HTTPS Tidserv Request and HTTPS Tidserv Request 2.
These are sequencing about every 1/2 hour and then alternate, so seems I have 2 viruses, not sure though.
After reading the removal guide I have run the scans but the GMER root scan won't let me save, the computer keeps crashing when I try. I did manage to copy and paste the scan details in notepad so I can post them.
The scan details are below, so any help removing &/or correcting would be very appreciated.
Thanks!
Malwarebytes Scan -- Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4140
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/25/2010 3:45:22 AM
mbam-log-2010-05-25 (03-45-22).txt
Scan type: Full scan (C:\|)
Objects scanned: 185296
Time elapsed: 1 hour(s), 12 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Home Main\Application Data\Move Networks\MoveMediaPlayer_07103010.exe (Backdoor.Bot) -> No action taken.
GMER Scan -- GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-26 11:10:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HOMEMA~1\LOCALS~1\Temp\kfxdrpob.sys
---- System - GMER 1.0.15 ----
SSDT 8A312BE8 ZwAlertResumeThread
SSDT 8A3101C8 ZwAlertThread
SSDT 8A3E7380 ZwAllocateVirtualMemory
SSDT 8A322450 ZwAssignProcessToJobObject
SSDT 8A5702A0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB4F73210]
SSDT 8A57AA78 ZwCreateMutant
SSDT 8A57D3F0 ZwCreateSymbolicLinkObject
SSDT 8A5C5768 ZwCreateThread
SSDT 8A321548 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB4F73490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB4F739F0]
SSDT 8A3E7618 ZwDuplicateObject
SSDT 8A532860 ZwFreeVirtualMemory
SSDT 8A35EB78 ZwImpersonateAnonymousToken
SSDT 8A578D58 ZwImpersonateThread
SSDT 8A6BA8E8 ZwLoadDriver
SSDT 8A5326C0 ZwMapViewOfSection
SSDT 8A391248 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xB4F737A0]
SSDT 8A3E78B0 ZwOpenProcess
SSDT 8A36E2B8 ZwOpenProcessToken
SSDT 8A31F548 ZwOpenSection
SSDT 8A3E7760 ZwOpenThread
SSDT 8A57DDC0 ZwProtectVirtualMemory
SSDT 8A3B89E0 ZwResumeThread
SSDT 8A3858E8 ZwSetContextThread
SSDT 8A5323E8 ZwSetInformationProcess
SSDT 8A3207D8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB4F73C40]
SSDT 8A34B050 ZwSuspendProcess
SSDT 8A3118E8 ZwSuspendThread
SSDT 8A6C1248 ZwTerminateProcess
SSDT 8A31C548 ZwTerminateThread
SSDT 8A38DB78 ZwUnmapViewOfSection
SSDT 8A532C70 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C00 8050449C 8 Bytes CALL 48DA75CC
.text ntkrnlpa.exe!ZwCallbackReturn + 2D54 805045F0 4 Bytes CALL 6CDAB19D
.text ntkrnlpa.exe!ZwCallbackReturn + 2F24 805047C0 4 Bytes CALL 16DA801D
.text ntkrnlpa.exe!ZwCallbackReturn + 2F60 805047FC 4 Bytes CALL 48DA9B24
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E69360, 0x32598D, 0xE8000020]
init C:\WINDOWS\system32\drivers\t3filt.sys entry point in "init" section [0xB51ECA40]
.rsrc C:\WINDOWS\system32\DRIVERS\tcpip.sys entry point in ".rsrc" section [0xB507BA94]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1280] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\System32\svchost.exe[1280] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 019D000A
.text C:\Program Files\a-squared Free\a2service.exe[1696] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00454E05 C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\WINDOWS\Explorer.EXE[2528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[2528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[2528] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 89B03D01
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\DRIVERS\tcpip.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
OTL Scans OTL.txt -- OTL logfile created on: 5/26/2010 3:23:39 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Home Main\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 5000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 187.06 Gb Free Space | 80.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-3E9584A244
Current User Name: Home Main
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Home Main\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe (Creative Technology Ltd)
PRC - C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Home Main\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
========== Driver Services (SafeList) ==========
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100518.002\IDSXpx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100524.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100524.002\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (t3) -- C:\WINDOWS\system32\drivers\t3.sys (Creative Technology Ltd.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (t3filt) -- C:\WINDOWS\system32\drivers\t3filt.sys (Creative)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\Pfmodnt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications Inc.)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (RPakIO) -- C:\WINDOWS\system32\drivers\RPakIO.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 120.143.250.8:80
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5.112
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,*.local"
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/04/26 14:33:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/16 16:06:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/24 19:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 17:40:50 | 000,000,000 | ---D | M]
[2008/12/17 19:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home Main\Application Data\Mozilla\Extensions
[2010/05/24 19:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home Main\Application Data\Mozilla\Firefox\Profiles\4szkwqpo.default\extensions
[2009/09/02 18:14:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home Main\Application Data\Mozilla\Firefox\Profiles\4szkwqpo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/18 04:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home Main\Application Data\Mozilla\Firefox\Profiles\4szkwqpo.default\extensions\[email protected]
[2010/05/24 19:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/04 09:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Reg Error: Value error. File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [CTAPR2] C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SPIRun] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193772215828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://remote.catsolns.com/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Home Main\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home Main\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 19:47:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/24 19:46:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/24 20:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home Main\Desktop\gmer
[2010/05/24 19:16:10 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home Main\Desktop\OTL.exe
[2010/05/24 19:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home Main\Desktop\backups
[2010/05/24 18:59:50 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Home Main\Desktop\HiJackThis.exe
[2010/05/24 18:42:38 | 000,979,792 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Home Main\Desktop\TDSSKiller.exe
[2010/05/24 18:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home Main\Desktop\tdsskiller
[2010/05/24 18:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home Main\Application Data\Malwarebytes
[2010/05/24 18:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/24 16:10:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Home Main\Recent
[2010/05/23 16:56:42 | 000,000,000 | ---D | C] -- C:\mozilla bookmarks
[2010/05/23 12:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/23 12:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/20 19:17:59 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/20 19:17:59 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/20 19:17:59 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/05/20 19:17:58 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/05/20 19:17:58 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/05/20 19:17:58 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/05/20 19:17:58 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/05/20 19:17:58 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/05/20 19:17:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/04/17 20:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home Main\Local Settings\Application Data\AskToolbar
[2010/04/17 20:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avery
[2010/04/17 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/16 16:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home Main\My Documents\Symantec
[2010/04/16 16:05:08 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/16 16:05:08 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/16 16:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/16 16:04:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/04/16 16:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/04/16 15:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/04/16 15:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/04/16 15:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/16 15:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/04/16 15:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/03 19:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/27 07:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/05/26 15:25:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/26 15:18:02 | 000,195,744 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/26 15:17:50 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/26 15:17:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/26 15:17:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/26 15:17:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 15:17:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 06:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/05/25 13:51:19 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Home Main\NTUSER.DAT
[2010/05/25 13:51:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Home Main\ntuser.ini
[2010/05/25 12:07:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/24 20:40:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Home Main\Desktop\gmer.exe
[2010/05/24 20:39:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Home Main\Desktop\gmer.zip
[2010/05/24 19:53:13 | 000,672,212 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/05/24 19:16:10 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home Main\Desktop\OTL.exe
[2010/05/24 18:59:50 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Home Main\Desktop\HiJackThis.exe
[2010/05/24 18:42:00 | 000,979,792 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Home Main\Desktop\TDSSKiller.exe
[2010/05/24 18:37:17 | 000,949,152 | ---- | M] () -- C:\Documents and Settings\Home Main\Desktop\tdsskiller.zip
[2010/05/24 18:25:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/24 16:30:18 | 006,917,388 | -H-- | M] () -- C:\Documents and Settings\Home Main\Local Settings\Application Data\IconCache.db
[2010/05/23 17:40:54 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/21 04:43:32 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/20 19:50:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/18 15:27:58 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/17 19:08:58 | 000,043,480 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/13 23:40:03 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/07 16:50:08 | 001,961,984 | ---- | M] () -- C:\Documents and Settings\Home Main\My Documents\Inventory management database.mdb
[2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/05 21:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/05 21:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/05 21:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/04 09:16:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/28 22:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/28 22:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/04/27 08:21:05 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/04/27 07:54:37 | 000,551,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/27 07:54:37 | 000,462,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/27 07:54:37 | 000,079,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/26 01:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/04/24 04:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/04/22 11:25:29 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Home Main\My Documents\Rent Comparison.xls
[2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/04/21 19:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/04/21 19:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/04/21 19:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/04/21 19:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/04/18 04:21:26 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/17 20:08:56 | 000,055,568 | ---- | M] () -- C:\Documents and Settings\Home Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/17 08:51:28 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Home Main\Desktop\CCleaner.lnk
[2010/04/16 16:05:08 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/16 16:05:08 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/16 16:05:08 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/16 16:05:07 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/16 16:03:49 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Home Main\Desktop\Norton Installation Files.lnk
[2010/04/15 14:22:39 | 000,497,125 | ---- | M] () -- C:\Documents and Settings\Home Main\My Documents\MGC 2009 PA-40 Schedule A-B.pdf
[2010/04/15 14:20:36 | 000,532,320 | ---- | M] () -- C:\Documents and Settings\Home Main\My Documents\MGC 2009 Tax Return PA-40.pdf
[2010/04/15 14:10:45 | 000,179,729 | ---- | M] () -- C:\Documents and Settings\Home Main\My Documents\MGC 2009 Tax Return Schedule B.pdf
[2010/04/15 14:07:51 | 000,266,065 | ---- | M] () -- C:\Documents and Settings\Home Main\My Documents\MGC 2009 Tax Return Form 1040.pdf
[2010/03/27 08:09:58 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Home Main\Desktop\Vz In-Home Agent.lnk
[2010/03/01 15:30:32 | 000,532,157 | ---- | M] () -- C:\Documents and Settings\Home Main\My Documents\DMR 2009 Tax Return PA-40.pdf
[2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/24 20:39:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Home Main\Desktop\gmer.zip
[2010/05/24 18:37:17 | 000,949,152 | ---- | C] () -- C:\Documents and Settings\Home Main\Desktop\tdsskiller.zip
[2010/05/24 18:25:18 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 17:40:54 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/21 04:43:02 | 000,672,212 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/05/20 19:17:59 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/05/20 19:17:59 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/05/20 19:17:59 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/05/20 19:17:59 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/05/20 19:17:59 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/20 19:17:59 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/20 19:17:58 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/05/20 19:17:58 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/05/20 19:17:58 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/05/20 19:17:58 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/05/20 19:17:58 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/05/20 19:17:58 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/05/20 19:17:58 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/05/20 19:17:58 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/05/20 19:17:58 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/05/20 19:17:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/05/20 19:17:37 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/18 15:27:58 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/27 08:21:04 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/04/27 08:21:04 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/04/22 11:25:29 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Home Main\My Documents\Rent Comparison.xls
[2010/04/17 20:03:54 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/16 16:05:08 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/16 16:05:08 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/16 16:04:50 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/04/16 15:50:37 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Home Main\Desktop\Norton Installation Files.lnk
[2010/04/15 14:22:39 | 000,497,125 | ---- | C] () -- C:\Documents and Settings\Home Main\My Documents\MGC 2009 PA-40 Schedule A-B.pdf
[2010/04/15 14:20:36 | 000,532,320 | ---- | C] () -- C:\Documents and Settings\Home Main\My Documents\MGC 2009 Tax Return PA-40.pdf
[2010/04/15 14:10:45 | 000,179,729 | ---- | C] () -- C:\Documents and Settings\Home Main\My Documents\MGC 2009 Tax Return Schedule B.pdf
[2010/04/15 14:07:51 | 000,266,065 | ---- | C] () -- C:\Documents and Settings\Home Main\My Documents\MGC 2009 Tax Return Form 1040.pdf
[2010/04/08 05:42:08 | 001,961,984 | ---- | C] () -- C:\Documents and Settings\Home Main\My Documents\Inventory management database.mdb
[2010/03/27 08:09:58 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Home Main\Desktop\Vz In-Home Agent.lnk
[2010/03/01 15:30:32 | 000,532,157 | ---- | C] () -- C:\Documents and Settings\Home Main\My Documents\DMR 2009 Tax Return PA-40.pdf
[2009/12/13 10:21:25 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini
[2009/12/13 10:21:12 | 000,033,080 | ---- | C] () -- C:\WINDOWS\System32\t3.ini
[2009/12/13 10:21:12 | 000,000,049 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/12/13 10:20:23 | 000,008,535 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2009/12/13 10:20:22 | 000,140,800 | R--- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2009/12/13 10:20:22 | 000,118,850 | ---- | C] () -- C:\WINDOWS\System32\CTPcie.dll
[2009/03/21 16:09:04 | 000,037,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\RPakIO.sys
[2008/10/21 14:57:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/25 21:48:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/25 21:48:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/25 21:48:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/25 21:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/25 21:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/04/21 14:53:43 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2008/02/10 20:12:44 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/02/10 18:18:36 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/02/10 18:18:35 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/02/10 18:18:32 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/02/10 18:18:32 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/02/05 19:59:58 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/02/05 19:51:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/02/05 19:50:44 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/01/31 16:59:02 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/31 16:59:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/18 12:35:26 | 000,000,172 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/06/24 20:31:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/24 20:14:42 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll
[2006/06/24 20:14:39 | 011,157,504 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll
[2006/06/24 20:14:38 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll
[2006/06/24 19:59:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2007/11/15 19:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/04/16 15:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/11/15 19:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/10/06 17:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/12/29 07:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/10/07 17:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home Main\Application Data\InterTrust
[2008/01/02 10:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home Main\Application Data\Nikon
[2009/12/09 22:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home Main\Application Data\Uniblue
[2008/07/10 17:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home Main\Application Data\vol_toolbar
[2010/05/26 06:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/06/24 19:47:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/07/24 10:24:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/06/24 19:47:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/17 19:21:59 | 000,000,135 | ---- | M] () -- C:\csb.log
[2006/06/24 19:47:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/06/24 19:47:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/10 14:27:31 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/24 19:27:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/26 15:17:17 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys
[2010/05/24 18:39:54 | 000,039,010 | ---- | M] () -- C:\TDSSKiller.2.3.0.0_24.05.2010_18.39.45_log.txt
[2008/08/11 07:37:16 | 000,000,146 | ---- | M] () -- C:\YServer.txt
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/06/25 03:20:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/25 03:20:19 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/25 03:20:19 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /180 >
[2009/12/25 16:58:42 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 09:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/04/16 16:05:08 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >
OTL Extras.txt -- OTL Extras logfile created on: 5/26/2010 3:23:39 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Home Main\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 5000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 187.06 Gb Free Space | 80.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-3E9584A244
Current User Name: Home Main
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.3
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 20
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}" = NVIDIA PhysX v8.07.18
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E8858EC-6B09-4939-99F2-5678073A0327}" = Microsoft Office Live Meeting 2005
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{761B52A7-F998-45B0-9018-BEA766118117}" = LightAnalyzer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 3.5
"AudioCS" = Creative Audio Control Panel
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Diagnostics 4_5" = Creative Diagnostics
"Google Updater" = Google Updater
"GRE POWERPREP" = GRE POWERPREP
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Host OpenAL" = Host OpenAL
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"oDMCam" = oDesk MiniCam 2.0.72
"oDShare" = oDesk Share 2.0.69
"oDSSnap" = oDesk ScreenSnap 2.0.111
"oDVT" = oDesk Team 2.0.121
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"RacePak DataLinkII" = RacePak DataLinkII
"SysInfo" = Creative System Information
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"Verizon Help and Support" = Verizon Help and Support Tool
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VLC media player" = VideoLAN VLC media player 0.8.6f
"vol_toolbar" = Verizon Broadband Toolbar
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = AT&T Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/26/2010 12:26:22 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 1:26:00 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 2:26:17 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 3:26:41 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 4:26:01 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 5:26:12 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 6:25:56 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 7:26:36 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 8:25:45 AM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
Error - 5/26/2010 6:25:05 PM | Computer Name = HOME-3E9584A244 | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 5/26/2010 7:52:17 AM | Computer Name = HOME-3E9584A244 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 5/26/2010 8:46:59 AM | Computer Name = HOME-3E9584A244 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 5/26/2010 8:47:21 AM | Computer Name = HOME-3E9584A244 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 5/26/2010 8:47:21 AM | Computer Name = HOME-3E9584A244 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 5/26/2010 9:06:22 AM | Computer Name = HOME-3E9584A244 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 5/26/2010 9:06:42 AM | Computer Name = HOME-3E9584A244 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 5/26/2010 9:06:42 AM | Computer Name = HOME-3E9584A244 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 5/26/2010 6:17:27 PM | Computer Name = HOME-3E9584A244 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 5/26/2010 6:17:47 PM | Computer Name = HOME-3E9584A244 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 5/26/2010 6:17:47 PM | Computer Name = HOME-3E9584A244 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
< End of report >