Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Im pretty sure i have malware but im not sure.

Started by newbie4sure , Apr 04 2009 09:49 PM

  • Please log in to reply

#1
newbie4sure
Posted 04 April 2009 - 09:49 PM

newbie4sure

    New Member

  • Member
  • Pip
  • 1 posts
This is my first post and im pretty new to this type of problem. Sorry but i dont know the name of the malware or virus so let me start off by saying what it is that my computers doing. im running windows xp on my dell dimension 8100 by the way. well it started about 2-3 days ago i was on the internet and i temp took popup blocking off to view something and i got a popup and all [bleep] broke loose my comp started acting really really slow and wasnt responding so i restarted it and i noticed that it took longer to load up and when i got to the welcome page it froze and never got past that part i tried alot of time and it was the samething ever time. so i had to use safemode networking. thats when i tried the malware/spyware guide on how to remove it. it did detect trojans and some other kind of walware i cant remeber. after following all the steps and rebooting it did get past the welcome page in normal mode but froze when desktop came up with nothing on it like the icons, startup, ect. so here is the rooter, otlistit, and extras. hope this is enough please let know if you need more info.
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - FAT32 - (Total:19083 Mo/Free:796 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - FAT32 - (Total:76297 Mo/Free:117 Mo)

Sat 04/04/2009|22:50

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\System32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/04/2009|22:50

----------------------\\ Scan completed at 22:50

OTListIt logfile created on: 4/4/2009 11:03:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\YOY2L3EF
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

127.07 Mb Total Physical Memory | 40.37 Mb Available Physical Memory | 31.77% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048;E:\pagefile.sys 2048 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 8.78 Gb Free Space | 47.09% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 74.51 Gb Total Space | 72.11 Gb Free Space | 96.79% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: C646239-C
Current User Name: default
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\YOY2L3EF\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- File not found
SRV - (N360 [Auto | Stopped]) -- C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Auto | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (BHDrvx86 [System | Stopped]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\BHDrvx86.sys (Symantec Corporation)
DRV - (ccHP [System | Stopped]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\ccHPx86.sys (Symantec Corporation)
DRV - (CoachAud [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachAud.sys (FotoNation Inc.)
DRV - (CoachUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachUsb.sys (FotoNation Inc.)
DRV - (CoachVid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachVid.sys (FotoNation Inc.)
DRV - (eeCtrl [System | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EL90XBC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (es1371 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (IDSxpx86 [System | Stopped]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090206.001\IDSxpx86.sys (Symantec Corporation)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090226.034\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090226.034\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smserial [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smserial.sys (Motorola Inc.)
DRV - (SRTSP [System | Stopped]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Stopped]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Stopped]) -- C:\WINDOWS\system32\drivers\N360\0300000.087\SYMTDI.SYS (Symantec Corporation)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = AltaVista
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.altavista...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/14 09:52:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/14 09:52:06 | 00,000,000 | ---D | M]

[2009/03/14 09:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\mozilla\Extensions
[2009/03/14 09:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 11:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\mozilla\Extensions\[email protected]
[2009/03/14 09:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\mozilla\Firefox\Profiles\4xjp0ivv.default\extensions
[2008/12/12 11:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Mozilla\FireFox\Profiles\4xjp0ivv.default\searchplugins\MySpace.xml
[2009/03/14 09:52:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/14 09:52:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 10:39:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/31 15:53:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/31 15:53:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 12:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 12:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 12:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 12:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 12:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 12:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 12:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (252 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O1 - Hosts: 195.245.119.131 spyware-protector-2009.com
O1 - Hosts: 195.245.119.131 www.spyware-protector-2009.com
O1 - Hosts: 195.245.119.131 secure.spyware-protector-2009.com
O1 - Hosts: 195.245.119.131 knocker
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (REALBAR) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - Reg Error: Value error. File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\bin\ssv.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (BrowserHelper Class) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM32\NZDD.DLL (RealNetworks, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (REALBAR) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "E:\bin\jusched.exe" File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [NortonUtilities] E:\Program Files\Norton Utilities 14\nu.exe /H File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra Button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra 'Tools' menuitem : Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra Button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O9 - Extra 'Tools' menuitem : Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} http://207.82.221.10...etzip/RdxIE.cab (RdxIE Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1236162968533 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8076.7191550926 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...ta/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.s.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} http://fdl.msn.com/p...at/msnchat4.cab (MSN Chat Control 4.0)
O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} http://adminportal.b...rtSsoClient.cab (Coreport SSO Client)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - ( mcenspc.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.DOS () - [ FAT32 ]
O32 - Autorun File - C:\AUTOEXEC.BAK () - [ FAT32 ]
O32 - Autorun File - E:\AUTOEXEC.BAT () - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\default\My Documents\*.tmp files]
[2009/04/04 22:49:54 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/04 22:23:08 | 00,000,378 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/04 22:23:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/04 22:23:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/04 20:57:05 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\kirjbfv.sys
[2009/04/04 20:48:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\Malwarebytes
[2009/04/04 20:48:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/04 20:44:04 | 00,000,327 | ---- | C] () -- C:\Documents and Settings\default\Desktop\NTREGOPT.lnk
[2009/04/04 20:44:04 | 00,000,314 | ---- | C] () -- C:\Documents and Settings\default\Desktop\ERUNT.lnk
[2009/04/04 16:17:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2009/04/02 17:07:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\Downloaded Installations
[2009/04/02 17:05:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0300000.087
[2009/04/02 17:05:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009/04/01 21:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/01 21:39:57 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/04/01 21:39:45 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.sys
[2009/04/01 21:39:45 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symtdi.sys
[2009/04/01 21:39:45 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symfw.sys
[2009/04/01 21:39:45 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.sys
[2009/04/01 21:39:45 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symndisv.sys
[2009/04/01 21:39:45 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symndis.sys
[2009/04/01 21:39:45 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symids.sys
[2009/04/01 21:39:44 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\cchpx86.sys
[2009/04/01 21:39:44 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.sys
[2009/04/01 21:39:44 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.sys
[2009/04/01 21:38:59 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.inf
[2009/04/01 21:38:59 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.inf
[2009/04/01 21:38:59 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymNet.inf
[2009/04/01 21:38:59 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.inf
[2009/04/01 21:38:59 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.inf
[2009/04/01 21:38:59 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.inf
[2009/04/01 21:38:59 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\isolate.ini
[2009/04/01 21:38:27 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymNet.cat
[2009/04/01 21:38:27 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.cat
[2009/04/01 21:38:27 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.cat
[2009/04/01 21:38:27 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.cat
[2009/04/01 21:38:26 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.CAT
[2009/04/01 21:38:26 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.cat
[2009/04/01 21:38:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/04/01 21:38:19 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009/04/01 21:37:31 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/04/01 11:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\LimeWire
[2009/04/01 11:56:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\LimeWire
[2009/04/01 00:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/01 00:33:57 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/01 00:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/01 00:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/01 00:31:04 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/01 00:30:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/01 00:30:18 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/01 00:30:05 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/01 00:28:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/04/01 00:28:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/01 00:27:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\Apple Computer
[2009/03/30 19:25:51 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/03/30 19:24:56 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Windows Media Player.lnk
[2009/03/30 19:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/03/30 19:20:44 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/03/30 19:20:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/03/30 19:20:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/03/30 19:18:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/30 00:35:02 | 00,000,000 | ---D | C] -- C:\My Download Files
[2009/03/28 16:19:05 | 00,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/03/28 16:19:02 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Adobe Photoshop 7.0.lnk
[2009/03/22 19:34:56 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\default\My Documents\Default.rdp
[2009/03/21 14:40:38 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/03/21 14:40:31 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/21 14:40:31 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/21 14:40:31 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/03/21 14:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/03/21 14:38:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/03/21 14:33:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/03/21 14:15:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\Norton Utilities 14
[2009/03/21 14:10:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton Installer
[2009/03/21 14:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/20 09:20:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\My Received Files
[2009/03/17 22:10:04 | 00,000,021 | ---- | C] () -- C:\Documents and Settings\default\Desktop\memory.dve
[2009/03/15 21:11:56 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009/03/15 21:11:56 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2009/03/15 13:55:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\ooVoo Details
[2009/03/15 11:51:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/15 11:14:37 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/03/15 11:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2009/03/15 11:13:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/15 09:36:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/03/15 09:31:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/03/14 22:13:57 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\default\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 21:53:17 | 00,045,344 | ---- | C] (FotoNation Inc.) -- C:\WINDOWS\System32\drivers\CoachVid.sys
[2009/03/14 21:53:16 | 00,016,896 | ---- | C] (FotoNation Inc.) -- C:\WINDOWS\System32\CoachDlg.dll
[2009/03/14 21:53:14 | 00,049,184 | ---- | C] (FotoNation Inc.) -- C:\WINDOWS\System32\drivers\CoachUsb.sys
[2009/03/14 21:53:14 | 00,014,336 | ---- | C] (FotoNation) -- C:\WINDOWS\System32\CoachWrp.dll
[2009/03/14 21:53:13 | 00,096,768 | ---- | C] (FotoNation) -- C:\WINDOWS\System32\CoachWia.dll
[2009/03/14 21:53:01 | 00,010,592 | ---- | C] (FotoNation Inc.) -- C:\WINDOWS\System32\drivers\CoachAud.sys
[2009/03/14 21:53:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/03/14 21:52:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\V5T2HD
[2009/03/14 19:23:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/03/14 19:22:12 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/03/14 17:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\MySpaceIM Pics
[2009/03/14 17:40:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\MySpace
[2009/03/14 17:39:31 | 00,000,000 | ---D | C] -- C:\Program Files\MySpace
[2009/03/14 11:09:58 | 00,000,003 | ---- | C] () -- C:\swap.sys
[2009/03/14 09:52:15 | 00,001,506 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/14 09:52:04 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/03/13 22:48:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\Google
[2009/03/13 22:29:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/03/13 22:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/03/13 21:13:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2009/03/13 21:12:23 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys
[2009/03/13 21:12:04 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys
[2009/03/13 21:11:58 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/03/13 21:11:40 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2009/03/13 21:11:13 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/03/13 21:10:57 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/03/13 21:10:24 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/03/13 21:07:23 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OVCodek2.sys
[2009/03/13 21:07:23 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2009/03/13 21:07:23 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVCodec2.dll
[2009/03/13 21:07:23 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2009/03/13 21:07:23 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OVCam2.sys
[2009/03/13 21:07:23 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2009/03/13 21:07:23 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVUI2.dll
[2009/03/13 21:07:23 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2009/03/13 21:07:23 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVUI2RC.dll
[2009/03/13 21:07:23 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2009/03/13 21:07:23 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ovcoms.exe
[2009/03/13 21:07:23 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2009/03/13 21:07:23 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OVCD.sys
[2009/03/13 21:07:23 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2009/03/13 21:07:23 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OVComC.dll
[2009/03/13 21:07:23 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2009/03/13 21:07:06 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/03/13 21:07:06 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/03/13 21:07:06 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/03/13 21:07:02 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/03/13 20:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/13 19:59:56 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/13 19:59:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/03/13 19:34:14 | 00,000,725 | -H-- | C] () -- C:\IPH.PH
[2009/03/13 16:28:58 | 00,000,000 | ---D | C] -- C:\Program Files\Netropa
[2009/03/13 16:28:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\mozilla.org
[2009/03/13 16:23:50 | 00,000,000 | -HSD | C] -- C:\undo
[2009/03/13 12:38:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\MSN6
[2009/03/12 23:29:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\AIM Toolbar
[2009/03/12 23:28:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\acccore
[2009/03/12 23:28:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\AOL OCP
[2009/03/12 23:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\AOL
[2009/03/12 23:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/03/12 23:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/03/12 23:27:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/12 23:27:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/03/12 23:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/03/12 23:26:59 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2009/03/12 16:20:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/12 16:20:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2004/06/30 17:42:12 | 00,000,897 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/31 10:46:25 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/03/30 17:32:59 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/03/30 17:32:58 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/03/30 17:32:58 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/03/30 17:32:09 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/03/30 17:31:59 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/03/30 17:31:55 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/03/30 17:30:19 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/03/30 17:28:42 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/03/30 17:26:21 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/03/30 17:25:53 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/03/30 15:47:07 | 00,000,351 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/30 15:43:17 | 00,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2004/03/30 15:43:17 | 00,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2004/03/30 15:43:17 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2004/03/30 15:43:17 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2004/03/30 15:43:17 | 00,001,620 | ---- | C] () -- C:\WINDOWS\schedule.ini
[2004/03/30 15:43:17 | 00,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2004/03/30 15:43:17 | 00,000,935 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/03/30 15:43:17 | 00,000,932 | ---- | C] () -- C:\WINDOWS\mrun32.ini
[2004/03/30 15:43:17 | 00,000,909 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/30 15:43:17 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2004/03/30 15:43:17 | 00,000,638 | ---- | C] () -- C:\WINDOWS\userinfo.ini
[2004/03/30 15:43:17 | 00,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2004/03/30 15:43:17 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2004/03/30 15:43:17 | 00,000,199 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/03/30 15:43:17 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/03/30 15:43:17 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/03/30 15:43:17 | 00,000,044 | ---- | C] () -- C:\WINDOWS\BDHOME.INI
[2004/03/30 15:43:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/03/30 15:43:17 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/03/30 15:43:17 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2004/03/30 15:43:17 | 00,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2004/03/30 15:43:17 | 00,000,017 | ---- | C] () -- C:\WINDOWS\venderID.ini
[2004/03/30 15:43:17 | 00,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2004/03/30 15:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/03/30 15:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPID.INI
[2004/03/30 15:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FONESYNC.INI
[2004/03/30 15:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DELLSC.INI
[2004/03/30 15:42:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/03/30 15:39:15 | 00,000,269 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2004/03/30 15:39:15 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2004/03/30 15:38:12 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/03/30 15:38:12 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/03/30 15:36:46 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2004/03/30 15:36:43 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/03/30 15:32:33 | 00,347,268 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/03/30 15:32:32 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/05/13 10:28:52 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2002/03/29 14:45:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\wwnet32i.dll
[2001/08/23 12:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001/08/23 12:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2001/08/23 12:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2001/08/23 12:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001/08/23 12:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001/08/23 12:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2001/08/23 12:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2001/08/23 12:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2001/08/23 12:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001/08/23 12:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2001/08/23 12:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2001/08/23 12:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2001/08/23 12:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2001/08/23 12:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2001/08/23 12:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001/08/23 12:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001/08/23 12:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001/08/23 12:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001/08/23 12:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001/08/23 12:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001/08/23 12:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001/08/23 12:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2001/08/23 12:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001/08/23 12:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001/08/23 12:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 12:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001/08/23 12:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001/08/23 12:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001/08/23 12:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001/08/23 12:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001/08/23 12:00:00 | 00,001,538 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 12:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001/08/23 12:00:00 | 00,000,630 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/23 12:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001/08/17 22:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2001/07/27 19:08:11 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2001/04/26 19:29:34 | 00,129,076 | ---- | C] () -- C:\WINDOWS\NLOGOW.SYS
[2001/04/26 19:29:34 | 00,129,076 | ---- | C] () -- C:\WINDOWS\NLOGOS.SYS
[2000/08/08 13:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\MSDFMAP.INI
[2000/07/07 14:49:30 | 00,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/06/06 16:21:34 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2000/03/25 19:00:00 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[1999/08/12 00:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999/08/12 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999/08/12 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 00,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\default\My Documents\*.tmp files]
[2009/04/04 22:58:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 22:58:02 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\default\Application Data\IconCache.db
[2009/04/04 22:23:10 | 00,000,378 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/04 20:57:06 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\kirjbfv.sys
[2009/04/04 20:44:06 | 00,000,327 | ---- | M] () -- C:\Documents and Settings\default\Desktop\NTREGOPT.lnk
[2009/04/04 20:44:06 | 00,000,314 | ---- | M] () -- C:\Documents and Settings\default\Desktop\ERUNT.lnk
[2009/04/04 15:13:20 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/04 15:09:28 | 00,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/01 21:40:26 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/01 21:40:26 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/01 21:40:26 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/04/01 21:40:26 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/04/01 21:40:00 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/04/01 21:39:46 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\cchpx86.sys
[2009/04/01 21:39:46 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.sys
[2009/04/01 21:39:46 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.sys
[2009/04/01 21:39:46 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.sys
[2009/04/01 21:39:46 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symtdi.sys
[2009/04/01 21:39:46 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symfw.sys
[2009/04/01 21:39:46 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.sys
[2009/04/01 21:39:46 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symndisv.sys
[2009/04/01 21:39:46 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symndis.sys
[2009/04/01 21:39:46 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symids.sys
[2009/04/01 21:39:00 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.inf
[2009/04/01 21:39:00 | 00,001,753 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.inf
[2009/04/01 21:39:00 | 00,001,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymNet.inf
[2009/04/01 21:39:00 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.inf
[2009/04/01 21:39:00 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.inf
[2009/04/01 21:39:00 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.inf
[2009/04/01 21:39:00 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\isolate.ini
[2009/04/01 21:38:28 | 00,009,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymNet.cat
[2009/04/01 21:38:28 | 00,007,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.cat
[2009/04/01 21:38:28 | 00,007,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.cat
[2009/04/01 21:38:28 | 00,007,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.CAT
[2009/04/01 21:38:28 | 00,007,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.cat
[2009/04/01 21:38:28 | 00,007,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.cat
[2009/04/01 21:34:14 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2009/04/01 21:24:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/01 20:57:02 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
[2009/04/01 19:00:02 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2009/04/01 00:40:06 | 00,088,160 | ---- | M] () -- C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/01 00:30:20 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/31 13:28:32 | 00,002,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word.lnk
[2009/03/31 10:27:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/30 19:27:04 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Windows Media Player.lnk
[2009/03/30 19:25:22 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/03/30 19:25:22 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/03/30 19:25:00 | 00,001,538 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/30 19:22:38 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/03/30 19:20:46 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/03/28 16:19:06 | 00,000,890 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/03/28 16:19:04 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Adobe Photoshop 7.0.lnk
[2009/03/27 20:00:02 | 00,000,323 | ---- | M] () -- C:\WINDOWS\tasks\Scan for Viruses.job
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/22 19:34:58 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\default\My Documents\Default.rdp
[2009/03/21 14:40:10 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/03/21 14:35:34 | 00,000,990 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/17 22:10:06 | 00,000,021 | ---- | M] () -- C:\Documents and Settings\default\Desktop\memory.dve
[2009/03/15 11:54:08 | 00,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/15 11:54:08 | 00,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/15 11:54:08 | 00,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/14 22:13:58 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\default\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 22:06:18 | 00,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2009/03/14 11:10:00 | 00,000,003 | ---- | M] () -- C:\swap.sys
[2009/03/14 09:52:16 | 00,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/13 20:01:02 | 00,000,725 | -H-- | M] () -- C:\IPH.PH
[2009/03/13 19:59:58 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/13 19:50:20 | 00,000,897 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/13 16:52:50 | 00,001,125 | ---- | M] () -- C:\WINDOWS\Winamp.ini
[2009/03/13 14:57:22 | 00,000,630 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/12 16:09:16 | 00,250,048 | RHS- | M] () -- C:\ntldr
< End of report >

OTListIt Extras logfile created on: 4/4/2009 11:03:33 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\YOY2L3EF
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

127.07 Mb Total Physical Memory | 40.37 Mb Available Physical Memory | 31.77% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048;E:\pagefile.sys 2048 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 8.78 Gb Free Space | 47.09% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 74.51 Gb Total Space | 72.11 Gb Free Space | 96.79% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: C646239-C
Current User Name: default
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM File not found
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{01001202-5D65-445A-B3B4-3DCE72BA0C6C}" = Microsoft Encarta Encyclopedia Standard 2001
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E01D0C8-D715-4F0D-9B89-8B98C2361674}" = i-LEARN My Dell PC
"{4B0ED720-87D3-11D4-A188-0050DA2DDF19}" = Dell Solution Center
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{739F50FE-87AF-4108-93C8-6FF50A07A304}" = DV Ts
"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000704}" = Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{D9A8A528-BDF7-4D66-9B03-FB10C93707FD}" = Dell E-Button Driver
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_6" = AIM 6
"ERUNT_is1" = ERUNT 1.1j
"HP Instant Delivery" = HP Instant Delivery
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Java Web Start" = Java Web Start
"LiveReg" = LiveReg (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton AntiVirus" = Norton AntiVirus 2001
"Norton Rescue" = Rescue Disk
"Norton Utilities_is1" = Norton Utilities
"PPTView97" = Microsoft PowerPoint Viewer 97
"RealDownload" = RealDownload
"SBPCIUnInstall" = Creative PCI Audio Drivers
"Shockwave" = Shockwave
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows" = Windows XP Uninstall
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2009 10:25:21 PM | Computer Name = C646239-C | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 3/23/2009 10:38:52 PM | Computer Name = C646239-C | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 3/23/2009 10:38:52 PM | Computer Name = C646239-C | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 3/26/2009 10:58:31 PM | Computer Name = C646239-C | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 3/26/2009 10:58:31 PM | Computer Name = C646239-C | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 3/29/2009 10:47:27 PM | Computer Name = C646239-C | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/31/2009 6:54:57 PM | Computer Name = C646239-C | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2009 9:46:40 PM | Computer Name = C646239-C | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 4/1/2009 9:46:40 PM | Computer Name = C646239-C | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 4/1/2009 11:36:35 PM | Computer Name = C646239-C | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/5/2009 1:48:03 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/5/2009 1:48:23 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/5/2009 1:48:48 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/5/2009 1:55:54 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/5/2009 1:56:19 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/5/2009 1:56:26 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/5/2009 1:57:20 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/5/2009 1:58:03 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/5/2009 1:59:16 AM | Computer Name = C646239-C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/5/2009 2:00:36 AM | Computer Name = C646239-C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 ccHP eeCtrl Fips IDSxpx86 Processor SRTSP SRTSPX SYMTDI


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP