Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Do I have a virus?

Started by GFMI , May 05 2009 11:29 AM

  • Please log in to reply

#1
GFMI
Posted 05 May 2009 - 11:29 AM

GFMI

    New Member

  • Member
  • Pip
  • 3 posts
Hi there,
I apologize in advice for my extreme novice nature of all of this....but just wondering if someone wouldn't mind checking these logs files to see if there's a virus in there.
Backstory:
My google was being interferred with (both in Firefox and IE) and would redirect to porn or shopping sites via smartbizsearch. I ran an entire system scan with Symantec Antivirus and quarantined 3 things. I also ran Ad-Aware and removed anything that popped up there.

I read, and completed what I could from the "Geeks to Go! Malware Removal and Spyware Removal Malware and Spyware Cleaning Guide". From here, due to system priviledges I wasn't able to New System Restore Point and also had an issue in not being able to RUN "Malwarebytes' Anti-Malware" (downloaded fine but will not "run" -- also attempted via a chaned name for the mbam-setup.ext).

So after all of that, I ran the Rooter Rootkit Detector and also the Old Timer List It2. These are the results. Could you please tell me if there is still a virus on here and what I may try next? I hope that question isn't too vague. I appreciate your help TREMENDOUSLY and really can't say that enough. Thank you greatly for your time!

Rooter.txt:
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:114400 Mo/Free:3827 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - FAT32 - (Total:286111 Mo/Free:861 Mo)
F:\ [Network] (Total:550563 Mo/Free:3099 Mo)
I:\ [Network] (Total:267504 Mo/Free:207 Mo)
L:\ [Network] (Total:267504 Mo/Free:207 Mo)
Q:\ [Network] (Total:267504 Mo/Free:207 Mo)
S:\ [Network] (Total:267504 Mo/Free:207 Mo)
T:\ [Network] (Total:267504 Mo/Free:207 Mo)
V:\ [Network] (Total:267504 Mo/Free:207 Mo)
X:\ [Network] (Total:550563 Mo/Free:3099 Mo)

Tue 05/05/2009|13:13

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
---------- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---------- C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Symantec AntiVirus\SavRoam.exe
---------- C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
---------- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
---------- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\ntvdm.exe
---------- C:\WINDOWS\System32\DSentry.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~2\VPTray.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
---------- C:\Program Files\MSN Messenger\msnmsgr.exe
---------- C:\WINDOWS\system32\javaw.exe
---------- C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe
---------- C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\iTunes\iTunes.exe
---------- C:\Program Files\MSN Messenger\usnsvc.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.233,85.255.112.19
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.233,85.255.112.19
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.233,85.255.112.19
==> WAREOUT <==

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 05/05/2009|13:14

----------------------\\ Scan completed at 13:14


OTListIt.txt
OTListIt logfile created on: 5/5/2009 1:16:12 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\jessica\Local Settings\Temporary Internet Files\Content.IE5\PIVVL1HI
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.01% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 88.92% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 27.74 Gb Free Space | 24.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.41 Gb Total Space | 8.84 Gb Free Space | 3.16% Space Free | Partition Type: FAT32
Drive F: | 537.66 Gb Total Space | 91.03 Gb Free Space | 16.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive L: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive Q: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive S: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive T: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive V: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive X: | 537.66 Gb Total Space | 91.03 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: MAT-XP
Current User Name: jessica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Macrovision Corporation)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Macrovision Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE ()
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe (MétéoMédia/The Weather Network)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe (SteepandCheap.com)
PRC - C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe (Whiskey Militia)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\jessica\Local Settings\Temporary Internet Files\Content.IE5\PIVVL1HI\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (ArcGIS License Manager [Auto | Running]) -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Macrovision Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (awhost32 [On_Demand | Stopped]) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FirebirdServerMAGIXInstance [On_Demand | Stopped]) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Disabled | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SavRoam [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SentinelKeysServer [Auto | Running]) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (SentinelProtectionServer [Auto | Running]) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (awlegacy [System | Running]) -- C:\WINDOWS\System32\Drivers\awlegacy.sys (Symantec Corporation)
DRV - (AW_HOST [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\aw_host5.sys (Symantec Corporation)
DRV - (CBUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CBUSB.sys (MARX CryptoTech LP)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Gernuwa [Boot | Running]) -- C:\WINDOWS\System32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090505.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090505.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys (Macrovision Europe Ltd)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sentinel [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SNTNLUSB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.ca/"
FF - prefs.js..extensions.enabledItems: {f02289b7-b23a-49b1-a7da-b60880e69629}:1.300.183
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.freeca...h.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/05 12:51:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 13:40:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/01 17:52:01 | 00,000,000 | ---D | M]

[2008/12/11 12:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Extensions
[2008/12/11 12:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/05 10:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Firefox\Profiles\ff46yb5t.default\extensions
[2009/03/25 09:06:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Firefox\Profiles\ff46yb5t.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/02/02 09:20:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Firefox\Profiles\ff46yb5t.default\extensions\{f02289b7-b23a-49b1-a7da-b60880e69629}
[2008/11/06 11:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Firefox\Profiles\ff46yb5t.default\extensions\[email protected]
[2009/02/12 09:12:20 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\jessica\Application Data\Mozilla\FireFox\Profiles\ff46yb5t.default\searchplugins\yahoo-search.xml
[2008/12/11 12:23:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 13:40:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/30 13:40:14 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 13:40:14 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/30 13:40:29 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/30 13:40:29 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/30 13:40:29 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/30 13:40:29 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/30 13:40:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/01/31 22:50:59 | 00,001,728 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\onestep.xml
[2009/04/30 13:40:29 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/30 13:40:29 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (925 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 65.54.239.80 dp.msnmessenger.skadns.net
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe File not found
O4 - HKCU..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye (MétéoMédia/The Weather Network)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Data Exchange Service.lnk = C:\Program Files\Ministry of Natural Resources\FI_Portal\bin\fipservice.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SAC-Desktop-Alert.lnk = C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe (SteepandCheap.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WM-Desktop-Alert.lnk = C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe (Whiskey Militia)
O4 - Startup: C:\Documents and Settings\jessica\Start Menu\Programs\Startup\Get Set3651232007.lnk = C:\Program Files\Get Set\Get Set.exe File not found
O4 - Startup: C:\Documents and Settings\jessica\Start Menu\Programs\Startup\Get Set578154690.lnk = C:\Program Files\Get Set\Get Set.exe File not found
F3 - HKCU WinNT: Load - (C:\TCWIN45\PIPELINE\remind.exe) - C:\TCWIN45\PIPELINE\remind.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\npjpi150_12.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1094757660968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1169063265531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bfpl.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.233,85.255.112.19
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\system32\PCANotify.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/03 15:42:57 | 00,000,026 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/04 18:00:50 | 00,000,342 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/04 18:00:52 | 00,000,364 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/05 13:13:47 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/05 13:13:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 13:13:28 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 13:13:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 13:13:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/05 13:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/05 12:47:22 | 00,000,000 | ---D | C] -- C:\c092d175bd6a121fe6
[2009/05/05 12:46:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/05/05 12:45:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/05 11:27:28 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/05 11:27:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/05 11:27:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\Application Data\SUPERAntiSpyware.com
[2009/05/05 11:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/05 11:13:25 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\jessica\My Documents\mbam-setupJess.exe
[2009/05/05 11:10:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/05 11:10:04 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/05 10:54:36 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jessica\Desktop\mbam-setup(2).exe
[2009/05/05 10:14:50 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jessica\Desktop\virusgetout.exe
[2009/05/01 11:10:44 | 00,000,000 | ---D | C] -- C:\DOCUME~1\jessica\My Documents\MAGIX downloads
[2009/05/01 11:10:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\Application Data\MAGIX
[2009/05/01 11:09:46 | 00,644,384 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLAV32.dll
[2009/05/01 11:09:46 | 00,430,080 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\MXRestore.exe
[2009/05/01 11:09:46 | 00,202,016 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRES32.dll
[2009/05/01 11:09:46 | 00,173,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDEV32.dll
[2009/05/01 11:09:46 | 00,161,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDRV32.dll
[2009/05/01 11:09:46 | 00,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDA32.dll
[2009/05/01 11:09:46 | 00,111,904 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCPY32.dll
[2009/05/01 11:09:46 | 00,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPTL32.dll
[2009/05/01 11:09:46 | 00,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDF32.dll
[2009/05/01 11:09:46 | 00,058,656 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIO32.dll
[2009/05/01 11:09:46 | 00,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLTPO32.dll
[2009/05/01 11:09:46 | 00,054,560 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRF32.dll
[2009/05/01 11:09:46 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRJ32.dll
[2009/05/01 11:09:46 | 00,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIMG32.dll
[2009/05/01 11:09:46 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2009/05/01 11:09:46 | 00,042,272 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPNT32.dll
[2009/05/01 11:09:46 | 00,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRD32.dll
[2009/05/01 11:09:46 | 00,038,176 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\STRING32.dll
[2009/05/01 11:09:46 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLMSC32.dll
[2009/05/01 11:09:46 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLISO32.dll
[2009/05/01 11:09:46 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDIR32.dll
[2009/05/01 11:09:46 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTIC32.dll
[2009/05/01 11:09:46 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTI32.dll
[2009/05/01 11:09:46 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIX.dll
[2009/05/01 11:09:46 | 00,014,182 | ---- | C] () -- C:\WINDOWS\System32\DLLAV32.lib
[2009/05/01 11:09:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\jessica\My Documents\MAGIX_Xtreme_PhotoStory_on_CD_DVD_7_Download_version
[2009/05/01 11:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/05/01 11:09:09 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/05/01 11:09:09 | 00,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2009/05/01 11:08:44 | 00,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2009/05/01 11:08:44 | 00,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/05/01 11:08:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2009/05/01 09:22:18 | 10,226,2920 | ---- | C] (MAGIX AG) -- C:\Documents and Settings\jessica\Desktop\photostory_7_98mb_us.exe
[2009/05/01 08:12:06 | 00,000,342 | RHS- | C] () -- C:\autorun.inf
[2009/04/30 14:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\Application Data\Photozig Albums
[2009/04/30 14:17:32 | 00,000,000 | ---D | C] -- C:\Program Files\Flash Slideshow Maker Professional
[2009/04/29 03:01:23 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/04/29 03:01:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/04/16 13:50:37 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 13:50:37 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 13:50:37 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 13:50:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 13:50:36 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 13:50:36 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 13:50:36 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 13:50:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 13:50:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 13:48:21 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 13:48:21 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 13:48:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2008/10/02 17:20:26 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\TrayIcon12.dll
[2008/07/15 13:04:35 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\cdo32.dll
[2008/04/02 11:48:37 | 00,000,082 | ---- | C] () -- C:\WINDOWS\PDF2IMG.INI
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/21 10:50:19 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AttributeTransferUI.INI
[2007/02/28 18:30:10 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/09 14:03:57 | 00,000,030 | ---- | C] () -- C:\WINDOWS\ColorUI.INI
[2006/08/29 13:24:31 | 00,000,075 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/03/31 09:23:21 | 00,000,331 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006/03/31 09:23:21 | 00,000,232 | ---- | C] () -- C:\WINDOWS\TCW.INI
[2006/03/31 09:23:20 | 00,001,305 | ---- | C] () -- C:\WINDOWS\openhelp.ini
[2006/03/31 09:23:01 | 00,000,200 | ---- | C] () -- C:\WINDOWS\OWL.INI
[2006/03/31 09:22:53 | 00,000,049 | ---- | C] () -- C:\WINDOWS\workshop.ini
[2006/03/09 15:29:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 15:29:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 15:29:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/17 12:50:44 | 00,000,024 | ---- | C] () -- C:\WINDOWS\MxTools.INI
[2005/12/15 12:58:21 | 00,000,072 | ---- | C] () -- C:\WINDOWS\StyleGalleryUI.INI
[2005/08/03 08:51:29 | 00,000,080 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/22 09:02:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2005/04/21 09:12:41 | 00,000,200 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/03/02 15:41:00 | 00,000,045 | ---- | C] () -- C:\WINDOWS\LayerUI.INI
[2005/03/02 15:09:04 | 00,000,021 | ---- | C] () -- C:\WINDOWS\symbologyUI.INI
[2005/01/26 17:31:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/06/23 14:07:05 | 00,008,497 | ---- | C] () -- C:\WINDOWS\lviewpro.ini
[2004/06/17 10:35:26 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2004/06/17 10:33:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/03/17 15:31:38 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/03/17 15:31:36 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/03/15 10:03:25 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/03/15 10:03:25 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/03/12 16:07:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/25 21:48:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/25 21:44:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/25 21:40:23 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/25 21:36:50 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/02/25 21:23:00 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/25 21:22:44 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/25 21:10:02 | 00,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/17 11:33:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/11/17 11:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/08/14 00:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 15:36:02 | 00,000,674 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 15:26:32 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[1997/06/25 14:24:16 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/05 13:13:28 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 13:12:15 | 00,000,585 | ---- | M] () -- C:\DOCUME~1\jessica\My Documents\My Sharing Folders.lnk
[2009/05/05 13:10:31 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/05 13:10:11 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/05 13:10:01 | 00,087,808 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/05 13:08:35 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/05 13:08:09 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\jessica\Local Settings\DESKTOP.INI
[2009/05/05 13:07:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/05 13:06:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/05 13:06:47 | 00,262,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 12:55:23 | 00,498,456 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 12:55:23 | 00,439,084 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/05 12:55:23 | 00,070,344 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/05 11:49:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/05 11:27:28 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/05 11:13:32 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\jessica\My Documents\mbam-setupJess.exe
[2009/05/05 10:55:10 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jessica\Desktop\mbam-setup(2).exe
[2009/05/05 10:16:44 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jessica\Desktop\virusgetout.exe
[2009/05/04 18:00:50 | 00,000,342 | RHS- | M] () -- C:\autorun.inf
[2009/05/01 11:09:56 | 00,006,211 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2009/05/01 09:35:43 | 10,226,2920 | ---- | M] (MAGIX AG) -- C:\Documents and Settings\jessica\Desktop\photostory_7_98mb_us.exe
[2009/04/20 16:23:04 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/20 08:00:01 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\jessica\Start Menu\Programs\Startup\Get Set3651232007.lnk
[2009/04/17 03:06:37 | 02,006,412 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/04/17 03:02:36 | 00,000,674 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
< End of report >


Extras.txt
OTListIt Extras logfile created on: 5/5/2009 1:16:12 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\jessica\Local Settings\Temporary Internet Files\Content.IE5\PIVVL1HI
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.01% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 88.92% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 27.74 Gb Free Space | 24.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.41 Gb Total Space | 8.84 Gb Free Space | 3.16% Space Free | Partition Type: FAT32
Drive F: | 537.66 Gb Total Space | 91.03 Gb Free Space | 16.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive L: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive Q: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive S: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive T: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive V: | 261.23 Gb Total Space | 64.20 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive X: | 537.66 Gb Total Space | 91.03 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: MAT-XP
Current User Name: jessica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Symantec\pcAnywhere\winaw32.exe:*:Enabled:pcAnywhere Main Program (Symantec Corporation)
C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service (Symantec Corporation)
C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service (Symantec Corporation)
C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe:*:Enabled:javaw File not found
C:\WINDOWS\SYSTEM32\javaw.exe:*:Enabled:javaw (Sun Microsystems, Inc.)
C:\Program Files\Gerema\License Manager\CbNetSrv.srv:*:Enabled:CbNetSrv File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 File not found
C:\Program Files\Java\j2re1.4.2\bin\javaw.exe:*:Enabled:javaw File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server (SafeNet, Inc.)
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server (SafeNet, Inc)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client (FileZilla Project)
C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1BA183D3-68AF-44BC-B7FE-6BC17DD54727}" = DNRGarmin
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2B0AEAE7-6EF2-4642-8F95-DDBC9B72721D}" = ArcGIS ArcInfo Workstation
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{395F93E3-E32D-4E23-BFCD-F4F55F36069C}" = FI Portal Data Exchange Service
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4A807B98-4F57-457D-B396-83FB17CA6B63}" = Gerema
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{7148F0A8-6813-11D6-A77B-00B0D0142130}" = Java 2 Runtime Environment, SE v1.4.2_13
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
"{7F67A6AE-414C-11D4-9F71-00C04F6BDDB9}" = VBA (3821b)
"{7F67A6AF-414C-11D4-9F71-00C04F6BDDB9}" = VBA (3821b)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F956BB5-75F8-48EF-8E37-4E9CFEBB37F9}" = Mapper
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6575DB1-4DAB-11D5-AEFA-00C04F68C068}" = Image Web Server IE Plugin 2,0,0,104
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{B8A204BC-7177-470E-BBDD-47256D05B325}" = iTunes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Able2Extract v3.0" = Able2Extract v3.0
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ArcGIS Desktop" = ArcGIS Desktop
"ArcGIS License Manager" = ArcGIS License Manager
"ArcPressDeinstKey" = ArcView ArcPress Version 2.0
"btafshss.exe" = btafshss.exe
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.2.1
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"MAGIX Xtreme PhotoStory on CD & DVD 7 Trial US" = MAGIX Xtreme PhotoStory on CD & DVD 7 Trial 7.0.3.0 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NDPEGTool" = NDPEG Tool
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OntarioMartenAnalyst2" = Ontario Marten Analyst 2
"PROSet" = Intel® PRO Network Connections Drivers
"Python 2.4.1" = Python 2.4.1
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Silvitracs 3.0" = Silvitracs 3.0
"Splotw32" = SPLOT32 Plotter Simulator
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SteepAndCheap" = SAC Desktop Alert
"TRUCKBASE CORRECTOR" = TRUCKBASE CORRECTOR
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Basic 6.0 Working Model Edition" = Microsoft Visual Basic 6.0 Working Model Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WhiskeyMilitia" = Whiskey Militia Desktop Alert
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ArcView GIS 3.3" = ArcView GIS 3.3
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2009 11:37:44 AM | Computer Name = MAT-XP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1002, faulting
module superantispyware.exe, version 4.26.0.1002, fault address 0x0008a7a3.

Error - 5/5/2009 11:57:28 AM | Computer Name = MAT-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/5/2009 11:57:28 AM | Computer Name = MAT-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/5/2009 12:08:29 PM | Computer Name = MAT-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/5/2009 12:08:29 PM | Computer Name = MAT-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/5/2009 1:07:20 PM | Computer Name = MAT-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/5/2009 1:07:20 PM | Computer Name = MAT-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/5/2009 1:08:11 PM | Computer Name = MAT-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/5/2009 1:08:11 PM | Computer Name = MAT-XP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/5/2009 1:10:32 PM | Computer Name = MAT-XP | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1002, faulting
module superantispyware.exe, version 4.26.0.1002, fault address 0x0008a7a3.

[ System Events ]
Error - 4/30/2009 5:20:26 PM | Computer Name = MAT-XP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 5/1/2009 8:12:15 AM | Computer Name = MAT-XP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000369'
while processing the file 'autorun.inf' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.

Error - 5/1/2009 2:54:39 PM | Computer Name = MAT-XP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 5/1/2009 4:52:51 PM | Computer Name = MAT-XP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/2/2009 8:19:03 PM | Computer Name = MAT-XP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/3/2009 6:07:08 PM | Computer Name = MAT-XP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/4/2009 3:22:36 AM | Computer Name = MAT-XP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/5/2009 11:02:40 AM | Computer Name = MAT-XP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring
the volume.

Error - 5/5/2009 12:48:36 PM | Computer Name = MAT-XP | Source = Print | ID = 22
Description = Failed to ugrade printer settings for printer \\VOODOO\GIS Laser,LocalOnly
driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 5.

Error - 5/5/2009 1:03:07 PM | Computer Name = MAT-XP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.


< End of report >



Thank you again, so very very much!!
  • 0

Advertisements

#2
GFMI
Posted 05 May 2009 - 11:52 AM

GFMI

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
To perhaps add to the problem....on reboot I now get:
"Windows cannot find 'C:/Program'. Make sure you typed the name coreectly, and then try again. To search for a file, click the Start button, and then click Search". Maybe that has to do with the faulty issues with the Malware software?? Or points to a bigger problem?

Thanks again!
  • 0

#3
GFMI
Posted 05 May 2009 - 02:21 PM

GFMI

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
After much solid searching, I found some methods I think to eliminate the virus -- and with that realized it's the "Redirect Virus". I was just hoping that someone could:
a) verify that the virus is indeed gone
b) direct me with what to do should it be gone (files to clean up) or should it NOT be gone (how to fix)

I'm so sorry, this thread is getting so cluttered by my own gibberish.
As always, GREATLY appreciated!

Rooter.txt
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:114400 Mo/Free:3753 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - FAT32 - (Total:286111 Mo/Free:861 Mo)
F:\ [Network] (Total:550563 Mo/Free:3101 Mo)
I:\ [Network] (Total:267504 Mo/Free:192 Mo)
L:\ [Network] (Total:267504 Mo/Free:192 Mo)
Q:\ [Network] (Total:267504 Mo/Free:192 Mo)
S:\ [Network] (Total:267504 Mo/Free:192 Mo)
T:\ [Network] (Total:267504 Mo/Free:192 Mo)
V:\ [Network] (Total:267504 Mo/Free:192 Mo)
X:\ [Network] (Total:550563 Mo/Free:3101 Mo)

Tue 05/05/2009|15:54

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Symantec AntiVirus\SavRoam.exe
---------- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
---------- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\ntvdm.exe
---------- C:\WINDOWS\System32\DSentry.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~2\VPTray.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\MSN Messenger\msnmsgr.exe
---------- C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe
---------- C:\WINDOWS\system32\javaw.exe
---------- C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 05/05/2009|13:14
2 - "C:\Rooter$\Rooter_2.txt" - Tue 05/05/2009|15:56

----------------------\\ Scan completed at 15:56

OTList_It.txt
OTListIt logfile created on: 5/5/2009 4:19:21 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\jessica\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.14% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 27.62 Gb Free Space | 24.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 279.41 Gb Total Space | 8.84 Gb Free Space | 3.16% Space Free | Partition Type: FAT32
Drive F: | 537.66 Gb Total Space | 91.03 Gb Free Space | 16.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 261.23 Gb Total Space | 64.18 Gb Free Space | 24.57% Space Free | Partition Type: NTFS
Drive L: | 261.23 Gb Total Space | 64.18 Gb Free Space | 24.57% Space Free | Partition Type: NTFS
Drive Q: | 261.23 Gb Total Space | 64.18 Gb Free Space | 24.57% Space Free | Partition Type: NTFS
Drive S: | 261.23 Gb Total Space | 64.18 Gb Free Space | 24.57% Space Free | Partition Type: NTFS
Drive T: | 261.23 Gb Total Space | 64.18 Gb Free Space | 24.57% Space Free | Partition Type: NTFS
Drive V: | 261.23 Gb Total Space | 64.18 Gb Free Space | 24.57% Space Free | Partition Type: NTFS
Drive X: | 537.66 Gb Total Space | 91.03 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: MAT-XP
Current User Name: jessica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Macrovision Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Macrovision Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe (SteepandCheap.com)
PRC - C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe (Whiskey Militia)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\System32\WISPTIS.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\jessica\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (ArcGIS License Manager [Auto | Running]) -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Macrovision Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (awhost32 [On_Demand | Stopped]) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FirebirdServerMAGIXInstance [On_Demand | Stopped]) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Disabled | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SavRoam [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SentinelKeysServer [Auto | Running]) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (SentinelProtectionServer [Auto | Running]) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (awlegacy [System | Running]) -- C:\WINDOWS\System32\Drivers\awlegacy.sys (Symantec Corporation)
DRV - (AW_HOST [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\aw_host5.sys (Symantec Corporation)
DRV - (CBUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CBUSB.sys (MARX CryptoTech LP)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Gernuwa [Boot | Running]) -- C:\WINDOWS\System32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090505.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090505.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys (Macrovision Europe Ltd)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sentinel [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SNTNLUSB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.ca/"
FF - prefs.js..extensions.enabledItems: {f02289b7-b23a-49b1-a7da-b60880e69629}:1.300.183
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.freeca...h.yahoo.com&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/05 12:51:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 13:40:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/01 17:52:01 | 00,000,000 | ---D | M]

[2008/12/11 12:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Extensions
[2008/12/11 12:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/05 13:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Firefox\Profiles\ff46yb5t.default\extensions
[2009/03/25 09:06:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Firefox\Profiles\ff46yb5t.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/02/02 09:20:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Firefox\Profiles\ff46yb5t.default\extensions\{f02289b7-b23a-49b1-a7da-b60880e69629}
[2008/11/06 11:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jessica\Application Data\mozilla\Firefox\Profiles\ff46yb5t.default\extensions\[email protected]
[2009/02/12 09:12:20 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\jessica\Application Data\Mozilla\FireFox\Profiles\ff46yb5t.default\searchplugins\yahoo-search.xml
[2009/05/05 14:14:48 | 00,000,872 | ---- | M] () -- C:\Documents and Settings\jessica\Application Data\Mozilla\FireFox\Profiles\ff46yb5t.default\searchplugins\yahoo.gif
[2009/05/05 14:14:48 | 00,000,466 | ---- | M] () -- C:\Documents and Settings\jessica\Application Data\Mozilla\FireFox\Profiles\ff46yb5t.default\searchplugins\yahoo.src
[2009/05/05 14:14:40 | 00,001,767 | ---- | M] () -- C:\Documents and Settings\jessica\Application Data\Mozilla\FireFox\Profiles\ff46yb5t.default\searchplugins\yahoo.xml
[2008/12/11 12:23:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 13:40:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/30 13:40:14 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 13:40:14 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/30 13:40:29 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/30 13:40:29 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/30 13:40:29 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/30 13:40:29 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/30 13:40:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/01/31 22:50:59 | 00,001,728 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\onestep.xml
[2009/04/30 13:40:29 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/30 13:40:29 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (925 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 65.54.239.80 dp.msnmessenger.skadns.net
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Data Exchange Service.lnk = C:\Program Files\Ministry of Natural Resources\FI_Portal\bin\fipservice.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SAC-Desktop-Alert.lnk = C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe (SteepandCheap.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WM-Desktop-Alert.lnk = C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe (Whiskey Militia)
O4 - Startup: C:\Documents and Settings\jessica\Start Menu\Programs\Startup\Get Set3651232007.lnk = C:\Program Files\Get Set\Get Set.exe File not found
O4 - Startup: C:\Documents and Settings\jessica\Start Menu\Programs\Startup\Get Set578154690.lnk = C:\Program Files\Get Set\Get Set.exe File not found
F3 - HKCU WinNT: Load - (C:\TCWIN45\PIPELINE\remind.exe) - C:\TCWIN45\PIPELINE\remind.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\npjpi150_12.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1094757660968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1169063265531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bfpl.ca
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\system32\PCANotify.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/03 15:42:57 | 00,000,026 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/05 14:06:17 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/05 14:06:18 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/05 16:14:59 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jessica\Desktop\OTListIt2.exe
[2009/05/05 15:54:47 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\jessica\Desktop\Rooter.exe
[2009/05/05 15:38:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 15:38:51 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 15:38:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 15:38:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/05 15:38:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/05 15:38:09 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jessica\Desktop\mbam-setup.exe
[2009/05/05 15:32:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\Application Data\Malwarebytes
[2009/05/05 14:47:39 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\jessica\Desktop\avenger.zip
[2009/05/05 14:22:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\jessica\Desktop\HijackThis.lnk
[2009/05/05 14:22:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/05 14:06:17 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/05/05 14:05:40 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\jessica\Desktop\Flash_Disinfector.exe
[2009/05/05 13:54:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\Application Data\True Sword
[2009/05/05 13:13:47 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/05 12:47:22 | 00,000,000 | ---D | C] -- C:\c092d175bd6a121fe6
[2009/05/05 12:46:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/05/05 12:45:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/05 11:27:28 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/05 11:27:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/05 11:27:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\Application Data\SUPERAntiSpyware.com
[2009/05/05 11:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/05 11:13:25 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jessica\My Documents\mbam-setupJess.exe
[2009/05/05 11:10:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/05 11:10:04 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/01 11:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\My Documents\MAGIX downloads
[2009/05/01 11:10:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\Application Data\MAGIX
[2009/05/01 11:09:46 | 00,644,384 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLAV32.dll
[2009/05/01 11:09:46 | 00,430,080 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\MXRestore.exe
[2009/05/01 11:09:46 | 00,202,016 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRES32.dll
[2009/05/01 11:09:46 | 00,173,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDEV32.dll
[2009/05/01 11:09:46 | 00,161,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDRV32.dll
[2009/05/01 11:09:46 | 00,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDA32.dll
[2009/05/01 11:09:46 | 00,111,904 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCPY32.dll
[2009/05/01 11:09:46 | 00,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPTL32.dll
[2009/05/01 11:09:46 | 00,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDF32.dll
[2009/05/01 11:09:46 | 00,058,656 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIO32.dll
[2009/05/01 11:09:46 | 00,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLTPO32.dll
[2009/05/01 11:09:46 | 00,054,560 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRF32.dll
[2009/05/01 11:09:46 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRJ32.dll
[2009/05/01 11:09:46 | 00,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIMG32.dll
[2009/05/01 11:09:46 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2009/05/01 11:09:46 | 00,042,272 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPNT32.dll
[2009/05/01 11:09:46 | 00,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRD32.dll
[2009/05/01 11:09:46 | 00,038,176 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\STRING32.dll
[2009/05/01 11:09:46 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLMSC32.dll
[2009/05/01 11:09:46 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLISO32.dll
[2009/05/01 11:09:46 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDIR32.dll
[2009/05/01 11:09:46 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTIC32.dll
[2009/05/01 11:09:46 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTI32.dll
[2009/05/01 11:09:46 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIX.dll
[2009/05/01 11:09:46 | 00,014,182 | ---- | C] () -- C:\WINDOWS\System32\DLLAV32.lib
[2009/05/01 11:09:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\My Documents\MAGIX_Xtreme_PhotoStory_on_CD_DVD_7_Download_version
[2009/05/01 11:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/05/01 11:09:09 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/05/01 11:09:09 | 00,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2009/05/01 11:08:44 | 00,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2009/05/01 11:08:44 | 00,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/05/01 11:08:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2009/05/01 09:22:18 | 10,226,2920 | ---- | C] (MAGIX AG) -- C:\Documents and Settings\jessica\Desktop\photostory_7_98mb_us.exe
[2009/04/30 14:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jessica\Application Data\Photozig Albums
[2009/04/30 14:17:32 | 00,000,000 | ---D | C] -- C:\Program Files\Flash Slideshow Maker Professional
[2009/04/16 13:50:37 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 13:50:37 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 13:50:37 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 13:50:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 13:50:36 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 13:50:36 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 13:50:36 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 13:50:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 13:50:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 13:48:21 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 13:48:21 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 13:48:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2008/10/02 17:20:26 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\TrayIcon12.dll
[2008/07/15 13:04:35 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\cdo32.dll
[2008/04/02 11:48:37 | 00,000,082 | ---- | C] () -- C:\WINDOWS\PDF2IMG.INI
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/21 10:50:19 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AttributeTransferUI.INI
[2007/02/28 18:30:10 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/09 14:03:57 | 00,000,030 | ---- | C] () -- C:\WINDOWS\ColorUI.INI
[2006/08/29 13:24:31 | 00,000,075 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/03/31 09:23:21 | 00,000,331 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006/03/31 09:23:21 | 00,000,232 | ---- | C] () -- C:\WINDOWS\TCW.INI
[2006/03/31 09:23:20 | 00,001,305 | ---- | C] () -- C:\WINDOWS\openhelp.ini
[2006/03/31 09:23:01 | 00,000,200 | ---- | C] () -- C:\WINDOWS\OWL.INI
[2006/03/31 09:22:53 | 00,000,049 | ---- | C] () -- C:\WINDOWS\workshop.ini
[2006/03/09 15:29:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 15:29:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 15:29:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/17 12:50:44 | 00,000,024 | ---- | C] () -- C:\WINDOWS\MxTools.INI
[2005/12/15 12:58:21 | 00,000,072 | ---- | C] () -- C:\WINDOWS\StyleGalleryUI.INI
[2005/08/03 08:51:29 | 00,000,080 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/22 09:02:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2005/04/21 09:12:41 | 00,000,200 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/03/02 15:41:00 | 00,000,045 | ---- | C] () -- C:\WINDOWS\LayerUI.INI
[2005/03/02 15:09:04 | 00,000,021 | ---- | C] () -- C:\WINDOWS\symbologyUI.INI
[2005/01/26 17:31:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/06/23 14:07:05 | 00,008,497 | ---- | C] () -- C:\WINDOWS\lviewpro.ini
[2004/06/17 10:35:26 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2004/06/17 10:33:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/03/17 15:31:38 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/03/17 15:31:36 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/03/15 10:03:25 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/03/15 10:03:25 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/03/12 16:07:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/25 21:48:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/25 21:44:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/25 21:40:23 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/25 21:36:50 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/02/25 21:23:00 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/25 21:22:44 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/25 21:10:02 | 00,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/17 11:33:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/11/17 11:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/08/14 00:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 15:36:02 | 00,000,674 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 15:26:32 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[1997/06/25 14:24:16 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/05 16:14:59 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jessica\Desktop\OTListIt2.exe
[2009/05/05 15:56:20 | 00,000,585 | ---- | M] () -- C:\Documents and Settings\jessica\My Documents\My Sharing Folders.lnk
[2009/05/05 15:54:47 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\jessica\Desktop\Rooter.exe
[2009/05/05 15:52:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/05 15:52:35 | 00,087,808 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/05 15:52:29 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/05 15:52:08 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\jessica\Local Settings\DESKTOP.INI
[2009/05/05 15:52:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/05 15:51:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/05 15:38:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 15:38:30 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jessica\Desktop\mbam-setup.exe
[2009/05/05 14:47:51 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\jessica\Desktop\avenger.zip
[2009/05/05 14:22:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\jessica\Desktop\HijackThis.lnk
[2009/05/05 14:05:40 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\jessica\Desktop\Flash_Disinfector.exe
[2009/05/05 13:06:47 | 00,262,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 12:55:23 | 00,498,456 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 12:55:23 | 00,439,084 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/05 12:55:23 | 00,070,344 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/05 11:49:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/05 11:27:28 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/05 11:13:32 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jessica\My Documents\mbam-setupJess.exe
[2009/05/01 11:09:56 | 00,006,211 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2009/05/01 09:35:43 | 10,226,2920 | ---- | M] (MAGIX AG) -- C:\Documents and Settings\jessica\Desktop\photostory_7_98mb_us.exe
[2009/04/20 16:23:04 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/20 08:00:01 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\jessica\Start Menu\Programs\Startup\Get Set3651232007.lnk
[2009/04/17 03:06:37 | 02,006,412 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/04/17 03:02:36 | 00,000,674 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
< End of report >



I didn't get an Extras.txt pop out this time....maybe that's a good thing??

Thank you for all of your help and sharing your wealth of computer smarts! :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP