Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Kernel Help


  • Please log in to reply

#1
forsomehelpplease

forsomehelpplease

    New Member

  • Member
  • Pip
  • 1 posts
Was just wondering if my logs showed that I am clean. I Had the NTOS-Kernel virus when running MCAfee.


OTL logfile created on: 8/27/2009 2:06:39 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Noah\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.80% Memory free
3.83 Gb Paging File | 3.73 Gb Available in Paging File | 97.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.70 Gb Total Space | 246.12 Gb Free Space | 84.09% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 3.53 Gb Free Space | 65.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WOOD
Current User Name: Noah
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/05/01 15:34:14 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/01 15:34:14 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [1980/01/04 14:02:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noah\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/20 17:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [Disabled | Stopped])
SRV - [2006/07/27 10:52:58 | 00,188,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService [Disabled | Stopped])
SRV - [2005/08/02 17:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/09/21 08:11:52 | 00,061,440 | ---- | M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe -- (DTSRVC [Disabled | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Stopped])
SRV - [2005/08/05 21:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Stopped])
SRV - [2006/07/27 09:39:04 | 00,196,608 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe -- (ELService [Disabled | Stopped])
SRV - [2009/01/26 14:53:32 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/10 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Disabled | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/07/27 09:21:48 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM [Disabled | Stopped])
SRV - [2009/07/18 21:57:17 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2006/07/10 00:37:24 | 00,025,600 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server [Disabled | Stopped])
SRV - [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2006/07/27 10:03:24 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL [Disabled | Stopped])
SRV - [2009/05/01 15:34:14 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/04/09 08:18:50 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Stopped])
SRV - [2009/05/08 11:54:34 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/04/09 11:46:14 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Stopped])
SRV - [2005/08/05 21:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2009/05/13 23:24:26 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Stopped])
SRV - [2009/05/08 09:33:16 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
SRV - [2004/08/10 12:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009/05/08 16:26:32 | 00,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Disabled | Stopped])
SRV - [2005/07/12 19:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService [Disabled | Stopped])
SRV - [2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Stopped])
SRV - [2005/10/14 02:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/01/05 02:28:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2006/09/14 20:44:36 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Disabled | Stopped])
SRV - [2006/07/27 10:06:42 | 00,425,984 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service [Disabled | Stopped])
SRV - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Disabled | Stopped])
SRV - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/18 21:57:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/23 09:16:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/06 15:15:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 09:47:25 | 00,000,000 | ---D | M]

[2008/09/20 17:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\mozilla\Extensions
[2008/09/20 17:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/24 17:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\mozilla\Firefox\Profiles\b7lcd6yd.default\extensions
[2009/08/10 17:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\mozilla\Firefox\Profiles\b7lcd6yd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/24 17:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 09:47:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/18 21:57:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/04 09:47:20 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 09:47:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/18 21:57:17 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/04 09:47:22 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/06/03 19:08:16 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/03/15 12:17:04 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/03/15 12:17:04 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/03/15 12:17:04 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/03/15 12:17:04 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/03/15 12:17:04 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/03/15 12:17:04 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/03/15 12:17:04 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/06/03 19:08:20 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/06/03 19:08:11 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/04/26 18:19:55 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/26 18:19:55 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/26 18:19:55 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/26 18:19:55 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/26 18:19:55 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/26 18:19:55 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.26.126
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 03:41:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2099/01/01 12:00:00 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\biribeti
[2009/08/27 13:57:50 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Noah\Desktop\settings.dat
[2009/08/27 13:55:50 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsmupud.sys
[2009/08/27 13:49:12 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/27 13:49:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/27 13:49:09 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/27 13:49:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/27 13:48:38 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Noah\Desktop\RootRepeal.exe
[2009/08/27 13:48:33 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Noah\Desktop\mbam-setup.exe
[2009/08/27 13:48:24 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Noah\Desktop\OTL.exe
[2009/08/27 12:52:32 | 00,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2009/08/27 11:53:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/08/26 18:28:11 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Noah\Desktop\dds.scr
[2009/08/26 18:18:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Noah\Desktop\BIDS
[2009/08/25 11:08:38 | 00,000,000 | -HS- | C] () -- C:\-1535187366
[2009/08/24 16:51:15 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/24 16:51:15 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/24 08:08:00 | 01,089,601 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/23 09:15:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/23 09:15:21 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/23 09:15:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/08/23 09:15:16 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/23 09:14:59 | 00,000,000 | ---D | C] -- C:\a46b0c7472e1ccd199c4ad56a9
[2009/08/23 09:14:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/23 09:12:24 | 00,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 14 Days ==========

[2009/08/27 14:00:26 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Noah\Desktop\settings.dat
[2009/08/27 13:57:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 13:56:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 13:55:50 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\vsmupud.sys
[2009/08/27 13:49:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/27 12:52:32 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2009/08/27 12:52:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/26 18:28:11 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Noah\Desktop\dds.scr
[2009/08/25 11:08:38 | 00,000,000 | -HS- | M] () -- C:\-1535187366
[2009/08/24 21:37:35 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/24 20:22:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/24 16:51:15 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/24 16:51:15 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/23 10:35:40 | 01,472,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/23 09:17:50 | 00,571,832 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/23 09:17:50 | 00,491,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/23 09:17:50 | 00,089,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/19 12:40:20 | 00,018,532 | ---- | M] () -- C:\Documents and Settings\Noah\My Documents\Untitled 1.odt

========== LOP Check ==========

[2009/07/27 12:53:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/26 16:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2006/12/29 09:41:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/08/19 20:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2006/12/28 19:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/01/26 16:52:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/12/30 22:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/06/19 00:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2006/09/14 20:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/12/29 09:45:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/03/29 10:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/06 11:11:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/14 20:39:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/10 18:54:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/07/27 12:53:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Noah\Application Data
[2008/05/28 17:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\ArcSoft
[2008/05/16 12:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\Canon
[2009/01/26 14:44:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\Corel
[2006/12/28 19:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\CyberLink
[2006/12/29 09:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\DisplayTune
[2009/04/02 23:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\GetRightToGo
[2009/07/27 12:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\Messenger
[2007/01/10 18:55:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\MSNInstaller
[2009/07/18 21:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\OpenOffice.org
[2006/09/14 20:43:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\SampleView
[2006/12/29 09:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\ScanSoft
[2006/09/14 20:40:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Noah\Application Data\You've Got Pictures Screensaver
[2009/08/24 20:22:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/10 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/26 12:50:20 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/07/26 12:50:20 | 00,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/27 12:52:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/08/25 11:08:44 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\djos.exe
[2009/08/25 11:08:48 | 00,091,648 | ---- | M] (Microsoft Corporation) -- C:\sdlb.exe
[2005/10/31 09:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/10 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/10 13:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2004/08/10 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 8/27/2009 2:06:39 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Noah\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.80% Memory free
3.83 Gb Paging File | 3.73 Gb Available in Paging File | 97.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.70 Gb Total Space | 246.12 Gb Free Space | 84.09% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 3.53 Gb Free Space | 65.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WOOD
Current User Name: Noah
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3703:TCP" = 3703:TCP:*:Disabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Disabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Disabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Disabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe" = C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:LocalSubNet:Disabled:Intel® Remoting Service -- (Intel Corporation)
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe" = C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:LocalSubNet:Disabled:Intel® Viiv™ Media Server -- ()
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe" = C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:LocalSubNet:Disabled:SPCM -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Disabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5DACB956-E3ED-4A8E-8B9D-AC0B99820AE7}" = Intel Audio Studio 2.0
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6054F774-FEF0-46C6-9311-EC97FC576FC5}" = USB Wireless Keyboard Driver
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{822A8730-86A7-4CAA-BDE1-7337169BFF2B}" = Sound Blaster X-Fi Xtreme Audio
"{84288B51-B162-47FB-A74E-25C6D67E44BB}" = EzTune
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DA327C6D-D8F1-4587-B4DE-10C39BF6B891}" = Intel® Viiv™ Software
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"AwayMode160" = Microsoft Away Mode
"Canon MP160 User Registration" = Canon MP160 User Registration
"CanonMyPrinter" = Canon My Printer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EL" = Intel® Quick Resume Technology Drivers
"gtw_logo" = gtw_logo
"HECI" = Intel® Management Engine Interface
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Intel® Configuration Center" = Intel® Viiv™ Software
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Globe." = Virtual Globe.
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2009 12:54:52 PM | Computer Name = WOOD | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/12/2009 12:55:10 PM | Computer Name = WOOD | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3376 (0xd30) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.430
/ 5301.4018 Object being scanned = \Device\CdRom0\video_ts\VTS_01_3.vob by C:\Program
Files\Windows Media Player\wmplayer.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/12/2009 1:20:24 PM | Computer Name = WOOD | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2009 6:54:18 PM | Computer Name = WOOD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2009 5:21:51 PM | Computer Name = WOOD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/21/2009 9:40:22 AM | Computer Name = WOOD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3603, fault address 0x00068cc8.

Error - 8/25/2009 2:12:27 AM | Computer Name = WOOD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2009 10:51:12 PM | Computer Name = WOOD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x01972578.

Error - 8/26/2009 8:06:11 PM | Computer Name = WOOD | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Ehepgdat

Error - 8/27/2009 1:39:22 PM | Computer Name = WOOD | Source = Media Center Guide | ID = 3
Description = Event Info: Error attempting to start the Guide download process.
The Background Intelligent Transfer Service (BITS) must be installed. See Help and
Support Center for more information. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Ehepgdat


[ IntelDH Events ]
Error - 9/20/2006 6:32:01 AM | Computer Name = YOUR-0B890C2128 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL mon driver.

[ System Events ]
Error - 8/27/2009 2:01:11 PM | Computer Name = WOOD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/27/2009 2:01:35 PM | Computer Name = WOOD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/27/2009 2:02:36 PM | Computer Name = WOOD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/27/2009 2:03:35 PM | Computer Name = WOOD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/27/2009 2:03:56 PM | Computer Name = WOOD | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/27/2009 2:04:45 PM | Computer Name = WOOD | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/27/2009 2:05:36 PM | Computer Name = WOOD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/27/2009 2:05:46 PM | Computer Name = WOOD | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Services service, but
this action failed with the following error: %%1056

Error - 8/27/2009 2:06:57 PM | Computer Name = WOOD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 8/27/2009 2:06:58 PM | Computer Name = WOOD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}


< End of report >


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2 (Safe Mode)

8/27/2009 1:55:11 PM
mbam-log-2009-08-27 (13-55-11).txt

Scan type: Quick Scan
Objects scanned: 125169
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AVR09.exe (Adware.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

==================================================
Scan Start Time: 2009/08/27 14:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xBA640000 Size: 749568 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9CFC000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: kbiwkmiqqpcbqm
Image Path: C:\WINDOWS\system32\drivers\kbiwkmkawoqfqb.sys

==EOF==
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP