Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bloodhound Sonar and Jokesod

Started by Mbec , Aug 26 2008 02:59 PM

  • Please log in to reply

#1
Mbec
Posted 26 August 2008 - 02:59 PM

Mbec

    New Member

  • Member
  • Pip
  • 4 posts
I am somewhat overwhelmed at the moment. Today while using my laptop and surfing what should have been a relatively safe news site I got a popup saying that I needed to install anti-virus software. I knew I was already protected and went to shut it down by using the "X" in the upper right corner of the dialog box. However, there wasn't any "X" to be found. Since "install" was the only other option in the dialog box, I chose to use Task Manager to stop the application from running. After stopping the application the computer was frozen. Reluctantly I turned the power off.

Whan I booted again I got to the welcome screen and the computer froze. After 10 minutes I turned off the power again and this time I was able to boot it back up. However, there is now a red and white image (it looks like a dialog box but is not functional) in the center of my desktop. It says

"Windows Warning Message!

Warning!
Spyware detected on your computer!"

There is a single button that says "please activate your antivirus software to clean your computer".

I have Norton 360 and it is activated and current. When I scanned the computer with Norton, it came up with the 2 virus names that are in my thread title above, (Bloodhound Sonar, and Joke.sod). Norton was able to remove Bloodhound Sonar, but joke.sod remains.

The biggest problem I have right now is that I am unable to connect to Symantec's site or any site that has anything to do with technical support. I have a good internet connection and can use my bookmarks successfully. I can type in msn.com in my browser (FireFox version 2...) and it will come up allowing me to navigate through the different news articles.

I am also having problems with Google. When I run a search on Google and click on any of the results I am re-directed to a random site that seems to be another search portal. I'm not sent to any single portal site, it's a different site each time I click on a Google result link.

Finally, when I last tried to connect to the symantec site I got an error message that said the computer was going to shut down. Sure enough it did. When I rebooted I got an windows error message saying:

"Data Execution Prevention

To help protect your computer, Windows has closed this program.

Name: Generic Host Process for Win 32 Services"

I'm using a desktop computer to post this message. My laptop wouldn't even connect to geekstogo.com. Does anyone know how I can remove the restriction preventing me from connecting to support type websites?

Any assistance is greatly appreciated,

Mike
  • 0

Advertisements

#2
kahdah
Posted 26 August 2008 - 06:57 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Mbec

Welcome to G2Go. :)
=====================
You will have to transfer this program using a flash drive or a cd.

Posted ImageClick here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Mbec
Posted 26 August 2008 - 08:30 PM

Mbec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the response Kahdah.

I've stumbled into a fix for most of the problem and am actually typing this on the laptop that was infected. I'm not real knowledgeable about Malware removal, but it seems there were 2 problems that I think have been fixed.

1) Running DrWeb-Cure it solved all of the internet connection problems, but the Fake alert problem was still there.
2) Running malwareBytes Anti Malware removed the Fake Alert virus and removed the nagging red and white warning box.

Here's the Hijack this log, and thanks again for this site and your assistance.

Mike

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:07 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\ProtectTools\Embedded Security Software\SpTna.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTServs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Download\AntiVirus 08.26.2008\Hijack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O18 - Protocol: a5res - (no CLSID) - (no file)
O18 - Protocol: XBasic - (no CLSID) - (no file)
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8340 bytes

Attached Files


Edited by Mbec, 26 August 2008 - 08:35 PM.

  • 0

#4
kahdah
Posted 27 August 2008 - 04:06 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you (it gets saved on your desktop as well ), post that log here.

  • 0

#5
Mbec
Posted 27 August 2008 - 07:27 AM

Mbec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Kahdah,

Here's what I've got from OTViewIt:

OTViewIt logfile created on: 8/27/2008 9:24:18 AM - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 61.47% Memory free
2.08 Gb Paging File | 1.56 Gb Available in Paging File | 75.08% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.08 Gb Total Space | 21.74 Gb Free Space | 44.29% Space Free | Partition Type: NTFS
Drive D: | 6.80 Gb Total Space | 6.52 Gb Free Space | 95.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-B6E9B5B10E
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[09/02/2005 07:59 AM | 00,647,168 | ---- | M] (Infineon Technologies AG) - C:\WINDOWS\system32\IFXTCS.exe
[06/29/2005 03:06 PM | 00,043,008 | ---- | M] (Cognizance Corporation) - C:\Program Files\HPQ\IAM\Bin\asghost.exe
[01/10/2007 01:59 AM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[08/19/2008 08:46 AM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[06/16/2008 11:51 AM | 00,137,200 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[01/10/2006 08:23 AM | 00,458,752 | ---- | M] (Infineon Technologies AG) - C:\WINDOWS\system32\IFXSPMGT.exe
[02/17/2006 06:26 PM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[07/06/2007 05:14 PM | 05,730,304 | ---- | M] () - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
[08/19/2005 10:47 AM | 00,173,600 | ---- | M] (Infineon Technologies AG) - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
[03/15/2006 05:28 PM | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
[01/10/2006 08:23 AM | 00,136,736 | ---- | M] (Infineon Technologies AG) - C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
[08/19/2005 10:22 AM | 00,397,312 | ---- | M] (Infineon Technologies AG) - C:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe
[01/29/2006 09:00 PM | 00,088,203 | ---- | M] (Agere Systems) - C:\WINDOWS\AGRSMMSG.exe
[02/14/2006 01:49 PM | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[03/07/2006 04:38 PM | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[01/10/2007 01:59 AM | 00,115,816 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[02/07/2006 01:51 AM | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\HPQ\HP ProtectTools Security Manager\PTServs.exe
[06/16/2008 11:51 AM | 00,068,856 | ---- | M] (Google Inc.) - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[12/23/2005 03:44 PM | 00,491,606 | ---- | M] () - C:\Program Files\HPQ\Shared\HpqToaster.exe
[01/23/2008 06:03 PM | 01,251,720 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[07/26/2008 08:03 PM | 08,496,752 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
[07/16/2008 06:37 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/27/2008 09:22 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[08/19/2008 08:46 AM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[01/10/2007 01:59 AM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[01/10/2007 01:59 AM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[01/10/2007 01:59 AM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(comHost) COM Host [On_Demand | Stopped]
[01/12/2007 11:40 PM | 00,049,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 04:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(gusvc) Google Updater Service [Auto | Running]
[06/16/2008 11:51 AM | 00,137,200 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(hpqwmiex) hpqwmiex [Auto | Running]
[03/15/2006 05:28 PM | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[10/22/2004 06:24 AM | 00,073,728 | ---- | M] (Macrovision Corporation) - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

(IFXSpMgtSrv) Security Platform Management Service [Auto | Running]
[01/10/2006 08:23 AM | 00,458,752 | ---- | M] (Infineon Technologies AG) - C:\WINDOWS\system32\IFXSPMGT.exe

(IFXTCS) Trusted Platform Core Service [Auto | Running]
[09/02/2005 07:59 AM | 00,647,168 | ---- | M] (Infineon Technologies AG) - C:\WINDOWS\system32\IFXTCS.exe

(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running]
[02/17/2006 06:26 PM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[09/12/2007 10:27 PM | 02,999,664 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Auto | Running]
[01/10/2007 01:59 AM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(LiveUpdate Notice Service) LiveUpdate Notice Service [Auto | Stopped]
[01/29/2008 06:38 PM | 00,583,048 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

(MySQL) MySQL [Auto | Running]
[07/06/2007 05:14 PM | 05,730,304 | ---- | M] () - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

(PCA) PC Angel [Auto | Stopped]
[01/12/2006 03:22 PM | 00,294,912 | ---- | M] (SoftThinks) - C:\WINDOWS\SMINST\PCAngel.exe

(PersonalSecureDriveService) Personal Secure Drive Service [Auto | Running]
[08/19/2005 10:47 AM | 00,173,600 | ---- | M] (Infineon Technologies AG) - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

(Symantec Core LC) Symantec Core LC [On_Demand | Running]
[01/23/2008 06:03 PM | 01,251,720 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

===== Driver Services - Non-Microsoft Only =====

(Accelerometer) Accelerometer [On_Demand | Running]
[01/10/2006 04:00 AM | 00,022,016 | ---- | M] (Hewlett-Packard Corporation) - C:\WINDOWS\system32\drivers\Accelerometer.sys

(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [On_Demand | Running]
[02/28/2006 09:36 AM | 00,176,128 | ---- | M] (Analog Devices, Inc.) - C:\WINDOWS\system32\drivers\ADIHdAud.sys

(AEAudioService) AEAudio Service [On_Demand | Running]
[06/07/2005 09:53 AM | 00,152,960 | ---- | M] (Andrea Electronics Corporation) - C:\WINDOWS\system32\drivers\aeaudio.sys

(AgereSoftModem) Agere Systems Soft Modem [On_Demand | Running]
[01/29/2006 09:00 PM | 01,120,352 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\AGRSM.sys

(AliIde) AliIde [Boot | Stopped]
[08/17/2001 11:51 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) [On_Demand | Running]
[03/10/2006 09:12 PM | 00,130,048 | ---- | M] (AuthenTec, Inc.) - C:\WINDOWS\system32\drivers\atswpdrv.sys

(b57w2k) Broadcom NetXtreme Gigabit Ethernet [On_Demand | Running]
[01/12/2006 06:06 AM | 00,142,720 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\b57xp32.sys

(BTWUSB) WIDCOMM USB Bluetooth Driver [On_Demand | Stopped]
[03/02/2006 07:03 AM | 00,057,096 | ---- | M] (Broadcom Corporation.) - C:\WINDOWS\system32\drivers\btwusb.sys

(DLABOIOM) DLABOIOM [Auto | Running]
[08/31/2005 08:20 AM | 00,025,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS

(DLACDBHM) DLACDBHM [System | Running]
[08/25/2005 03:16 PM | 00,005,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS

(DLADResN) DLADResN [Auto | Running]
[08/31/2005 08:20 AM | 00,002,496 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLADResN.SYS

(DLAIFS_M) DLAIFS_M [Auto | Running]
[08/31/2005 08:20 AM | 00,086,524 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

(DLAOPIOM) DLAOPIOM [Auto | Running]
[08/31/2005 08:20 AM | 00,014,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

(DLAPoolM) DLAPoolM [Auto | Running]
[08/31/2005 08:20 AM | 00,006,364 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS

(DLARTL_N) DLARTL_N [System | Running]
[08/25/2005 03:16 PM | 00,022,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLARTL_N.SYS

(DLAUDFAM) DLAUDFAM [Auto | Running]
[08/31/2005 08:20 AM | 00,094,332 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

(DLAUDF_M) DLAUDF_M [Auto | Running]
[08/31/2005 08:20 AM | 00,087,036 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 04:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 04:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 04:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DRVMCDB) DRVMCDB [Boot | Running]
[08/30/2005 06:30 AM | 00,088,752 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS

(DRVNDDM) DRVNDDM [Auto | Running]
[08/12/2005 08:20 AM | 00,040,544 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS

(eabfiltr) eabfiltr [System | Running]
[09/19/2005 04:23 PM | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) - C:\WINDOWS\system32\drivers\eabfiltr.sys

(eabusb) eabusb [On_Demand | Stopped]
[09/19/2005 04:24 PM | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) - C:\WINDOWS\system32\drivers\EabUsb.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/18/2008 04:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/18/2008 04:00 AM | 00,099,376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Stopped]
[09/19/2006 04:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(GTIPCI21) GTIPCI21 [On_Demand | Running]
[02/28/2006 01:05 PM | 00,087,808 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\gtipci21.sys

(HBtnKey) HBtnKey [On_Demand | Running]
[09/19/2005 04:24 PM | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) - C:\WINDOWS\system32\drivers\CPQBttn.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[01/07/2005 08:07 PM | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudbus.sys

(hpdskflt) HP Disk Filter Driver [Boot | Running]
[01/10/2006 04:00 AM | 00,017,920 | ---- | M] (Hewlett-Packard Corporation) - C:\WINDOWS\system32\drivers\hpdskflt.sys

(ialm) ialm [On_Demand | Running]
[03/23/2006 08:47 AM | 01,166,972 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(iaStor) Intel AHCI Controller [Boot | Running]
[10/12/2005 08:07 AM | 00,874,240 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iaStor.sys

(IFXTPM) IFXTPM [On_Demand | Running]
[06/10/2005 09:26 AM | 00,035,968 | ---- | M] (Infineon Technologies AG) - C:\WINDOWS\system32\drivers\ifxtpm.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/20/2008 04:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080826.023\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/20/2008 04:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080826.023\NAVEX15.SYS

(PersonalSecureDrive) PersonalSecureDrive [System | Running]
[10/25/2005 02:10 PM | 00,035,488 | ---- | M] (Infineon Technologies AG) - C:\WINDOWS\system32\drivers\psd.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 04:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[01/26/2005 05:03 AM | 00,020,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SMCIRDA) SMC IrCC Miniport Device Driver [On_Demand | Running]
[08/17/2001 03:10 PM | 00,035,913 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[04/14/2007 06:49 AM | 00,418,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SRTSP) SRTSP [On_Demand | Running]
[12/01/2007 03:57 AM | 00,279,088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[12/01/2007 03:57 AM | 00,317,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[12/01/2007 03:57 AM | 00,043,696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspx.sys

(SYMDNS) SYMDNS [On_Demand | Running]
[01/09/2007 06:32 PM | 00,012,984 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[05/30/2008 07:09 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[01/09/2007 06:32 PM | 00,145,976 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symfw.sys

(SYMIDS) SYMIDS [On_Demand | Running]
[01/09/2007 06:32 PM | 00,040,120 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symids.sys

(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[02/13/2008 12:18 PM | 00,240,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080825.001\SymIDSco.sys

(SYMNDIS) SYMNDIS [On_Demand | Running]
[01/09/2007 06:32 PM | 00,035,256 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symndis.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[01/09/2007 06:32 PM | 00,027,576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[01/09/2007 06:32 PM | 00,191,544 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[03/03/2006 12:31 PM | 00,192,736 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys

(tifm21) tifm21 [On_Demand | Running]
[11/30/2005 06:12 AM | 00,162,560 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys

(w39n51) Intel® PRO/Wireless 3945ABG Adapter Driver [On_Demand | Running]
[01/19/2006 09:50 AM | 01,428,096 | ---- | M] (Intel® Corporation) - C:\WINDOWS\system32\drivers\w39n51.sys

(WacomISDPen) Wacom Penabled HID MiniDriver [On_Demand | Running]
[07/14/2005 09:19 AM | 00,023,936 | ---- | M] (Wacom Technology) - C:\WINDOWS\system32\drivers\wacomisdpen.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG" = AGRSMMSG.exe [01/29/2006 09:00 PM | 00,088,203 | ---- | M] (Agere Systems)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM | 00,115,816 | ---- | M] (Symantec Corporation)
"CognizanceTS" = rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule [12/22/2003 02:12 PM | 00,017,920 | ---- | M] (Cognizance Corporation)
"hpWirelessAssistant" = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [02/14/2006 01:49 PM | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"QlbCtrl" = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [03/07/2006 04:38 PM | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"Symantec PIF AlertEng" = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [01/29/2008 06:38 PM | 00,583,048 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [06/16/2008 11:51 AM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard" = %windir%\help\wizard.hta File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard" = %windir%\help\wizard.hta File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard" = %windir%\help\wizard.hta File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard" = %windir%\help\wizard.hta File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-4018586377-3843383354-4250506133-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [06/16/2008 11:51 AM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-4018586377-3843383354-4250506133-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [09/23/2005 11:12 PM | 00,063,136 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [02/18/2007 11:22 PM | 00,097,960 | R--- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [08/31/2005 08:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [11/10/2005 04:22 PM | 00,184,423 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/20/2007 03:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [06/19/2008 11:35 AM | 00,734,704 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HKLM CLSID: (HP Credential Manager for ProtectTools) - [03/02/2005 10:35 PM | 00,050,688 | ---- | M] (Infineon Technologies AG) C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/20/2007 03:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{90222687-F593-4738-B738-FBEE9C7B26DF}"
HKLM CLSID: (Show Norton Toolbar) - [02/18/2007 11:23 PM | 00,609,424 | R--- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/20/2007 03:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/20/2007 03:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/20/2007 03:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_USERS\S-1-5-21-4018586377-3843383354-4250506133-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/20/2007 03:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-4018586377-3843383354-4250506133-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-4018586377-3843383354-4250506133-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 04:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe [08/04/2004 04:00 AM | 00,004,608 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 04:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe [08/04/2004 04:00 AM | 00,004,608 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [05/21/2008 04:37 AM | 12,844,576 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 04:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 04:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 04:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IfxWlxEN]
"DllName" = C:\WINDOWS\system32\IfxWlxEN.dll [08/19/2005 09:52 AM | 00,389,120 | ---- | M] (Infineon Technologies AG)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [03/23/2006 08:12 AM | 00,139,264 | ---- | M] (Intel Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
"DllName" = C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [07/25/2005 02:41 PM | 00,040,960 | ---- | M] (Cognizance Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4931FDC3-62C6-4942-A10D-AB057B5F7EA3}]
Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{693CA602-FAA6-4A60-9A1C-A692AFF46924}]
Servers: | Description: Broadcom NetXtreme Gigabit Ethernet

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[07/27/2001 11:07 PM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[04/30/2004 03:01 PM | 00,000,053 | -HS- | M] () D:\Autorun.inf [ FAT32 ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{163319ed-cb98-11dc-b5a7-bb60ad96d213}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{163319ed-cb98-11dc-b5a7-bb60ad96d213}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{163319ed-cb98-11dc-b5a7-bb60ad96d213}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0b2a24-07d7-11dd-b5cc-001302411c32}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0b2a24-07d7-11dd-b5cc-001302411c32}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0b2a24-07d7-11dd-b5cc-001302411c32}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7abc55b6-73bf-11dd-b612-001302411c32}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7abc55b6-73bf-11dd-b612-001302411c32}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7abc55b6-73bf-11dd-b612-001302411c32}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/13/2008 07:03 PM | ---D | C] - C:\BACKUP DATA
[08/17/2008 04:05 PM | ---D | C] - C:\A1 USE THIS A5 INVOICING
[08/17/2008 04:07 PM | ---D | C] - C:\A5 Invoicing
[08/17/2008 04:07 PM | ---D | C] - C:\A5NOW
[08/18/2008 09:25 AM | ---D | C] - C:\A5 BIG DIG TODAY GOLD 08.17.2008 6 45 pm
[08/25/2008 09:56 AM | ---D | C] - C:\TEST2
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\System32\*.tmp files]
[01/08/2008 03:40 PM | 00,009,216 | ---- | C] (DYMO Corp.) - C:\WINDOWS\System32\LW400MON.DLL
[04/24/2007 11:21 AM | 00,009,391 | ---- | C] () - C:\WINDOWS\System32\dymourl.ini
[04/24/2007 11:21 AM | 00,184,320 | ---- | C] (DYMO) - C:\WINDOWS\System32\DymoInst.dll
[04/25/2006 08:33 PM | 00,421,888 | ---- | C] (DYMO Corp.) - C:\WINDOWS\System32\DYMOSmartPaste.dll
[05/10/2006 01:19 PM | 00,061,440 | ---- | C] () - C:\WINDOWS\System32\DYMOCFG.DLL
[08/25/2008 02:36 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[11/29/2007 11:51 AM | 00,005,120 | ---- | C] (DYMO Corporation) - C:\WINDOWS\System32\lmmonres.dll
[08/19/2008 04:18 PM | 00,000,034 | ---- | C] () - C:\WINDOWS\iltwain.ini
[08/19/2008 04:18 PM | 00,000,056 | ---- | C] () - C:\WINDOWS\Addrfixr.ini
[08/27/2008 09:22 AM | ---D | C] - C:\WINDOWS\pss
[08/19/2008 08:46 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Lavasoft
[08/26/2008 09:46 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/26/2008 09:46 PM | ---D | C] - C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[08/19/2008 04:18 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\DYMO Label
[08/10/2008 06:27 PM | 00,000,594 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Alpha Five V9.lnk
[08/19/2008 08:45 AM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/19/2008 08:45 AM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[08/26/2008 09:46 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[07/30/2008 07:50 PM | 00,000,641 | ---- | C] () - C:\Documents and Settings\Administrator\Desktop\Shortcut to relaydb.mdb.lnk
[08/13/2008 06:46 PM | 00,000,699 | ---- | C] () - C:\Documents and Settings\Administrator\Desktop\Shortcut to Installing Kerdi.doc.lnk
[08/17/2008 09:03 AM | 00,000,654 | ---- | C] () - C:\Documents and Settings\Administrator\Desktop\A5 INVOICING.lnk
[08/17/2008 09:04 AM | 00,000,566 | ---- | C] () - C:\Documents and Settings\Administrator\Desktop\BIG DIG NOW.lnk
[08/18/2008 09:42 PM | 00,000,863 | ---- | C] () - C:\Documents and Settings\Administrator\Desktop\Shortcut to Aunt Pegs Address Book.adb.lnk
[08/24/2008 05:17 PM | 00,000,654 | ---- | C] () - C:\Documents and Settings\Administrator\Desktop\Lees FIX.lnk
[08/27/2008 09:22 AM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[08/19/2008 08:45 AM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[08/26/2008 09:45 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/19/2008 04:19 PM | ---D | C] - C:\Program Files\DYMO Label
[08/19/2008 08:45 AM | ---D | C] - C:\Program Files\Lavasoft
[08/26/2008 09:54 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware

[Files/Folders - Modified Within 30 days]
[07/31/2008 02:48 PM | ---D | M] - C:\VisualBasicData
[08/02/2008 09:10 PM | ---D | M] - C:\House
[08/13/2008 07:03 PM | ---D | M] - C:\BACKUP DATA
[08/13/2008 07:51 PM | ---D | M] - C:\TEST
[08/14/2008 01:40 PM | ---D | M] - C:\A5 Big Dig 06.09.2008
[08/14/2008 10:28 AM | ---D | M] - C:\VTC University
[08/15/2008 09:00 PM | ---D | M] - C:\zoe
[08/17/2008 04:05 PM | ---D | M] - C:\A1 USE THIS A5 INVOICING
[08/17/2008 04:07 PM | ---D | M] - C:\A5 Invoicing
[08/17/2008 04:07 PM | ---D | M] - C:\A5NOW
[08/18/2008 09:25 AM | ---D | M] - C:\A5 BIG DIG TODAY GOLD 08.17.2008 6 45 pm
[08/19/2008 10:00 PM | ---D | M] - C:\Cathlic Community of Relay
[08/25/2008 04:59 PM | ---D | M] - C:\Vocational Rehab
[08/25/2008 09:56 AM | ---D | M] - C:\TEST2
[08/26/2008 02:49 PM | -HSD | M] - C:\System Volume Information
[08/26/2008 09:39 PM | ---D | M] - C:\Download
[08/26/2008 09:46 PM | R--D | M] - C:\Program Files
[08/26/2008 09:55 PM | 16,016,22016 | -HS- | M] () - C:\hiberfil.sys
[08/27/2008 09:22 AM | ---D | M] - C:\WINDOWS
[07/30/2008 05:28 PM | 00,000,706 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.inf
[07/30/2008 05:28 PM | 00,010,537 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.cat
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\COH_Mon.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\System32\*.tmp files]
[08/10/2008 08:15 AM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/25/2008 02:12 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 02:36 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/25/2008 02:37 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/26/2008 02:49 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/26/2008 06:36 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/26/2008 09:55 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/07/2008 03:03 AM | ---D | M] - C:\WINDOWS\WinSxS
[08/07/2008 03:04 AM | 00,000,583 | ---- | M] () - C:\WINDOWS\win.ini
[08/10/2008 06:26 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/15/2008 10:32 AM | R-SD | M] - C:\WINDOWS\assembly
[08/15/2008 10:35 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/15/2008 10:35 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/19/2008 04:18 PM | 00,000,034 | ---- | M] () - C:\WINDOWS\iltwain.ini
[08/19/2008 04:18 PM | 00,000,056 | ---- | M] () - C:\WINDOWS\Addrfixr.ini
[08/19/2008 08:46 AM | -HSD | M] - C:\WINDOWS\Installer
[08/21/2008 04:48 AM | ---D | M] - C:\WINDOWS\Help
[08/25/2008 02:13 PM | ---D | M] - C:\WINDOWS\Debug
[08/25/2008 02:36 PM | -H-D | M] - C:\WINDOWS\inf
[08/26/2008 09:55 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/26/2008 09:56 PM | ---D | M] - C:\WINDOWS\system32
[08/27/2008 07:15 AM | ---D | M] - C:\WINDOWS\Temp
[08/27/2008 09:22 AM | ---D | M] - C:\WINDOWS\pss
[08/27/2008 09:23 AM | ---D | M] - C:\WINDOWS\Prefetch
[08/20/2008 05:20 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/26/2008 09:56 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[07/30/2008 09:32 PM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/15/2008 10:35 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Microsoft Help
[08/19/2008 08:46 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Lavasoft
[08/26/2008 04:12 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/26/2008 09:46 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/27/2008 06:53 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google Updater
[07/30/2008 09:32 PM | --SD | M] - C:\Documents and Settings\Administrator\Application Data\Microsoft
[08/25/2008 06:47 PM | ---D | M] - C:\Documents and Settings\Administrator\Application Data\U3
[08/26/2008 09:46 PM | ---D | M] - C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[08/26/2008 09:00 PM | 03,782,972 | -H-- | M] () - C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[08/26/2008 10:15 PM | ---D | M] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[08/19/2008 04:18 PM | ---D | M] - C:\Documents and Settings\All Users\Documents\DYMO Label
[08/10/2008 06:27 PM | 00,000,594 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Alpha Five V9.lnk
[08/19/2008 08:45 AM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/19/2008 08:45 AM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[08/26/2008 09:46 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[07/30/2008 07:50 PM | 00,000,641 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\Shortcut to relaydb.mdb.lnk
[08/13/2008 06:46 PM | 00,000,699 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\Shortcut to Installing Kerdi.doc.lnk
[08/14/2008 09:03 PM | 00,002,471 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\Microsoft Office Access 2003.lnk
[08/15/2008 11:48 PM | 00,002,515 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[08/17/2008 09:03 AM | 00,000,654 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\A5 INVOICING.lnk
[08/17/2008 09:04 AM | 00,000,566 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\BIG DIG NOW.lnk
[08/18/2008 09:42 PM | 00,000,863 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\Shortcut to Aunt Pegs Address Book.adb.lnk
[08/24/2008 05:17 PM | 00,000,654 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\Lees FIX.lnk
[08/27/2008 09:22 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[08/07/2008 03:03 AM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared
[08/19/2008 08:45 AM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard
[08/26/2008 09:45 PM | ---D | M] - C:\Program Files\Common Files\Download Manager
[08/26/2008 10:04 PM | ---D | M] - C:\Program Files\Common Files\Symantec Shared

< End of report >
  • 0

#6
kahdah
Posted 27 August 2008 - 06:16 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\Autorun.inf
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
============
Let me know of any more issues and if things are back to normal?
  • 0

#7
Mbec
Posted 27 August 2008 - 08:00 PM

Mbec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Kahdah,

Heres a copy of the Log file from OTMoveit:

D:\Autorun.inf moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08272008_215233


So far everything seems to be working fine. Thanks again for all of your help.

Take care,
Mike
  • 0

#8
kahdah
Posted 27 August 2008 - 08:08 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP