Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Metajuan, can't be removed by norton

Started by aeturos , Apr 04 2009 02:19 PM

  • Please log in to reply

#1
aeturos
Posted 04 April 2009 - 02:19 PM

aeturos

    New Member

  • Member
  • Pip
  • 1 posts
I've had Trojans cropping up for a few days now, and I've been able to remove all of them but one, as far as I can tell.

I've tried repeatedly to remove a Trojan.Metajuan from my computer using Norton AntiVirus, but it fails to do so everytime; I've also tried running a full scan in Safe Mode to remove it, and while that's gotten rid of malware Norton didn't normally detect, it doesn't detect the Trojan.Metajuan at all.


I usually use Google Chrome as my browser, so the Internet Explorer pop-ups were an early sign of a problem. Other symptoms-- my start bar keeps reverting to the basic blue-ness of Windows XP, even though I keep classic settings. My computer has been taking longer to boot up, and whenever I try to open Photoshop, the welcome screen shows a bunch of broken images. Small things, but my computer certainly wasn't acting this way before.

I use the Windows Task Manager processes list to kill pop-ups, and iexplore.exe and ytbb.exe are usually what I end to get rid of them, at least for a while.

...is that enough detail? If there's anymore information I need to supply, please ask, but I tried to be thorough. (:


OTListIt.txt:

OTListIt logfile created on: 4/4/2009 2:44:29 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\Excel\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.42 Mb Total Physical Memory | 467.57 Mb Available Physical Memory | 47.21% Memory free
1.56 Gb Paging File | 1.10 Gb Available in Paging File | 70.41% Paging File free
Paging file location(s): C:\pagefile.sys 700 1400;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.19 Gb Free Space | 45.08% Space Free | Partition Type: NTFS
Drive D: | 1003.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CONDEMED
Current User Name: Excel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\program files\steam\steam.exe (Valve Corporation)
PRC - C:\Documents and Settings\Excel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Excel\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Excel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor4.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Stopped]) -- File not found
SRV - (avg8wd [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (norton antivirus [Auto | Running]) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
SRV - (npkcmsvc [Auto | Running]) -- C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (TabletServicePen [Auto | Running]) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (bhdrvx86 [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\BHDrvx86.sys (Symantec Corporation)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (cchp [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\ccHPx86.sys (Symantec Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (idsxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.007\IDSxpx86.sys (Symantec Corporation)
DRV - (libusb0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (naveng [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090404.003\NAVENG.SYS (Symantec Corporation)
DRV - (navex15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090404.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (srtsp [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSP.SYS (Symantec Corporation)
DRV - (srtspx [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS (Symantec Corporation)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symefa [Boot | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS (Symantec Corporation)
DRV - (symevent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (symfw [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMFW.SYS (Symantec Corporation)
DRV - (symids [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMIDS.SYS (Symantec Corporation)
DRV - (symim [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symimmp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symndis [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMNDIS.SYS (Symantec Corporation)
DRV - (symtdi [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tbhsd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (wacmoumonitor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys (Wacom Technology)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (wltwo51b [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wltwo51b.sys (2wire)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\firefox\extensions\\{1737276B-3B1B-4AA0-A401-F9925EBBA4E0}: C:\DOCUMENTS AND SETTINGS\EXCEL\LOCAL SETTINGS\APPLICATION DATA\{1737276B-3B1B-4AA0-A401-F9925EBBA4E0} [2009/04/03 17:59:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\firefox\extensions\\{E6BD3CF4-D7FB-4F19-B37E-6A94F7E8ECBF}: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{E6BD3CF4-D7FB-4F19-B37E-6A94F7E8ECBF} [2009/03/31 17:35:08 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CPM2f30997f] Rundll32.exe "c:\windows\system32\fuwumovu.dll",a ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [Qcekesi] rundll32.exe "C:\WINDOWS\avelacih.dll",e (Mozilla Foundation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (Electronic Arts)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Excel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] "c:\program files\steam\steam.exe" -silent (Valve Corporation)
O4 - HKCU..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (Veoh Networks)
O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Excel\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\fuwumovu.dll) - c:\windows\system32\fuwumovu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fuwumovu.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\fuwumovu.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AutoRun.exe (Electronic Arts Inc.) - [ UDF ]
O32 - Autorun File - D:\AutoRun.exe (Electronic Arts Inc.) - [ UDF ]
O32 - Autorun File - D:\AutoRunGUI.dll (Electronic Arts Inc.) - [ UDF ]
O32 - Autorun File - D:\autorun.inf () - [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/04/04 14:19:37 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Excel\Desktop\OTListIt2.exe
[2009/04/04 13:39:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/04 13:39:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/04 13:39:53 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/04/04 13:39:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/04 13:39:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/04 13:39:53 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/04 13:39:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/04 13:39:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/04 13:39:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/04/04 13:37:38 | 03,067,656 | R--- | C] () -- C:\Documents and Settings\Excel\Desktop\ComboFix.exe
[2009/04/04 13:36:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/04 13:36:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/04 13:21:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Excel\Desktop\HijackThis.lnk
[2009/04/04 13:21:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/04 13:17:55 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/04 12:56:47 | 10,386,02240 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/03 17:59:26 | 00,000,016 | ---- | C] () -- C:\WINDOWS\Xgafasule.bin
[2009/04/03 17:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Excel\Local Settings\Application Data\{1737276B-3B1B-4AA0-A401-F9925EBBA4E0}
[2009/04/03 17:59:23 | 00,001,318 | ---- | C] () -- C:\WINDOWS\Gtutacaxoza.dat
[2009/03/31 17:25:39 | 02,544,776 | -HS- | C] () -- C:\WINDOWS\System32\unerotud.ini
[2009/03/30 18:53:42 | 01,050,154 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB
[2009/03/30 18:47:19 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/03/30 18:45:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Excel\Local Settings\Application Data\Symantec
[2009/03/30 18:34:37 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/03/30 18:34:27 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/30 18:34:27 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/03/30 18:34:27 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/30 18:34:27 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/03/30 18:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/03/30 18:34:01 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/03/30 18:33:56 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symtdi.sys
[2009/03/30 18:33:56 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndisv.sys
[2009/03/30 18:33:56 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndis.sys
[2009/03/30 18:33:56 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symids.sys
[2009/03/30 18:33:55 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.sys
[2009/03/30 18:33:55 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.sys
[2009/03/30 18:33:55 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symfw.sys
[2009/03/30 18:33:55 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.sys
[2009/03/30 18:33:53 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys
[2009/03/30 18:33:53 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.sys
[2009/03/30 18:33:31 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.inf
[2009/03/30 18:33:31 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.inf
[2009/03/30 18:33:31 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.inf
[2009/03/30 18:33:31 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.inf
[2009/03/30 18:33:31 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.inf
[2009/03/30 18:33:31 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.inf
[2009/03/30 18:33:31 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini
[2009/03/30 18:33:14 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.cat
[2009/03/30 18:33:14 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.cat
[2009/03/30 18:33:14 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.cat
[2009/03/30 18:33:14 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.CAT
[2009/03/30 18:33:14 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.cat
[2009/03/30 18:33:14 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.cat
[2009/03/30 18:33:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1005000.086
[2009/03/30 18:33:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/03/30 18:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/03/30 18:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/03/30 18:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/03/30 18:33:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/03/30 18:30:14 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/03/30 18:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/03/30 12:25:19 | 02,510,811 | -HS- | C] () -- C:\WINDOWS\System32\ezodoval.ini
[2009/03/30 00:24:48 | 03,306,960 | -HS- | C] () -- C:\WINDOWS\System32\urufejek.ini
[2009/03/29 19:48:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/03/29 19:17:01 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/29 19:16:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/29 19:16:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/29 19:16:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/29 18:54:28 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/29 16:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/29 16:35:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/29 12:25:12 | 00,101,998 | ---- | C] () -- C:\WINDOWS\System32\drivers\c0db3431.sys
[2009/03/29 12:24:42 | 00,000,002 | ---- | C] () -- C:\738437708
[2009/03/28 13:15:08 | 03,290,756 | -HS- | C] () -- C:\WINDOWS\System32\agujufoz.ini
[2009/03/24 19:37:13 | 00,020,459 | ---- | C] () -- C:\Documents and Settings\Excel\My Documents\biblio.odt
[2009/03/16 14:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Sega
[2009/03/11 07:46:17 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/01/03 05:26:34 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\bikoguza.dll
[2009/01/03 05:26:34 | 00,081,408 | -HS- | C] () -- C:\WINDOWS\System32\mivoduke.dll
[2009/01/02 17:26:10 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\fuwumovu.dll
[2009/01/02 17:26:10 | 00,080,896 | -HS- | C] () -- C:\WINDOWS\System32\bajahuda.dll
[2009/01/02 05:25:49 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\zatuhose.dll
[2009/01/02 05:25:49 | 00,081,408 | -HS- | C] () -- C:\WINDOWS\System32\kohigesi.dll
[2009/01/01 17:25:59 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\vabefado.dll
[2009/01/01 05:25:14 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\duzurosa.dll
[2008/11/15 11:52:18 | 00,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2008/11/15 11:52:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2008/11/06 11:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 11:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/25 19:24:26 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/08/05 19:26:42 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/07/26 16:06:51 | 00,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/07/02 17:08:58 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E417BE9680.sys
[2008/07/02 17:08:56 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/06/18 15:59:56 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/16 16:06:11 | 00,000,503 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/04/26 16:30:26 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/04/26 14:22:05 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2008/04/26 14:19:13 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2008/04/26 14:19:05 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/04/26 14:19:04 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2008/04/26 14:19:01 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2008/04/26 14:18:48 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2008/04/26 14:18:47 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2008/04/26 14:18:44 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2008/04/26 14:18:43 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2008/04/26 14:18:42 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2008/04/26 14:18:42 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2008/04/26 14:18:42 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2008/04/26 14:18:42 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2008/04/26 14:18:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2008/04/26 14:18:42 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2008/04/26 14:18:42 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2008/04/26 14:18:36 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2008/04/26 14:18:35 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2008/04/26 14:18:35 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2008/04/26 14:18:22 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2008/04/26 14:18:22 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2008/04/26 14:18:22 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2008/04/26 14:18:22 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2008/04/26 14:18:22 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2008/04/26 14:18:22 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2008/04/26 14:18:22 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2008/04/26 14:18:22 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2008/04/26 14:18:22 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2008/04/26 14:18:22 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2008/04/26 14:18:01 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2008/04/26 14:17:58 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2008/04/26 14:17:58 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2008/04/26 14:17:58 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/04/26 14:17:57 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2008/04/26 14:17:57 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2008/04/26 14:17:47 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2008/04/26 14:17:02 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2008/04/26 14:17:02 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2008/04/26 14:17:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2008/04/26 14:16:53 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2008/04/26 14:16:45 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2008/04/26 14:16:44 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2008/04/26 14:16:43 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2008/04/26 14:16:08 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2008/04/26 14:16:03 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2008/04/26 14:15:57 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2008/04/26 14:15:37 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2008/04/26 14:15:36 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2005/09/18 08:32:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/18 08:32:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/09/18 08:32:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/09/18 08:32:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/09/18 08:32:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/09/18 08:32:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/30 00:00:00 | 00,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 00,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 00,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/08/27 05:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 13:04:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/26 13:01:59 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2004/08/26 13:01:59 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2004/08/26 13:01:25 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/26 13:01:25 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/26 11:12:43 | 00,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:43 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:21 | 00,000,542 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 11:12:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/26 05:54:57 | 00,457,680 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/26 05:54:56 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1900/01/01 12:00:00 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\jivipano.dll.vir
[1900/01/01 12:00:00 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\fezisave.dll
[1900/01/01 12:00:00 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\daneteki.dll
[1900/01/01 12:00:00 | 00,088,576 | -HS- | C] () -- C:\WINDOWS\System32\jaditibi.dll
[1900/01/01 12:00:00 | 00,081,408 | ---- | C] () -- C:\WINDOWS\System32\zofujuga.dll
[1900/01/01 12:00:00 | 00,081,408 | ---- | C] () -- C:\WINDOWS\System32\kejefuru.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/04 14:48:36 | 00,101,998 | ---- | M] () -- C:\WINDOWS\System32\drivers\c0db3431.sys
[2009/04/04 14:19:42 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Excel\Desktop\OTListIt2.exe
[2009/04/04 14:17:56 | 00,000,016 | ---- | M] () -- C:\WINDOWS\Xgafasule.bin
[2009/04/04 13:58:27 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/04 13:56:32 | 00,176,742 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/04 13:55:52 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/04 13:55:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 13:55:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 13:55:17 | 10,386,02240 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/04 13:32:39 | 03,067,656 | R--- | M] () -- C:\Documents and Settings\Excel\Desktop\ComboFix.exe
[2009/04/04 13:21:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Excel\Desktop\HijackThis.lnk
[2009/04/04 13:14:18 | 00,000,542 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/04 13:00:22 | 00,001,318 | ---- | M] () -- C:\WINDOWS\Gtutacaxoza.dat
[2009/04/03 18:03:56 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\Excel\Desktop\Trillian.lnk
[2009/04/03 07:38:33 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/03 07:27:40 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\laduhopa
[2009/04/03 07:27:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-775355932-2418372300-882155552-1006.job
[2009/04/03 05:47:08 | 02,544,776 | -HS- | M] () -- C:\WINDOWS\System32\unerotud.ini
[2009/04/03 05:26:36 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\bikoguza.dll
[2009/04/03 05:26:36 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\zekisapi.exe
[2009/04/03 05:26:35 | 00,081,408 | -HS- | M] () -- C:\WINDOWS\System32\mivoduke.dll
[2009/04/02 17:26:12 | 00,080,896 | -HS- | M] () -- C:\WINDOWS\System32\bajahuda.dll
[2009/04/02 17:26:11 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\fuwumovu.dll
[2009/04/02 05:25:50 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\zatuhose.dll
[2009/04/02 05:25:50 | 00,081,408 | -HS- | M] () -- C:\WINDOWS\System32\kohigesi.dll
[2009/04/01 17:26:00 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\vabefado.dll
[2009/04/01 05:25:15 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\duzurosa.dll
[2009/03/31 17:25:28 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\fezisave.dll
[2009/03/31 00:26:00 | 02,510,811 | -HS- | M] () -- C:\WINDOWS\System32\ezodoval.ini
[2009/03/30 18:53:52 | 01,050,154 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB
[2009/03/30 18:40:21 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2009/03/30 18:40:21 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2009/03/30 18:34:27 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/30 18:34:27 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/03/30 18:34:27 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/30 18:34:27 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/03/30 18:34:01 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/03/30 18:33:56 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symtdi.sys
[2009/03/30 18:33:56 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndisv.sys
[2009/03/30 18:33:56 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndis.sys
[2009/03/30 18:33:56 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/03/30 18:33:56 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symids.sys
[2009/03/30 18:33:55 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.sys
[2009/03/30 18:33:55 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.sys
[2009/03/30 18:33:55 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symfw.sys
[2009/03/30 18:33:55 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.sys
[2009/03/30 18:33:53 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys
[2009/03/30 18:33:53 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.sys
[2009/03/30 18:33:31 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.inf
[2009/03/30 18:33:31 | 00,001,753 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.inf
[2009/03/30 18:33:31 | 00,001,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.inf
[2009/03/30 18:33:31 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.inf
[2009/03/30 18:33:31 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.inf
[2009/03/30 18:33:31 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.inf
[2009/03/30 18:33:31 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini
[2009/03/30 18:33:14 | 00,009,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.cat
[2009/03/30 18:33:14 | 00,007,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.cat
[2009/03/30 18:33:14 | 00,007,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.cat
[2009/03/30 18:33:14 | 00,007,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.CAT
[2009/03/30 18:33:14 | 00,007,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.cat
[2009/03/30 18:33:14 | 00,007,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.cat
[2009/03/30 15:42:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/30 12:29:26 | 03,306,960 | -HS- | M] () -- C:\WINDOWS\System32\urufejek.ini
[2009/03/30 00:24:46 | 03,290,756 | -HS- | M] () -- C:\WINDOWS\System32\agujufoz.ini
[2009/03/30 00:24:42 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\daneteki.dll
[2009/03/30 00:24:42 | 00,081,408 | ---- | M] () -- C:\WINDOWS\System32\kejefuru.dll
[2009/03/29 18:48:33 | 00,457,680 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 18:48:33 | 00,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/29 18:48:33 | 00,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/29 18:29:12 | 00,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/29 12:24:43 | 00,000,002 | ---- | M] () -- C:\738437708
[2009/03/29 12:24:33 | 00,088,576 | -HS- | M] () -- C:\WINDOWS\System32\jaditibi.dll
[2009/03/28 13:49:43 | 00,032,640 | ---- | M] () -- C:\Documents and Settings\Excel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/28 13:14:57 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\jivipano.dll.vir
[2009/03/28 13:14:55 | 00,081,408 | ---- | M] () -- C:\WINDOWS\System32\zofujuga.dll
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 07:34:53 | 00,002,244 | ---- | M] () -- C:\Documents and Settings\Excel\Desktop\Google Chrome.lnk
[2009/03/24 20:20:06 | 00,020,459 | ---- | M] () -- C:\Documents and Settings\Excel\My Documents\biblio.odt
[2009/03/14 18:13:41 | 00,008,192 | ---- | M] () -- C:\Documents and Settings\Excel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 18:21:10 | 00,199,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 19:02:17 | 00,003,438 | ---- | M] () -- C:\Documents and Settings\Excel\My Documents\essay3roughdraft.rtf
[2009/03/09 18:43:10 | 00,006,991 | ---- | M] () -- C:\Documents and Settings\Excel\My Documents\essay1roughdraft.rtf
< End of report >




Extras.txt:


OTListIt Extras logfile created on: 4/4/2009 2:44:29 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\Excel\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.42 Mb Total Physical Memory | 467.57 Mb Available Physical Memory | 47.21% Memory free
1.56 Gb Paging File | 1.10 Gb Available in Paging File | 70.41% Paging File free
Paging file location(s): C:\pagefile.sys 700 1400;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.19 Gb Free Space | 45.08% Space Free | Partition Type: NTFS
Drive D: | 1003.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CONDEMED
Current User Name: Excel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Excel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\trendantivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian (Cerulean Studios)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> (NHN USA inc.)
C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire (Xfire Inc.)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\Java\jdk1.6.0_07\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager (Electronic Arts)
C:\Documents and Settings\Excel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome (Google Inc.)
C:\Program Files\Tale of Tales\The Endless Forest 3\ForestViewer.exe:*:Enabled:ForestViewer ()
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player (Veoh Networks)
C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion (Microsoft Corporation)
C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III (Ensemble Studios)
C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs (Ensemble Studios)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4D41F3-3EDA-4DAC-9403-839708EA0667}" = Install(US)2
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}" = S4 League
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{ECD81BDE-FB56-4B2B-A98D-34E381286B7F}" = 2Wire Wireless Client Manager V3.02
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AskPBar Uninstall" = Ask Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4.7
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"Best Buy Rhapsody" = Best Buy Rhapsody
"BlueJ_is1" = BlueJ 2.2.1
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Cute Knight_is1" = Cute Knight version 1.21
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Manager" = Download Manager 2.3.6
"EADM" = EA Download Manager
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 4.0.1
"hijackthis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"JTablet" = JTablet
"MaCoPiX" = MaCoPiX
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nav" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Pen Tablet
"RPG Maker 2000 1.05" = RPG Maker 2000 1.05
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SceneCaster" = SceneCaster
"Shin Megami Tensei: Imagine" = Shin Megami Tensei: Imagine
"Shop for HP Supplies" = Shop for HP Supplies
"SONICADVDX" = SONIC ADVENTURE DX-Director's Cut
"ST6UNST #1" = ADRIFT
"Steam App 400" = Portal
"SystemRequirementsLab" = System Requirements Lab
"The Endless Forest_is1" = The Endless Forest
"Trillian" = Trillian
"UnityWebPlayer" = Unity Web Player
"Veoh Web Player Beta" = Veoh Web Player Beta
"Weather Services" = Weather Services
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"ButtonDemo" = ButtonDemo
"Google Chrome" = Google Chrome
"ijji.com" = ijji

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2008 6:21:31 PM | Computer Name = CONDEMED | Source = Google Update | ID = 20
Description =

Error - 11/20/2008 6:21:31 PM | Computer Name = CONDEMED | Source = Google Update | ID = 20
Description =

Error - 11/21/2008 9:33:59 AM | Computer Name = CONDEMED | Source = Google Update | ID = 20
Description =

Error - 11/21/2008 9:33:59 AM | Computer Name = CONDEMED | Source = Google Update | ID = 20
Description =

Error - 11/23/2008 2:32:53 PM | Computer Name = CONDEMED | Source = Google Update | ID = 20
Description =

Error - 11/23/2008 2:32:53 PM | Computer Name = CONDEMED | Source = Google Update | ID = 20
Description =

Error - 11/23/2008 7:37:54 PM | Computer Name = CONDEMED | Source = Application Hang | ID = 1002
Description = Hanging application run400.exe, version 4.0.0.51, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2008 8:54:22 PM | Computer Name = CONDEMED | Source = Application Hang | ID = 1002
Description = Hanging application elona.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/26/2008 3:20:35 PM | Computer Name = CONDEMED | Source = Google Update | ID = 20
Description =

Error - 11/26/2008 3:20:35 PM | Computer Name = CONDEMED | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/4/2009 1:59:55 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 4/4/2009 1:59:55 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7001
Description = The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog
service which failed to start because of the following error: %%2

Error - 4/4/2009 2:00:15 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/4/2009 2:00:15 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgldx86 avgmfx86 avgtdix

Error - 4/4/2009 2:56:57 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7000
Description = The AVG Free8 WatchDog service failed to start due to the following
error: %%2

Error - 4/4/2009 2:56:57 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 4/4/2009 2:56:57 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 4/4/2009 2:56:57 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7001
Description = The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog
service which failed to start because of the following error: %%2

Error - 4/4/2009 2:57:53 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/4/2009 2:57:53 PM | Computer Name = CONDEMED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgldx86 avgmfx86 avgtdix


< End of report >




GMER log:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-05 14:33:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 85154050 ZwAlertResumeThread
SSDT 85996050 ZwAlertThread
SSDT 85067EF0 ZwAllocateVirtualMemory
SSDT 85153050 ZwAssignProcessToJobObject
SSDT 85AE9910 ZwConnectPort
SSDT \SystemRoot\System32\drivers\c0db3431.sys ZwCreateEvent [0xF70E1F2D] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\drivers\c0db3431.sys ZwCreateKey [0xF70E0005] <-- ROOTKIT !!!
SSDT 84FB02B8 ZwCreateMutant
SSDT 84F843D0 ZwCreateSymbolicLinkObject
SSDT 84FAD8C0 ZwCreateThread
SSDT 85995050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF39B32C0] <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF39B3820] <-- ROOTKIT !!!
SSDT 8508D828 ZwDuplicateObject
SSDT 85066F30 ZwFreeVirtualMemory
SSDT 85A26050 ZwImpersonateAnonymousToken
SSDT 850DB050 ZwImpersonateThread
SSDT 85B8A460 ZwLoadDriver
SSDT 85F504A0 ZwMapViewOfSection
SSDT 85A93050 ZwOpenEvent
SSDT \SystemRoot\System32\drivers\c0db3431.sys ZwOpenKey [0xF70E00C5] <-- ROOTKIT !!!
SSDT 85128218 ZwOpenProcess
SSDT 850DD070 ZwOpenProcessToken
SSDT 85A91050 ZwOpenSection
SSDT 8508D8B8 ZwOpenThread
SSDT 84F252F8 ZwProtectVirtualMemory
SSDT 85AB63A0 ZwResumeThread
SSDT 850DC050 ZwSetContextThread
SSDT 850423A0 ZwSetInformationProcess
SSDT 85A90050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF39B3A70] <-- ROOTKIT !!!
SSDT 85A92050 ZwSuspendProcess
SSDT 85A94050 ZwSuspendThread
SSDT 85A970B8 ZwTerminateProcess
SSDT 85A27050 ZwTerminateThread
SSDT 85155050 ZwUnmapViewOfSection
SSDT 85066FC0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !
? C:\WINDOWS\System32\drivers\c0db3431.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[1976] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs c0db3431.sys

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip c0db3431.sys
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp c0db3431.sys

Device \Driver\symtdi \Device\SYMRDR c0db3431.sys

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp c0db3431.sys
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp c0db3431.sys

Device \Driver\symtdi \Device\SymTDI c0db3431.sys
---- Processes - GMER 1.0.15 ----

Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\DNA\btdna.exe [144] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [184] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [252] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [296] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [372] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\2Wire\2PortalMon.exe [400] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [412] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [480] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [500] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [540] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [564] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\Pen_Tablet.exe [624] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [656] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [684] 0x00950000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [756] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [888] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [932] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [944] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1088] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\RUNDLL32.EXE [1108] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Documents and Settings\Excel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [1172] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1188] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1332] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1388] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [1432] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [1532] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1588] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1636] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1660] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [1788] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1848] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [1976] 0x003C0000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe [2072] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2132] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\system32\Pen_Tablet.exe [2228] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2296] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\OpenOffice.org 3\program\soffice.exe [2408] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\OpenOffice.org 3\program\soffice.bin [2508] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [3084] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3680] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [3924] 0x10000000
Library c:\windows\system32\fuwumovu.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [3968] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\c0db3431.sys (*** hidden *** ) [SYSTEM] c0db3431 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\c0db3431@ImagePath \SystemRoot\System32\drivers\c0db3431.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\c0db3431@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\c0db3431@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\c0db3431@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\c0db3431@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\ControlSet002\Services\c0db3431@ImagePath \SystemRoot\System32\drivers\c0db3431.sys
Reg HKLM\SYSTEM\ControlSet002\Services\c0db3431@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\c0db3431@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\c0db3431@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\c0db3431@F96ZK6nPB YWR2YW50YXN0YXIudXM=

---- EOF - GMER 1.0.15 ----

Edited by aeturos, 05 April 2009 - 01:44 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP