, looked like I just needed to break this post up.
Log part 2

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ac59fd-0739-11dc-933f-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ac59fd-0739-11dc-933f-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ac59fd-0739-11dc-933f-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0406571e-7b09-11dc-93e5-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0406571e-7b09-11dc-93e5-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0406571e-7b09-11dc-93e5-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11683132-584d-11dd-95a0-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11683132-584d-11dd-95a0-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11683132-584d-11dd-95a0-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324199b7-09cf-11dc-9346-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324199b7-09cf-11dc-9346-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324199b7-09cf-11dc-9346-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0e8eb9-6d0a-11dd-95c3-00197e3e347c}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0e8eb9-6d0a-11dd-95c3-00197e3e347c}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0e8eb9-6d0a-11dd-95c3-00197e3e347c}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0e8eba-6d0a-11dd-95c3-00197e3e347c}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0e8eba-6d0a-11dd-95c3-00197e3e347c}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0e8eba-6d0a-11dd-95c3-00197e3e347c}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71330420-c19c-11dc-9489-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71330420-c19c-11dc-9489-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71330420-c19c-11dc-9489-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71330421-c19c-11dc-9489-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71330421-c19c-11dc-9489-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71330421-c19c-11dc-9489-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eae24c1-06ef-11dc-9179-806d6172696f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eae24c1-06ef-11dc-9179-806d6172696f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eae24c1-06ef-11dc-9179-806d6172696f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{901d799e-0737-11dc-933d-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{901d799e-0737-11dc-933d-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{901d799e-0737-11dc-933d-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95d463c2-5f6d-11dd-95ad-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95d463c2-5f6d-11dd-95ad-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95d463c2-5f6d-11dd-95ad-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9976fb4a-03cc-11dd-951a-00197e3e347c}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9976fb4a-03cc-11dd-951a-00197e3e347c}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9976fb4a-03cc-11dd-951a-00197e3e347c}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b1adca8-e141-11dc-94d6-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b1adca8-e141-11dc-94d6-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b1adca8-e141-11dc-94d6-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d59bfbb-6106-11dc-93af-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d59bfbb-6106-11dc-93af-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d59bfbb-6106-11dc-93af-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dab1fa0-56d6-11dc-93a2-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dab1fa0-56d6-11dc-93a2-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dab1fa0-56d6-11dc-93a2-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d82d1e5e-2d85-11dd-955f-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d82d1e5e-2d85-11dd-955f-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d82d1e5e-2d85-11dd-955f-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1808895-6253-11dc-93b5-00188bc8afaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1808895-6253-11dc-93b5-00188bc8afaf}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 12:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1808895-6253-11dc-93b5-00188bc8afaf}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{213014C4-3259-424F-BACA-5C2C9A62DE7A}]
Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9564C664-F1B2-4A12-93A5-DA77F552883D}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B7A59E5D-5174-4E64-9B99-FE0311C1B69C}]
Servers: | Description: Dell Wireless 1490 Dual Band WLAN Mini-Card

========== Hosts File ==========

HOSTS File = (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
  • 0

#7
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I am not able to add these sections of the log:

========== Files/Folders - Created Within 30 days ==========

========== Files/Folders - Modified Within 30 days ==========

I keep getting the "outdated HijackThis" redirect when trying to post this stuff.
  • 0

#8
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTViewIt Extras logfile created on: 8/29/2008 7:09:18 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Thadeus McGriddle\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 548.51 Mb Available Physical Memory | 54.09% Memory free
2.38 Gb Paging File | 2.02 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 53.34 Gb Free Space | 71.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 491.23 Mb Total Space | 221.05 Mb Free Space | 45.00% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

========== Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[02/01/2008 05:22 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AD3FC5-D09D-4D9F-8E9C-E40794194EC5}" = Netflix Movie Viewer
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.6
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus®
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AnyDVD" = AnyDVD
"Azureus Vuze" = Azureus Vuze
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSONײޥհèè
"ERUNT_is1" = ERUNT 1.1j
"FLVPlayer" = FLV Player 1.3.3
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"KB835221WXP" = High Definition Audio Driver Package - KB835221
"KB839210" = Windows XP Hotfix - KB839210
"KB873339" = Windows XP Hotfix - KB873339
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896428" = Security Update for Windows XP (KB896428)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901190" = Security Update for Windows XP (KB901190)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916595" = Update for Windows XP (KB916595)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP9" = Security Update for Windows Media Player 9 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921503" = Security Update for Windows XP (KB921503)
"KB922582" = Update for Windows XP (KB922582)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923789" = Security Update for Windows XP (KB923789)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768" = Security Update for Windows XP (KB931768)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Scrabble" = Scrabble
"SopCast" = SopCast 2.0.4
"SopCore" = SopCore 1.1.2
"TVAnts 1.0" = TVAnts 1.0
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"THUNK JOY HOLD" = CiD Help

========== Event Log Warnings and Errors ==========

[ Application Events ]

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CDOCUME1THADEU1LOCALS1Temphckhghaiexe (PID 2176)Time Sunday August 24 2008 8
4746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CDOCUME1THADEU1LOCALS1Temphckhghaiexe (PID 2176)Time Sunday August 24 2008 8
4746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:47:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 84746 PM

Application - Error - 8/24/2008 8:48:54 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Symantec AntiVirus
Description = Security Risk FoundThreat JokeBlusod in File cwindowssystem32blphcag8j0er9gscr
by Manual scan Action Leave Alone succeeded Action Description The file was l
eft unchanged

Application - Error - 8/24/2008 8:48:54 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Symantec AntiVirus
Description = Security Risk FoundThreat JokeBlusod in File cwindowssystem32blphcag8j0er9gscr
by Manual scan Action Quarantine succeeded Action Description The file was quarantined
successfully

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesLavasoftAd-Aware 2007aawserviceexe (PID 1816)Time Sunday August
24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesLavasoftAd-Aware 2007aawserviceexe (PID 1816)Time Sunday August
24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesLavasoftAd-Aware 2007aawserviceexe (PID 1816)Time Sunday August 24 2008
84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesLavasoftAd-Aware 2007aawserviceexe (PID 1816)Time Sunday August 24 2008
84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesLavasoftAd-Aware 2007aawserviceexe (PID 1816)Time Sunday August 24 2008
84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesLavasoftAd-Aware 2007aawserviceexe (PID 1816)Time Sunday August 24 2008
84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesLavasoftAd-Aware 2007aawserviceexe (PID 1816)Time Sunday August 24 2008
84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesLavasoftAd-Aware
2007aawserviceexe (PID 1816)Time Sunday August 24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesLavasoftAd-Aware
2007aawserviceexe (PID 1816)Time Sunday August 24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesLavasoftAd-Aware 2007aawserviceexe (PID 1816)Time Sunday August 24 2008
84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesLavasoftAd-Aware
2007aawserviceexe (PID 1816)Time Sunday August 24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesLavasoftAd-Aware
2007aawserviceexe (PID 1816)Time Sunday August 24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesLavasoftAd-Aware
2007aawserviceexe (PID 1816)Time Sunday August 24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesLavasoftAd-Aware
2007aawserviceexe (PID 1816)Time Sunday August 24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusVPC32exeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesLavasoftAd-Aware
2007aawserviceexe (PID 1816)Time Sunday August 24 2008 84902 PM

Application - Error - 8/24/2008 8:49:02 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusVPC32exeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesLavasoftAd-Aware
2007aawserviceexe (PID 1816)Time Sunday August 24 2008 84902 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CDOCUME1THADEU1LOCALS1Temphckhghaiexe (PID 2176)Time Sunday August 24 2008 8
5821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CDOCUME1THADEU1LOCALS1Temphckhghaiexe (PID 2176)Time Sunday August 24 2008 8
5821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusVPC32exeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:58:21 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusVPC32exeEvent
Info Open ProcessAction Taken BlockedActor Process CDOCUME1THADEU1LOCALS1Temphckhghaiexe
(PID 2176)Time Sunday August 24 2008 85821 PM

Application - Error - 8/24/2008 8:59:00 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Application Hang
Description = Hanging application tt53tmp version 0000 hang module hungapp version
0000 hang address 0x00000000

Application - Error - 8/24/2008 9:00:18 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Symantec AntiVirus
Description = Threat FoundThreat JokeBlusod in File cWINDOWSsystem32blphcag8j0er9gscr
by Manual scan Action Quarantine succeeded Action Description The file was quarantined
successfully

Application - Error - 8/24/2008 9:06:16 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 296)Time Sunday August 24 2008
90616 PM

Application - Error - 8/24/2008 9:06:16 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 296)Time Sunday August
24 2008 90616 PM

Application - Error - 8/24/2008 9:06:16 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 296)Time Sunday August
24 2008 90616 PM

Application - Error - 8/24/2008 9:06:16 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 296)Time Sunday August 24 2008
90616 PM

Application - Error - 8/24/2008 9:06:16 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 296)Time Sunday August 24 2008
90616 PM

Application - Error - 8/24/2008 9:06:16 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 296)Time Sunday August 24 2008
90616 PM

Application - Error - 8/24/2008 9:07:12 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 296)Time Sunday August 24 2008
90712 PM

Application - Error - 8/24/2008 9:07:12 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 296)Time Sunday August 24 2008
90712 PM

Application - Error - 8/24/2008 9:07:12 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 296)Time Sunday August 24 2008 90712 PM

Application - Error - 8/24/2008 9:07:12 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 296)Time Sunday August 24 2008 90712 PM

Application - Error - 8/24/2008 9:08:29 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 296)Time Sunday August 24 2008 90829 PM

Application - Error - 8/24/2008 9:08:29 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 296)Time Sunday August 24 2008 90829 PM

Application - Error - 8/24/2008 9:08:32 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 296)Time Sunday August 24 2008 90832 PM

Application - Error - 8/24/2008 9:08:32 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 296)Time Sunday August 24 2008 90832 PM

Application - Error - 8/24/2008 9:08:36 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusVPC32exeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 296)Time Sunday August 24 2008 90836 PM

Application - Error - 8/24/2008 9:08:36 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusVPC32exeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 296)Time Sunday August 24 2008 90836 PM

Application - Error - 8/24/2008 10:04:23 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Symantec AntiVirus
Description = Security Risk FoundThreat JokeBlusod in File cwindowssystem32blphcag8j0er9gscr
by Manual scan Action Leave Alone succeeded Action Description The file was l
eft unchanged

Application - Error - 8/24/2008 10:04:24 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Symantec AntiVirus
Description = Security Risk FoundThreat JokeBlusod in File cwindowssystem32blphcag8j0er9gscr
by Manual scan Action Quarantine succeeded Action Description The file was quarantined
successfully

Application - Error - 8/24/2008 10:04:25 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Symantec AntiVirus
Description = Threat FoundThreat JokeBlusod in File cWINDOWSsystem32blphcag8j0er9gscr
by Manual scan Action Quarantine succeeded Action Description The file was quarantined
successfully

Application - Error - 8/24/2008 10:12:38 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2780)Time Sunday August 24 2008
101238 PM

Application - Error - 8/24/2008 10:12:38 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2780)Time Sunday August 24 2008
101238 PM

Application - Error - 8/24/2008 10:12:38 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2780)Time Sunday August
24 2008 101238 PM

Application - Error - 8/24/2008 10:12:38 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2780)Time Sunday August
24 2008 101238 PM

Application - Error - 8/24/2008 10:12:38 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2780)Time Sunday August 24 2008
101238 PM

Application - Error - 8/24/2008 10:12:38 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2780)Time Sunday August 24 2008
101238 PM

Application - Error - 8/24/2008 10:12:44 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2780)Time Sunday August 24 2008 101244 PM

Application - Error - 8/24/2008 10:12:44 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2780)Time Sunday August 24 2008 101244 PM

Application - Error - 8/24/2008 10:12:44 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2780)Time Sunday August 24 2008 101244 PM

Application - Error - 8/24/2008 10:12:44 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2780)Time Sunday August 24 2008 101244 PM

Application - Error - 8/24/2008 10:12:47 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2780)Time Sunday August 24 2008
101247 PM

Application - Error - 8/24/2008 10:12:47 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2780)Time Sunday August 24 2008
101247 PM

Application - Error - 8/24/2008 10:12:47 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2780)Time Sunday August 24 2008 101247 PM

Application - Error - 8/24/2008 10:12:47 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2780)Time Sunday August 24 2008 101247 PM

Application - Error - 8/25/2008 12:03:28 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Application Error
Description =

Application - Error - 8/25/2008 12:19:51 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Application Error
Description =

Application - Error - 8/25/2008 12:43:40 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2272)Time Monday August 25 2008
124340 AM

Application - Error - 8/25/2008 12:43:40 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2272)Time Monday August 25 2008
124340 AM

Application - Error - 8/25/2008 12:43:40 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2272)Time Monday August
25 2008 124340 AM

Application - Error - 8/25/2008 12:43:40 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2272)Time Monday August
25 2008 124340 AM

Application - Error - 8/25/2008 12:43:40 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2272)Time Monday August 25 2008
124340 AM

Application - Error - 8/25/2008 12:43:40 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2272)Time Monday August 25 2008
124340 AM

Application - Error - 8/25/2008 12:43:44 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2272)Time Monday August 25 2008 124344 AM

Application - Error - 8/25/2008 12:43:44 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2272)Time Monday August 25 2008 124344 AM

Application - Error - 8/25/2008 12:43:45 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2272)Time Monday August 25 2008 124345 AM

Application - Error - 8/25/2008 12:43:45 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2272)Time Monday August 25 2008 124345 AM

Application - Error - 8/25/2008 12:43:48 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2272)Time Monday August 25 2008
124348 AM

Application - Error - 8/25/2008 12:43:48 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesSUPERAntiSpywareSUPERAntiSpywareexe (PID 2272)Time Monday August 25 2008
124348 AM

Application - Error - 8/25/2008 12:43:48 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesSUPERAntiSpywareSUPERAntiSpywareexe
(PID 2272)Time Monday August 25 2008 124348 AM

Application - Error - 8/25/2008 12:43:48 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Tak
  • 0

#9
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Extras Part 2

(PID 2272)Time Monday August 25 2008 124348 AM

Application - Error - 8/25/2008 2:03:23 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20323
AM

Application - Error - 8/25/2008 2:03:23 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 2
5 2008 20323 AM

Application - Error - 8/25/2008 2:03:23 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 2
5 2008 20323 AM

Application - Error - 8/25/2008 2:03:23 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20323
AM

Application - Error - 8/25/2008 2:03:23 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20323
AM

Application - Error - 8/25/2008 2:03:23 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20323
AM

Application - Error - 8/25/2008 2:03:24 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20324 AM

Application - Error - 8/25/2008 2:03:24 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20324 AM

Application - Error - 8/25/2008 2:03:24 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20324 AM

Application - Error - 8/25/2008 2:03:24 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20324 AM

Application - Error - 8/25/2008 2:03:25 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20325
AM

Application - Error - 8/25/2008 2:03:25 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20325 AM

Application - Error - 8/25/2008 2:03:25 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20325 AM

Application - Error - 8/25/2008 2:03:25 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 20325
AM

Application - Error - 8/25/2008 2:30:09 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23009
AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 2
5 2008 23010 AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 2
5 2008 23010 AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010
AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010
AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010
AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010 AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010 AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010 AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010 AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010
AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010
AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010 AM

Application - Error - 8/25/2008 2:30:10 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4036)Time Monday August 25 2008 23010 AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33328
AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccSetMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33328
AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesMalwarebytes Anti-Malwarembamexe (PID 4092)Time Monday August 2
5 2008 33328 AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33328
AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccEvtMgrexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33328
AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedSPBBCSPBBCSvcexeEvent Info Open ProcessAction Taken BlockedActor Process
CProgram FilesMalwarebytes Anti-Malwarembamexe (PID 4092)Time Monday August 2
5 2008 33328 AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33328 AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusDefWatchexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33328 AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33328 AM

Application - Error - 8/25/2008 3:33:28 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesSymantec AntiVirusRtvscanexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33328 AM

Application - Error - 8/25/2008 3:33:29 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33329
AM

Application - Error - 8/25/2008 3:33:29 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CProgram FilesCommon FilesSymantec
SharedccAppexeEvent Info Open ProcessAction Taken BlockedActor Process CProgram
FilesMalwarebytes Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33329
AM

Application - Error - 8/25/2008 3:33:29 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33329 AM

Application - Error - 8/25/2008 3:33:29 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = Symantec AntiVirus
Description = SYMANTEC TAMPER PROTECTION ALERTTarget CPROGRA1SYMANT1VPTrayexeEvent
Info Open ProcessAction Taken BlockedActor Process CProgram FilesMalwarebytes
Anti-Malwarembamexe (PID 4092)Time Monday August 25 2008 33329 AM

Application - Error - 8/25/2008 10:46:32 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Application Hang
Description = Hanging application PowerDVDexe version 5000 hang module hungapp v
ersion 0000 hang address 0x00000000

Application - Error - 8/25/2008 10:46:40 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Application Hang
Description = Hanging application PowerDVDexe version 5000 hang module hungapp v
ersion 0000 hang address 0x00000000

Application - Error - 8/25/2008 10:49:37 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Application Hang
Description = Hanging application PowerDVDexe version 5000 hang module hungapp v
ersion 0000 hang address 0x00000000

Application - Error - 8/25/2008 10:49:42 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Application Hang
Description = Hanging application PowerDVDexe version 5000 hang module hungapp v
ersion 0000 hang address 0x00000000

[ System Events ]

System - Error - 8/23/2008 3:54:01 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Dhcp
Description = Your computer has lost the lease to its IP address 19216802 on theNetwork
Card with network address 00197E3E347C

System - Error - 8/24/2008 3:21:19 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Dhcp
Description = Your computer has lost the lease to its IP address 19216802 on theNetwork
Card with network address 00197E3E347C

System - Error - 8/24/2008 11:57:34 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/24/2008 11:57:35 PM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description =

System - Error - 8/24/2008 11:58:10 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The DHCP Client service depends on the NetBios over Tcpip service which
failed to start because of the following error 31

System - Error - 8/24/2008 11:58:10 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The DNS Client service depends on the TCPIP Protocol Driver service
which failed to start because of the following error 31

System - Error - 8/24/2008 11:58:10 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The TCPIP NetBIOS Helper service depends on the AFD service which failed
to start because of the following error 31

System - Error - 8/24/2008 11:58:10 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The Apple Mobile Device service depends on the TCPIP Protocol Driver
service which failed to start because of the following error 31

System - Error - 8/24/2008 11:58:10 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The Bonjour Service service depends on the TCPIP Protocol Driver s
ervice which failed to start because of the following error 31

System - Error - 8/24/2008 11:58:10 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error 31

System - Error - 8/24/2008 11:58:10 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load AFDAPPDRVeeCtrlFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssSASDIFSVSASKUTILSAV
RTSAVRTPELSPBBCDrvSYMTDITcpip

System - Error - 8/25/2008 12:05:30 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:07:34 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:08:12 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:08:18 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:08:24 AM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description =

System - Error - 8/25/2008 12:14:13 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:14:14 AM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description =

System - Error - 8/25/2008 12:15:00 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The DHCP Client service depends on the NetBios over Tcpip service which
failed to start because of the following error 31

System - Error - 8/25/2008 12:15:00 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The DNS Client service depends on the TCPIP Protocol Driver service
which failed to start because of the following error 31

System - Error - 8/25/2008 12:15:00 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The TCPIP NetBIOS Helper service depends on the AFD service which failed
to start because of the following error 31

System - Error - 8/25/2008 12:15:00 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The Apple Mobile Device service depends on the TCPIP Protocol Driver
service which failed to start because of the following error 31

System - Error - 8/25/2008 12:15:00 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The Bonjour Service service depends on the TCPIP Protocol Driver s
ervice which failed to start because of the following error 31

System - Error - 8/25/2008 12:15:00 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error 31

System - Error - 8/25/2008 12:15:00 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load AFDAPPDRVeeCtrlFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssSASDIFSVSASKUTILSAV
RTSAVRTPELSPBBCDrvSYMTDITcpip

System - Error - 8/25/2008 12:20:44 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:20:55 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:21:00 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:21:43 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:23:08 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:23:51 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:23:55 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:24:00 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:24:03 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:26:32 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:29:05 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 12:29:16 AM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description =

System - Error - 8/25/2008 2:38:52 AM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description =

System - Error - 8/25/2008 2:38:55 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Administrator - Source = DCOM
Description =

System - Error - 8/25/2008 2:39:12 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Administrator - Source = DCOM
Description =

System - Error - 8/25/2008 2:39:37 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The DHCP Client service depends on the NetBios over Tcpip service which
failed to start because of the following error 31

System - Error - 8/25/2008 2:39:37 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The DNS Client service depends on the TCPIP Protocol Driver service
which failed to start because of the following error 31

System - Error - 8/25/2008 2:39:37 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The TCPIP NetBIOS Helper service depends on the AFD service which failed
to start because of the following error 31

System - Error - 8/25/2008 2:39:37 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The Apple Mobile Device service depends on the TCPIP Protocol Driver
service which failed to start because of the following error 31

System - Error - 8/25/2008 2:39:37 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The Bonjour Service service depends on the TCPIP Protocol Driver s
ervice which failed to start because of the following error 31

System - Error - 8/25/2008 2:39:37 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error 31

System - Error - 8/25/2008 2:39:37 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load AFDAPPDRVeeCtrlFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssSASDIFSVSASKUTILSAV
RTSAVRTPELSPBBCDrvSYMTDITcpip

System - Error - 8/25/2008 3:26:28 AM - Computer Name = THADEUS-F4061AA - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description =

System - Error - 8/25/2008 4:36:48 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:37:18 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:37:49 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:40:41 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:41:11 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:41:42 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:42:16 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:42:47 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:56:18 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:56:48 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 4:57:19 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 5:40:26 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = PlugPlayManager
Description = The device Optiarc DVD-RW AD-5540A (IDECdRomOptiarcDVD-RWAD-5540A102C5cafda9a0000)
disappeared from the system without first being prepared for removal

System - Error - 8/25/2008 9:49:01 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = PlugPlayManager
Description = The device Optiarc DVD-RW AD-5540A (IDECdRomOptiarcDVD-RWAD-5540A102C5cafda9a0000)
disappeared from the system without first being prepared for removal

System - Error - 8/25/2008 9:49:07 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = PlugPlayManager
Description = The device Optiarc DVD-RW AD-5540A (IDECdRomOptiarcDVD-RWAD-5540A102C5cafda9a0000)
disappeared from the system without first being prepared for removal

System - Error - 8/25/2008 10:24:47 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 10:25:17 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 10:25:48 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/25/2008 10:44:29 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = PlugPlayManager
Description = The device Optiarc DVD-RW AD-5540A (IDECdRomOptiarcDVD-RWAD-5540A102C5cafda9a0000)
disappeared from the system without first being prepared for removal

System - Error - 8/25/2008 10:51:08 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = PlugPlayManager
Description = The device Optiarc DVD-RW AD-5540A (IDECdRomOptiarcDVD-RWAD-5540A102C5cafda9a0000)
disappeared from the system without first being prepared for removal

System - Error - 8/26/2008 8:33:47 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/26/2008 8:35:51 AM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/26/2008 2:49:41 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/26/2008 2:50:12 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/26/2008 2:50:42 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/26/2008 2:51:46 PM - Computer Name = THADEUS-F4061AA - User Name = THADEUS-F4061AA\Thadeus McGriddle - Source = DCOM
Description =

System - Error - 8/28/2008 8:16:10 AM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = Windows Update Agent
Description =

System - Error - 8/29/2008 1:18:31 PM - Computer Name = THADEUS-F4061AA - User Name = (blank) - Source = PlugPlayManager
Description = The device Optiarc DVD-RW AD-5540A (IDECdRomOptiarcDVD-RWAD-5540A102C5cafda9a0000)
disappeared from the system without first being prepared for removal

[ Security Events ]

[ Anti-Virus Events ]

End of report

Edited by Danzilla, 29 August 2008 - 06:06 AM.

  • 0

#10
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey,

Please attach your logs in one txt file by the following way, it would bes easier for mo to analyse :)

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Regards,
Egwene.

Edited by Egwene, 29 August 2008 - 10:58 AM.

  • 0

Advertisements


#11
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK, here it the txt attachment. I live in Japan right now so sorry for the delayed replies. In a way different time zone over here.

Attached File  OTViewIT_log_and_Extras_log.txt   128KB   47 downloads
  • 0

#12
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

Your logs don't look too bad, i see that Norton had blocked XP antivirus 2008 and you ran Smitfraudfix. However, there are still some things to do here :)

1) Backing up your registry :


The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

2) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

  • J2SE Runtime Environment 5.0 Update 11
  • Java™ SE Runtime Environment 6 Update 1
  • Java™ 6 Update 3
  • Java™ 6 Update 5
  • Azureus Vuze

Optional Removals : You have at least one peer-to-peer softwares on your computer. If you wish to find out whether the one you're using does, click Here.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.


3) Run OTmoveIT2 :

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\DOCUME~1\THADEU~1\APPLIC~1\MP3HID~1
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ac59fd-0739-11dc-933f-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0406571e-7b09-11dc-93e5-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11683132-584d-11dd-95a0-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324199b7-09cf-11dc-9346-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0e8eb9-6d0a-11dd-95c3-00197e3e347c}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0e8eba-6d0a-11dd-95c3-00197e3e347c}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71330420-c19c-11dc-9489-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71330421-c19c-11dc-9489-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eae24c1-06ef-11dc-9179-806d6172696f}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{901d799e-0737-11dc-933d-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95d463c2-5f6d-11dd-95ad-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9976fb4a-03cc-11dd-951a-00197e3e347c}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b1adca8-e141-11dc-94d6-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d59bfbb-6106-11dc-93af-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dab1fa0-56d6-11dc-93a2-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d82d1e5e-2d85-11dd-955f-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1808895-6253-11dc-93b5-00188bc8afaf}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Acidcast
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

4) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Regards,
Egwene.
  • 0

#13
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Egwene,

Here's what I did.

Step 1 - made a backup of my registry with ERUNT

Step 2 - Uninstalled programs you recommended

Step 3 - Got OTMoveIT and ran it. Here is the log.

Attached File  OTMoveIT_log.txt   5.54KB   61 downloads

Step 4 - Wasn't able to connect to Kaspersky site to do the check. There are still websites being blocked on my computer.

Thanks for the help so far.
  • 0

#14
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Danzilla,

Please do not attach your logs unless i asked you to do it. Thanks :)

1) Run MBAM :

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2) Export your Host file :

I would like to make sure that you can view hidden files and folders :

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading SELECT Show hidden files and folders.
* UNCHECK the Hide protected operating system files (recommended) option.
* UNCHECK the Hide extensions for known file types option.
* Click Yes to confirm.
* Click OK.

Then, navigate with your windows ewplorer untill this file :

C:\WINDOWS\System32\drivers\etc\Hosts

Right clic on it and chose "open" and then chose "open with notepad". Please copy and paste the content of the notepad in your next answer. Then close the windows.

Regards,
Egwene.
  • 0

#15
Danzilla

Danzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Step 1 - Already had MBAM. Had to update it using one of the mirror sites as the regular one is still blocked by the virus it seems.
After I ran the scan, it said it needed to restart just like you said it might. However, when it was restarting, I got a big blue screen that said a problem had been detected and that I needed to restart the computer again. If i got the same blue screen I was going to have to follow directions on the screen. The blue screen said it was trying to prevent damage to my computer. Anyway, I restarted and everything seemed to start up ok.
Here is the MBAM log:

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

6:30:13 PM 9/1/2008
mbam-log-09-01-2008 (18-30-13).txt

Scan type: Quick Scan
Objects scanned: 45064
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

Step 2: Completed
Here is the info from the Hosts file:

# Copyright 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost


Alrighty, that's it for now.
Dan
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP