Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Symantec: A recent attempt to attack your computer was blocked

Started by mandilly , Apr 15 2009 10:19 PM

  • Please log in to reply

#1
mandilly
Posted 15 April 2009 - 10:19 PM

mandilly

    Member

  • Member
  • PipPip
  • 18 posts
The past two days I have been repeatedly getting this notice from Symantec. When I say repeatedly, I mean every 2 seconds or so Symantec says that's it's blocked another attack. When I view the 'details' of the attacks, no real information is provided other than it's a Portscan, and it lists an attacking IP address, and my IP address. If I unplug my ethernet cable, the warnings stop coming up, however upon replugging the ethernet cable back in, I get repeated warnings. I'm not sure if these attacks have anything to do with my internet network that I have to use while at school, or if it's something on my computer itself. I'm not computer literate in the least. :)

I followed the steps provided above, and here are the various logs that I've obtained:

Ad-aware log (I did this scan before following your steps above, though I thought I would post the results nonetheless):


Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, April 15, 2009 11:04:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R221 18.02.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-15-2009 11:04:22 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Amanda\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Amanda\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 740
ThreadCreationTime : 4-15-2009 11:29:30 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 4-15-2009 11:29:31 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 4-15-2009 11:29:36 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 4-15-2009 11:29:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
ProductVersion : 5.1.2600.5755
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 4-15-2009 11:29:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2113)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1060
ThreadCreationTime : 4-15-2009 11:29:37 PM
BasePriority : Normal
FileVersion : 6.14.10.4129
ProductVersion : 6.14.10.4129
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 4-15-2009 11:29:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1156
ThreadCreationTime : 4-15-2009 11:29:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1300
ThreadCreationTime : 4-15-2009 11:29:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 4-15-2009 11:29:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1528
ThreadCreationTime : 4-15-2009 11:29:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsvchst.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1828
ThreadCreationTime : 4-15-2009 11:29:39 PM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec Service Framework
InternalName : ccSvcHst
LegalCopyright : Copyright © 2000-2006 Symantec Corporation. All rights reserved.
OriginalFilename : ccSvcHst.exe

#:13 [appsvc32.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\
ProcessID : 1932
ThreadCreationTime : 4-15-2009 11:29:39 PM
BasePriority : Normal
FileVersion : 1.1.1.3
ProductVersion : 1.1
ProductName : Symantec Application Core
CompanyName : Symantec Corporation
FileDescription : Symantec Application Core Service
InternalName : AppSvc32
LegalCopyright : Copyright © 1997-2007 Symantec Corporation
OriginalFilename : AppSvc32.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 280
ThreadCreationTime : 4-15-2009 11:29:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-0852)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 4-15-2009 11:29:42 PM
BasePriority : Normal
FileVersion : 6.14.10.4129
ProductVersion : 6.14.10.4129
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1276
ThreadCreationTime : 4-15-2009 11:29:43 PM
BasePriority : Normal
FileVersion : 6.00.2900.5512 (xpsp.080413-2105)
ProductVersion : 6.00.2900.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [rthdcpl.exe]
FilePath : C:\WINDOWS\
ProcessID : 1644
ThreadCreationTime : 4-15-2009 11:29:44 PM
BasePriority : Normal
FileVersion : 2.0.4.4
ProductVersion : 2.0.4.4
ProductName : Realtek HD Audio Sound Effect Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek HD Audio Control Panel
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : RTHDCPL.EXE

#:18 [sm56hlpr.exe]
FilePath : C:\WINDOWS\
ProcessID : 1720
ThreadCreationTime : 4-15-2009 11:29:45 PM
BasePriority : Normal
FileVersion : 6.10.101-16
ProductVersion : SM56 Rel. 6.10 Build 101 Preview 16
ProductName : Motorola SM56 Tray Application
CompanyName : Motorola Inc.
FileDescription : Motorola SM56 Win32 Utility
InternalName : SM56 Modem Helper
LegalCopyright : Copyright © 1998-2004, Motorola Inc.
OriginalFilename : SM56HLPR.EXE

#:19 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 1728
ThreadCreationTime : 4-15-2009 11:29:45 PM
BasePriority : Normal


#:20 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1820
ThreadCreationTime : 4-15-2009 11:29:45 PM
BasePriority : Normal
FileVersion : 8.1.6 25Aug05
ProductVersion : 8.1.6 25Aug05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright © Synaptics, Inc. 1996-2005
OriginalFilename : SynTPEnh.exe

#:21 [test_bs.exe]
FilePath : C:\Program Files\AlienAutopsy\
ProcessID : 1860
ThreadCreationTime : 4-15-2009 11:29:45 PM
BasePriority : High


#:22 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 2032
ThreadCreationTime : 4-15-2009 11:29:46 PM
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:23 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 120
ThreadCreationTime : 4-15-2009 11:29:46 PM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2006 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:24 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 404
ThreadCreationTime : 4-15-2009 11:29:46 PM
BasePriority : Normal
FileVersion : 80, 1, 0, 0
ProductVersion : 80, 1, 0, 0
ProductName : hpwuSchd Application
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd Application
InternalName : hpwuSchd
LegalCopyright : Copyright © Hewlett-Packard 2007
OriginalFilename : hpwuSchd.exe

#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre6\bin\
ProcessID : 416
ThreadCreationTime : 4-15-2009 11:29:46 PM
BasePriority : Normal


#:26 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 584
ThreadCreationTime : 4-15-2009 11:29:47 PM
BasePriority : Normal
FileVersion : 8.1.1.10
ProductVersion : 8.1.1.10
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2009 Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:27 [aim6.exe]
FilePath : C:\Program Files\AIM6\
ProcessID : 608
ThreadCreationTime : 4-15-2009 11:29:47 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : AOL LLC
FileDescription : AIM
InternalName : AOLSoftware
LegalCopyright : © 2007 AOL LLC.
OriginalFilename : AOLSoftware.exe

#:28 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 624
ThreadCreationTime : 4-15-2009 11:29:47 PM
BasePriority : Idle
FileVersion : 1, 6, 6, 32
ProductVersion : 1, 6, 2, 0
ProductName : Spybot - Search & Destroy
CompanyName : Safer-Networking Ltd.
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2009 Safer-Networking Ltd. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:29 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 728
ThreadCreationTime : 4-15-2009 11:29:48 PM
BasePriority : Normal
FileVersion : 70.0.170.000
ProductVersion : 070.000.170.000
ProductName : hp digital imaging
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Development Company, L.P. 1995-2005
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:30 [ccaagent.exe]
FilePath : C:\Program Files\Cisco Systems\Clean Access Agent\
ProcessID : 796
ThreadCreationTime : 4-15-2009 11:29:48 PM
BasePriority : Normal
FileVersion : 4.01.0008
ProductVersion : 4.01.0008
ProductName : Cisco Clean Access Agent
CompanyName : Cisco Systems, Inc
FileDescription : Clean Access Agent
InternalName : CCAAgent
LegalCopyright : Cisco Systems, Inc. 2004-2009
OriginalFilename : CCAAgent.exe
Comments : Cisco Clean Access Product (4.1.8.0-081210170000)

#:31 [aolsoftware.exe]
FilePath : C:\Program Files\AIM6\
ProcessID : 896
ThreadCreationTime : 4-15-2009 11:29:48 PM
BasePriority : Normal
FileVersion : 15.6.1.1
ProductVersion : 15.6.1.1
ProductName : AOL Service Libraries
CompanyName : AOL LLC
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : Copyright © 2007 AOL LLC
OriginalFilename : AOLSoftware.exe

#:32 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:33 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 808
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 2.12.36.0
ProductVersion : 2.12.36.0
ProductName : Apple Mobile Device Service
CompanyName : Apple Inc.
FileDescription : Apple Mobile Device Service
InternalName : AppleMobileDeviceService
LegalCopyright : © 2007-2008 Apple Inc. All Rights Reserved.
OriginalFilename : AppleMobileDeviceService.exe

#:34 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 968
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 3.2.0.68
ProductVersion : 3.2.0.68
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2007 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:35 [mdnsresponder.exe]
FilePath : C:\Program Files\Bonjour\
ProcessID : 1372
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 1,0,6,2
ProductVersion : 1,0,6,2
ProductName : Bonjour
CompanyName : Apple Inc.
FileDescription : Bonjour Service
InternalName : mDNSResponder.exe
LegalCopyright : Copyright © 2003-2008 Apple Inc.
OriginalFilename : mDNSResponder.exe

#:36 [jqs.exe]
FilePath : C:\Program Files\Java\jre6\bin\
ProcessID : 1712
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Idle


#:37 [teks_service.exe]
FilePath : C:\Program Files\AlienAutopsy\
ProcessID : 2000
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : High
FileVersion : 3.30.61.0
ProductVersion : 3.50.36.0
ProductName : DynTek ProductivIT
CompanyName : DynTek, Inc.
FileDescription : DynTek ProductivIT Service
InternalName : pitservice
LegalCopyright : © 2000-2003 DynTek, Inc.
OriginalFilename : TEKS_Service.exe

#:38 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2140
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:39 [hpqste08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2504
ThreadCreationTime : 4-15-2009 11:30:00 PM
BasePriority : Normal
FileVersion : 70.0.170.000
ProductVersion : 070.000.170.000
ProductName : hp digital imaging
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : HP CUE Status
InternalName : HPQSTS00
LegalCopyright : Copyright © Hewlett-Packard Development Company, L.P. 1995-2005
OriginalFilename : HPQSTS00.EXE
Comments : HP CUE Status

#:40 [viewpointservice.exe]
FilePath : C:\Program Files\Viewpoint\Common\
ProcessID : 2572
ThreadCreationTime : 4-15-2009 11:30:04 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 54
ProductVersion : 2, 0, 0, 54
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:41 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3064
ThreadCreationTime : 4-15-2009 11:30:08 PM
BasePriority : Normal
FileVersion : 8.1.1.10
ProductVersion : 8.1.1.10
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2009 Apple Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:42 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3508
ThreadCreationTime : 4-15-2009 11:30:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-0852)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:43 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 484
ThreadCreationTime : 4-15-2009 11:30:19 PM
BasePriority : Normal


#:44 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 440
ThreadCreationTime : 4-15-2009 11:30:19 PM
BasePriority : Normal


#:45 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 2184
ThreadCreationTime : 4-15-2009 11:40:50 PM
BasePriority : Normal


#:46 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3940
ThreadCreationTime : 4-16-2009 3:03:58 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amanda@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 6-5-2010 7:54:10 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amanda@unicast[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:[email protected]/
Expires : 4-20-2009
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 15



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
10530 entries scanned.
New critical objects:0
Objects found so far: 15




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

11:23:09 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:46.719
Objects scanned:209626
Objects identified:2
Objects ignored:0
New critical objects:2


MBAM log:

Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 5.1.2600 Service Pack 3

4/15/2009 11:48:10 PM
mbam-log-2009-04-15 (23-48-10).txt

Scan type: Quick Scan
Objects scanned: 67943
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Rooter (I was still having issues after I rebooted, so I continued on the steps):

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:95385 Mo/Free:2861 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Wed 04/15/2009|23:54

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\WINDOWS\sm56hlpr.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\AlienAutopsy\Test_BS.exe
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\AIM6\aim6.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
---------- C:\Program Files\AIM6\aolsoftware.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\AlienAutopsy\TEKS_Service.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/15/2009|23:54

----------------------\\ Scan completed at 23:54






OT List Log:

OTListIt logfile created on: 4/16/2009 12:05:39 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Amanda\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 418.08 Mb Available Physical Memory | 40.90% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 66.81 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMANDA-D8ECCDC2
Current User Name: Amanda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\AlienAutopsy\Test_BS.exe ()
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\AlienAutopsy\TEKS_Service.exe (DynTek, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe (Symantec Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ProductivITService [Auto | Running]) -- C:\Program Files\AlienAutopsy\TEKS_Service.exe (DynTek, Inc.)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SymAppCore [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HidCom [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\BdHidCom.sys (Cypress Semiconductor)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090415.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090415.003\NAVEX15.SYS (Symantec Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMBios [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SMBios.sys (Intel Corporation)
DRV - (smserial [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\smserial.sys (Motorola Inc.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20090407.002\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TeksKernel [System | Running]) -- C:\WINDOWS\System32\Drivers\TeksKernel.sys (DynTek, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viamraid [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys (VIA Technologies inc,.ltd)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/09 01:18:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/05 17:36:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 14:52:45 | 00,000,000 | ---D | M]

[2008/09/03 19:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Extensions
[2008/09/03 19:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/13 22:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Firefox\Profiles\4cu8eklb.default\extensions
[2008/03/16 00:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Firefox\Profiles\4cu8eklb.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2009/04/13 22:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/29 14:52:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/01 00:53:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/12/05 18:27:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/09 01:18:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/29 14:52:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/29 14:52:40 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/24 21:21:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/24 21:21:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/24 21:21:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 12:41:30 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/24 21:21:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/24 21:21:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/24 21:21:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305034 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10507 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {097E7337-311D-44FF-A853-3F454FE1A682} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec....abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/04/16 00:04:33 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe
[2009/04/15 23:53:58 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/15 23:53:38 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Rooter.exe
[2009/04/15 23:42:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Malwarebytes
[2009/04/15 23:42:10 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/15 23:42:10 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/15 23:42:08 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/15 23:42:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/15 23:42:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/15 23:40:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/15 23:39:32 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\NTREGOPT.lnk
[2009/04/15 23:39:32 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\ERUNT.lnk
[2009/04/15 23:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/15 01:52:01 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Interpersonal Comm Shaun of the Dead.doc
[2009/04/15 01:48:37 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 01:48:37 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 01:48:36 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 01:48:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 01:48:36 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 01:48:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 01:48:35 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 01:48:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 01:48:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 01:48:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 01:48:03 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 01:48:02 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 02:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Local Settings\Application Data\Help
[2009/04/14 02:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Help
[2009/04/14 01:53:45 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2009/04/14 01:53:26 | 00,000,000 | ---D | C] -- C:\Temp
[2009/04/14 01:53:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Syntrillium
[2009/04/08 01:19:18 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/08 01:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/08 01:18:50 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/08 01:18:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/03 22:01:32 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Amanda\Desktop\setup-spybotsd162.exe
[2009/03/29 15:48:10 | 00,019,390 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Interpersonal S09.docx
[2009/03/25 22:18:15 | 00,019,299 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\movie_analysis_xmas_vacation.docx
[2009/03/21 10:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/20 02:24:41 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/03/20 02:24:22 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/03/02 01:46:13 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/02 00:01:53 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/03/01 01:36:46 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2008/02/24 23:49:31 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2008/02/24 23:49:31 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2008/02/24 23:49:31 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2008/02/24 23:49:31 | 00,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2008/02/24 23:49:31 | 00,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2008/02/24 23:49:31 | 00,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2008/02/24 23:49:31 | 00,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2008/02/24 23:49:31 | 00,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2008/02/24 23:49:30 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2008/02/24 23:48:39 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/02/26 17:24:20 | 00,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 17:22:42 | 00,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 17:22:36 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 17:22:34 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 17:22:30 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 17:22:24 | 00,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 17:22:14 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 17:22:04 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 17:21:46 | 00,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 17:21:38 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 17:21:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/12 15:21:22 | 03,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 15:21:22 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 15:21:22 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 15:21:22 | 00,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 15:21:22 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/02/12 15:21:22 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 15:21:22 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 15:21:22 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 15:21:22 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 15:21:22 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 15:21:22 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 15:21:22 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 15:21:22 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 15:21:22 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/02/12 15:21:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 15:21:22 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 15:21:22 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 15:21:22 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 15:21:22 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/01/30 01:03:40 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/01 10:54:30 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/01 10:52:38 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/07/07 11:51:02 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2005/08/31 11:52:09 | 00,000,707 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/31 11:52:02 | 00,000,254 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/31 11:50:15 | 00,002,356 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/17 18:18:30 | 00,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/16 00:04:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe
[2009/04/15 23:57:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/15 23:56:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/15 23:53:38 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Rooter.exe
[2009/04/15 23:52:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/15 23:42:10 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/15 23:39:32 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\NTREGOPT.lnk
[2009/04/15 23:39:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\ERUNT.lnk
[2009/04/15 02:29:58 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Interpersonal Comm Shaun of the Dead.doc
[2009/04/15 02:09:57 | 00,443,556 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 02:09:57 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 02:09:57 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 01:53:58 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 01:53:45 | 00,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/14 01:53:45 | 00,000,029 | ---- | M] () -- C:\WINDOWS\wordpad.ini
[2009/04/14 01:53:26 | 00,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/13 21:51:08 | 00,000,558 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Amanda.job
[2009/04/13 18:24:46 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/03 22:09:15 | 00,305,034 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/03 22:08:16 | 00,305,034 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090403-220915.backup
[2009/04/03 22:05:11 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Spybot - Search & Destroy.lnk
[2009/04/03 22:03:19 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Amanda\Desktop\setup-spybotsd162.exe
[2009/03/29 15:48:10 | 00,019,390 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Interpersonal S09.docx
[2009/03/28 09:17:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/25 22:18:15 | 00,019,299 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\movie_analysis_xmas_vacation.docx
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/20 02:24:41 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
< End of report >





Extras Log:

OTListIt Extras logfile created on: 4/16/2009 12:05:39 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Amanda\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 418.08 Mb Available Physical Memory | 40.90% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 66.81 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMANDA-D8ECCDC2
Current User Name: Amanda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3477095F-9C20-4ACC-A085-E7AAAA3ACAB2}" = SymNet
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AAC65C9-A7BE-40D4-9EF1-F17C4B73516A}" = Symantec Real Time Storage Protection Component
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F76F68F-585B-4693-8B09-5B411E265595}" = AlienAutopsy
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C6A8BB79-7DA0-4EE1-964A-FF1A4F746B02}" = ATI Catalyst Control Center
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"6F8C52CF07BBF1FE2471DC68C08F06D7C58B7D49" = Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AlienGUIse Theme Manager" = AlienGUIse Theme Manager
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"D-i-v-X - AV Codec Pack" = D-i-v-X - AV Codec Pack (Pro) 1.1.0
"EphPod" = EphPod
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.480
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)" = Network Play System (Patching)
"PosterPrint" = PosterPrint 2.3
"Shop for HP Supplies" = Shop for HP Supplies
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SpeedFan" = SpeedFan (remove only)
"Spermies_is1" = Spermies 1.0
"SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2009 11:20:58 PM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2009 2:55:36 AM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2009 3:26:46 AM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2009 5:36:52 PM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2009 12:48:44 AM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2009 6:56:50 PM | Computer Name = AMANDA-D8ECCDC2 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/14/2009 7:14:06 PM | Computer Name = AMANDA-D8ECCDC2 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP