WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


being attacked by a virus!

2 posters

descriptionbeing attacked by a virus! Emptybeing attacked by a virus!5th February 2010, 1:53 am

more_horiz
help! my computer is infected with wormLsas.blaster.keyloger.
it seems that every program is infected!

descriptionbeing attacked by a virus! EmptyRe: being attacked by a virus!5th February 2010, 2:14 am

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
being attacked by a virus! DXwU4
being attacked by a virus! VvYDg

descriptionbeing attacked by a virus! Emptybeing attacked by a virus!5th February 2010, 1:30 pm

more_horiz
HI! I cannot download the program to my desktop. My desktop is cleared of all icons and is a different color than it usually is. I downloaded the program to My Documents, but got a message that it was infected and wouldn't run. Now I'm freaking out.

descriptionbeing attacked by a virus! EmptyRe: being attacked by a virus!5th February 2010, 4:49 pm

more_horiz
Rename OTL.exe to explorer.exe and see if it will run now.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
being attacked by a virus! DXwU4
being attacked by a virus! VvYDg

descriptionbeing attacked by a virus! Emptybeing attacked by a virus!5th February 2010, 5:31 pm

more_horiz
Okay, that worked! and both logs are in My Documents. When I click on them a security warning comes up that notebook is infected and when I right click to copy them, it won't let me paste them here. argh.

descriptionbeing attacked by a virus! EmptyRe: being attacked by a virus!5th February 2010, 6:44 pm

more_horiz
Can you open them in Wordpad instead of Notepad?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
being attacked by a virus! DXwU4
being attacked by a virus! VvYDg

descriptionbeing attacked by a virus! Emptybeing attacked by a virus!5th February 2010, 9:43 pm

more_horiz
nope. i get a message that says wordpad is infected.

descriptionbeing attacked by a virus! EmptyRe: being attacked by a virus!5th February 2010, 10:24 pm

more_horiz
Can you transfer the log file over from the infected machine to a working machine via USB and post it from there?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
being attacked by a virus! DXwU4
being attacked by a virus! VvYDg

descriptionbeing attacked by a virus! Emptyattacked by virus!6th February 2010, 2:05 am

more_horiz
okay - log #1
OTL Extras logfile created on: 2/5/2010 12:18:38 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 102.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 42.85 Gb Free Space | 38.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MILLER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN\MSNCoreFiles\msn.exe" = C:\Program Files\MSN\MSNCoreFiles\msn.exe:*:Enabled:msn -- File not found
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1137537220\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1137537220\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1137537220\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1137537220\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found
"C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe" = C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe:*:Enabled:ZyXEL G-220 v2 Wireless Adapter Utility -- (ZyXEL Communications Corp.)
"C:\Program Files\Cartoon Network\Ben 10 Bounty Hunters\RT_Multiplayer.exe" = C:\Program Files\Cartoon Network\Ben 10 Bounty Hunters\RT_Multiplayer.exe:*:Enabled:RT_Multi Application -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B5F5D71-117C-4381-98AC-9DBDAD5AE1B6}" = MSN Toolbar Platform
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF00A0-F17B-11D6-88EA-000476CD2443}(Verizon Online)" = Visual IP InSight(Verizon Online)
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH®️ Jukebox
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62C3CFD3-4B1C-4C8F-8C2E-9B13B66768AB}" = ZyXEL G-220 v2 Wireless Adapter Utility
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C46B4678-0F42-4791-9D19-BE01BB3DD358}" = Roxio Easy DVD Copy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D76E927F-E292-434B-9661-3858F5D7BF63}" = EPSON PhotoCenter
"{D87D6386-3C2D-4239-9780-3418FB7B0E94}" = Print Lab Series
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5B26C1E-4751-4F03-BC18-634F41F31EC6}" = DoMore
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"5A137FCB-35EA-4849-8239-AFEBD2F45B3B" = Otto from Gateway (remove only)
"618CD711-AFB3-4EB4-9B48-ABD2AB370B21" = Slyder from Gateway (remove only)
"A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24" = Overball from Gateway (remove only)
"ADFCE1E4-A420-437C-998D-EAF04E3601BE" = Excavation from Gateway (remove only)
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Arthur's Thinking Games" = Arthur's Thinking Games
"BECB8A74-E07D-44A1-813D-1E390EB3047B" = Orbital from Gateway (remove only)
"C4D2212B-5331-470D-9BF7-96DB25A398C7" = Polar Bowler from Gateway (remove only)
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Driver" = Creative Driver
"Dora's Lost and Found Adventure" = Dora's Lost and Found Adventure
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPN RunTime" = ESPN RunTime
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"Intel(R) 537EP Data Fax Modem" = Intel(R) 537EP Data Fax Modem
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MWASPI" = MicroStaff WINASPI
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Photon" = Professor Franklin
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PROR" = Microsoft Office Professional 2007 Trial
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"RRF.exe" = Reader Rabbit's 1st Grade
"SFlyStudio" = Shutterfly Studio
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = ESPR320 Reference Guide
"SLAMRMO" = Smart Link 56K Modem
"TTB000001.TTB000001Toolbar" = CouponBar
"UnityWebPlayer" = Unity Web Player
"Verizon.MCCInstall" = Verizon Online Support Center
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.190
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2010 6:33:33 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 6:07:53 PM | Computer Name = MILLER | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module qdvd.dll, version 6.5.2600.5512, fault address 0x000255ef.

Error - 1/18/2010 7:51:21 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 7:49:56 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:39:11 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:40:21 PM | Computer Name = MILLER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 11:30:40 AM | Computer Name = MILLER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18854, fault address 0x000d6a3b.

Error - 1/20/2010 11:31:08 AM | Computer Name = MILLER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18854, fault address 0x000d6a3b.

[ OSession Events ]
Error - 8/13/2009 5:13:34 PM | Computer Name = MILLER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 600
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/13/2009 5:14:14 PM | Computer Name = MILLER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/25/2009 7:04:54 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 7:56:06 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 8:53:08 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 9:50:20 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 10:24:43 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/25/2009 11:03:04 PM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/26/2009 12:00:56 AM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/26/2009 12:54:58 AM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/26/2009 1:46:50 AM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/26/2009 3:29:03 AM | Computer Name = MILLER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.


< End of report >

descriptionbeing attacked by a virus! Emptybeing attacked by a virus!6th February 2010, 2:07 am

more_horiz
log #2

OTL logfile created on: 2/5/2010 12:18:38 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 102.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 42.85 Gb Free Space | 38.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MILLER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/05 08:26:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\explorer.exe
PRC - [2010/02/03 23:43:45 | 001,060,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\87231324\87231324.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/12/11 20:39:30 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/11 20:37:42 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/01 00:59:48 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/04/19 10:58:49 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/19 10:58:49 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/05/06 19:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files\Shutterfly\Studio\Bin\SFlyStudio.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2007/01/19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/09/12 14:44:02 | 010,891,264 | ---- | M] (ZyXEL Communications Corp.) -- C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe
PRC - [2006/03/09 15:29:00 | 000,143,436 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe
PRC - [2005/05/19 13:55:58 | 000,101,888 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\ESPNRunTime\DIGServices.exe
PRC - [2005/05/18 14:49:24 | 000,282,624 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\DIGStream\digstream.exe
PRC - [2003/12/17 11:57:08 | 000,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2003/12/12 18:55:06 | 000,053,248 | ---- | M] (TODO: ) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2003/11/21 21:02:42 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
PRC - [2003/06/24 21:33:00 | 000,303,180 | ---- | M] (Gateway) -- C:\Program Files\Gateway Utilities\GWInkMonitor.exe
PRC - [2003/06/07 06:32:32 | 000,050,688 | ---- | M] (Microsoft®️ Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2003/01/21 16:34:42 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\cthelper.exe
PRC - [2002/03/18 05:34:42 | 000,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
PRC - [2002/03/18 05:34:42 | 000,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\ipmon32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/05 08:26:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\explorer.exe
MOD - [2003/01/21 16:34:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\ctagent.dll
MOD - [2002/03/18 05:34:42 | 000,094,208 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\iphook32.dll
MOD - [2000/06/15 15:32:24 | 000,036,864 | ---- | M] (Tartan Software) -- C:\Program Files\Gateway Utilities\inkpeek.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/05 08:54:23 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/11 20:42:22 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/04/19 10:58:49 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/03/09 15:29:00 | 000,143,436 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/02 16:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINNT\system32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/08/28 21:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/17 10:03:30 | 000,402,944 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\WlanGZXP.SYS -- (ZG760_XP)
DRV - [2006/08/17 10:03:30 | 000,019,072 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto | Running] -- C:\WINNT\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2006/07/05 13:10:23 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/07/05 13:10:23 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/03/09 15:29:00 | 003,650,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/19 19:45:31 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/04 00:41:44 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/04 00:41:42 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/04 00:41:39 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/04 00:41:39 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004/08/04 00:41:38 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/04 00:41:37 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/12/03 17:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/08/03 23:16:08 | 000,120,094 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/08/03 23:16:00 | 000,096,858 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2003/08/03 23:15:04 | 000,091,419 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/07/16 15:52:40 | 000,050,805 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/07/16 15:52:28 | 001,075,685 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/07/16 15:51:56 | 000,481,305 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/07/16 15:51:28 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/07/02 19:00:00 | 000,274,816 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2003/03/31 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/18 11:00:54 | 000,542,976 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/03/04 11:56:26 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2003/01/21 16:14:26 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/01/21 16:14:16 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/01/21 16:14:00 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/01/21 16:13:52 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/01/21 16:13:40 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/01/21 16:12:20 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/01/21 16:12:08 | 000,139,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/01/21 16:11:50 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/21 10:10:14 | 000,286,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/17 01:19:32 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/04/01 11:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 A1 44 24 AD A2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\Firefox [2009/11/20 17:19:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/11/20 17:19:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/15 20:42:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/04 22:26:14 | 000,000,000 | ---D | M]

[2009/08/13 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/19 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o16931wn.default\extensions
[2009/08/14 18:18:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o16931wn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/19 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o16931wn.default\extensions\ChoiceGuard@Microsoft
[2009/08/13 20:06:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2009/08/13 19:52:37 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [56730728] C:\Documents and Settings\All Users\Application Data\56730728\56730728.exe ()
O4 - HKLM..\Run: [87231324] C:\Documents and Settings\All Users\Application Data\87231324\87231324.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINNT\System32\cthelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway Utilities\GWInkMonitor.exe (Gateway)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft®️ Corporation)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: )
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINNT\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-220 v2 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe (ZyXEL Communications Corp.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} http://www.errorguard.com/installation/Install.cab (CInstall Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Word Racer http://download.games.yahoo.com/games/clients/y/wt1_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (OldTimer Tools)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/05 09:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/05 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/05 08:26:29 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\explorer.exe
[2010/02/05 08:24:23 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/04 20:50:49 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\winlogon.scr
[2010/02/03 23:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\56730728
[2010/02/03 23:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\87231324
[2010/02/02 11:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/29 09:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\amelia faces 1.27.10
[2010/01/15 12:19:24 | 000,230,808 | R--- | C] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
[2010/01/13 15:50:24 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINNT\System32\drivers\BVRPMPR5.SYS
[2010/01/13 15:49:29 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/01/13 10:07:53 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aclayers.dll
[2010/01/07 15:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\'08_05_03_01
[2010/01/07 14:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\project365
[2010/01/07 13:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\aj 12.09
[2010/01/07 13:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\circus school12.30.09
[2009/11/20 19:00:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/20 19:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/20 17:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/09/22 11:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/07 09:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Viewpoint
[2007/02/06 14:21:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/12/31 21:55:15 | 000,090,112 | R--- | C] ( ) -- C:\WINNT\System32\SCCD3X02.DLL
[2003/10/16 10:58:42 | 000,014,976 | ---- | C] ( ) -- C:\WINNT\System32\drivers\winddx.sys
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/05 12:13:31 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 12:12:48 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Security Tool.lnk
[2010/02/05 12:12:45 | 000,049,980 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2010/02/05 12:12:44 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 12:12:42 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/02/05 12:12:40 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/02/05 12:12:39 | 535,613,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/05 12:11:53 | 000,030,036 | ---- | M] () -- C:\WINNT\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.rfx
[2010/02/05 12:11:53 | 000,030,036 | ---- | M] () -- C:\WINNT\System32\BMXState-{00000001-00000000-00000001-00001102-00000004-10061102}.rfx
[2010/02/05 12:11:53 | 000,029,760 | ---- | M] () -- C:\WINNT\System32\BMXCtrlState-{00000001-00000000-00000001-00001102-00000004-10061102}.rfx
[2010/02/05 12:11:53 | 000,029,760 | ---- | M] () -- C:\WINNT\System32\BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000004-10061102}.rfx
[2010/02/05 12:11:53 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settingsbkup.sfm
[2010/02/05 12:11:53 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settings.sfm
[2010/02/05 12:11:53 | 000,000,288 | ---- | M] () -- C:\WINNT\System32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
[2010/02/05 12:11:53 | 000,000,288 | ---- | M] () -- C:\WINNT\System32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
[2010/02/05 12:11:40 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/05 12:11:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/05 12:11:30 | 004,481,358 | ---- | M] () -- C:\WINNT\{00000001-00000000-00000001-00001102-00000004-10061102}.CDF
[2010/02/05 08:26:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\explorer.exe
[2010/02/05 08:24:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/04 20:50:50 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\winlogon.scr
[2010/02/03 23:44:15 | 001,060,352 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\install.exe
[2010/02/03 07:46:37 | 000,043,178 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/02/03 07:46:21 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sweep.doc
[2010/02/03 07:41:27 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2010/02/02 11:45:07 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/30 00:46:46 | 000,583,762 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ticket for bus.mht
[2010/01/29 09:02:08 | 000,029,264 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
[2010/01/28 16:09:28 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/27 23:50:02 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/01/21 13:30:47 | 000,139,422 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Miller, Kath Elem 1-20-10[1].pdf
[2010/01/21 11:59:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dear dad.doc
[2010/01/15 12:19:24 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
[2010/01/15 12:19:23 | 000,230,808 | ---- | M] (Coupons, Inc.) -- C:\WINNT\System32\cpnprt2.cid
[2010/01/15 00:39:06 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/01/14 00:39:30 | 001,918,235 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC01078.JPG
[2010/01/14 00:38:36 | 001,819,132 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC01076.JPG
[2010/01/13 18:16:42 | 000,005,880 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Router_Setup.html
[2010/01/12 17:10:25 | 000,304,186 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pizsza1.wav
[2010/01/12 17:03:40 | 000,950,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\aj sijn gs.wav
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/05 09:08:50 | 000,000,886 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 08:54:34 | 000,000,882 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/03 23:44:42 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Security Tool.lnk
[2010/02/03 23:44:12 | 001,060,352 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\install.exe
[2010/02/03 07:46:21 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sweep.doc
[2010/02/02 11:45:07 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/30 00:46:40 | 000,583,762 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ticket for bus.mht
[2010/01/21 13:30:47 | 000,139,422 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Miller, Kath Elem 1-20-10[1].pdf
[2010/01/21 11:59:09 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dear dad.doc
[2010/01/14 00:39:30 | 001,918,235 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC01078.JPG
[2010/01/14 00:38:36 | 001,819,132 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC01076.JPG
[2010/01/13 16:24:06 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Router Login.url
[2010/01/13 16:24:01 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Router_Setup.html
[2010/01/12 17:10:25 | 000,304,186 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pizsza1.wav
[2010/01/12 17:03:40 | 000,950,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\aj sijn gs.wav
[2009/01/17 16:10:56 | 000,000,107 | ---- | C] () -- C:\WINNT\TLCAPPS.INI
[2008/02/28 13:32:02 | 000,000,043 | ---- | C] () -- C:\WINNT\spookydisplay.ini
[2008/02/28 13:31:59 | 000,063,488 | ---- | C] () -- C:\WINNT\xobglu16.dll
[2008/02/28 13:31:59 | 000,023,552 | ---- | C] () -- C:\WINNT\xobglu32.dll
[2007/10/04 21:50:58 | 000,000,031 | -H-- | C] () -- C:\WINNT\uccspecc.sys
[2007/07/18 08:01:09 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\InsDrvZD.dll
[2007/07/18 08:01:09 | 000,015,872 | ---- | C] () -- C:\WINNT\System32\InsDrvZD64.DLL
[2007/07/18 08:01:08 | 000,001,162 | ---- | C] () -- C:\WINNT\System32\W32N55.INI
[2007/07/18 08:01:05 | 000,000,008 | -HS- | C] () -- C:\WINNT\System32\drivers\_desktop.ini
[2007/07/18 08:01:05 | 000,000,008 | -HS- | C] () -- C:\WINNT\System32\_desktop.ini
[2007/07/10 22:00:44 | 000,000,097 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2007/03/30 13:31:20 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\dec_jl6.dll
[2007/02/22 21:02:54 | 000,006,048 | ---- | C] () -- C:\WINNT\System32\MCC16.dll
[2006/07/19 13:10:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\imageCache7.db
[2006/06/13 15:02:11 | 000,000,089 | ---- | C] () -- C:\WINNT\QTW.INI
[2006/03/20 14:58:46 | 000,000,344 | ---- | C] () -- C:\WINNT\hpipcopy.INI
[2006/03/09 15:29:00 | 000,573,440 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
[2006/03/09 15:29:00 | 000,098,304 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
[2006/01/17 16:49:22 | 000,000,028 | ---- | C] () -- C:\WINNT\atid.ini
[2005/11/09 11:27:26 | 000,002,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/12 17:13:49 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2005/04/02 16:08:47 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/28 19:26:34 | 000,029,264 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
[2005/01/29 15:08:12 | 000,000,022 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini
[2005/01/29 14:51:50 | 000,000,058 | ---- | C] () -- C:\WINNT\System32\EAL32.INI
[2005/01/29 14:51:41 | 000,000,044 | ---- | C] () -- C:\WINNT\EPSPR320.ini
[2004/12/31 21:55:15 | 000,131,072 | R--- | C] () -- C:\WINNT\System32\SCCD3X01.DLL
[2004/12/23 22:13:49 | 000,000,048 | ---- | C] () -- C:\WINNT\WININIT.INI
[2004/10/29 16:50:00 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2004/10/29 16:50:00 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2004/10/29 16:50:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2004/10/25 18:31:42 | 000,001,682 | -HS- | C] () -- C:\WINNT\System32\KGyGaAvL.sys
[2004/10/25 18:31:42 | 000,000,056 | RHS- | C] () -- C:\WINNT\System32\A6A088FB89.sys
[2004/08/30 16:41:42 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2004/08/05 13:11:04 | 000,001,043 | ---- | C] () -- C:\WINNT\hegames.ini
[2004/08/02 15:59:36 | 000,001,343 | ---- | C] () -- C:\WINNT\DISNEY.INI
[2004/07/13 20:12:19 | 000,002,404 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/07/02 17:53:08 | 000,000,000 | ---- | C] () -- C:\WINNT\PrintWiz.INI
[2004/07/02 07:15:12 | 000,185,344 | R--- | C] () -- C:\WINNT\FRANKCAL.DLL
[2004/03/30 20:16:45 | 000,000,751 | ---- | C] () -- C:\WINNT\Rtcwplat.INI
[2004/03/22 21:28:12 | 000,210,944 | ---- | C] () -- C:\WINNT\System32\MSVCRT10.DLL
[2004/03/22 21:28:12 | 000,000,163 | ---- | C] () -- C:\WINNT\KPCMS.INI
[2004/03/22 21:28:10 | 000,100,864 | ---- | C] () -- C:\WINNT\System32\Dc50ip32.dll
[2004/03/22 21:28:10 | 000,065,864 | ---- | C] () -- C:\WINNT\System32\Digita.sys
[2004/03/22 21:28:10 | 000,006,144 | ---- | C] () -- C:\WINNT\System32\ImgLibLead.dll
[2004/03/22 21:21:29 | 000,306,688 | ---- | C] () -- C:\WINNT\System32\Lffpx7.dll
[2004/03/22 21:21:29 | 000,095,232 | ---- | C] () -- C:\WINNT\System32\Lfkodak.dll
[2004/03/06 18:08:06 | 000,000,043 | ---- | C] () -- C:\WINNT\encore_launcher.ini
[2004/02/22 04:57:12 | 000,000,000 | ---- | C] () -- C:\WINNT\ka.ini
[2004/01/18 18:19:08 | 000,030,208 | ---- | C] () -- C:\WINNT\System32\WNASPI32.DLL
[2004/01/18 18:19:08 | 000,000,283 | ---- | C] () -- C:\WINNT\msfsetup.ini
[2004/01/18 18:10:35 | 000,003,654 | ---- | C] () -- C:\WINNT\System32\drivers\Sonyhcp.dll
[2004/01/11 17:25:53 | 000,043,178 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2004/01/01 09:01:08 | 000,089,088 | ---- | C] () -- C:\WINNT\System32\hpgt33.dll
[2003/12/14 14:16:31 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/10/16 10:58:42 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\SLLights.dll
[2003/10/16 10:58:42 | 000,151,552 | ---- | C] () -- C:\WINNT\System32\amr_cpl.dll
[2003/10/15 10:15:29 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\coinst.dll
[2003/10/14 16:56:53 | 000,000,825 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/10/14 16:56:05 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/10/14 16:53:24 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/10/14 16:50:22 | 000,094,208 | ---- | C] () -- C:\WINNT\System32\PCDrKernelModeServices.dll
[2003/10/14 16:50:22 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/10/14 16:49:24 | 000,000,571 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 14:57:12 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 14:40:33 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/06/13 12:31:00 | 001,466,368 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2003/06/13 12:31:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2003/01/21 16:18:20 | 000,003,680 | ---- | C] () -- C:\WINNT\System32\aud2_gw.ini
[2003/01/21 16:18:20 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\ctzapxx.ini
[2003/01/21 16:09:42 | 000,052,992 | ---- | C] () -- C:\WINNT\System32\upddrv9x.dll
[2002/06/14 09:19:22 | 000,000,180 | ---- | C] () -- C:\WINNT\System32\kill.ini
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINNT\System32\drivers\SbcpHid.sys
[2001/07/26 17:39:50 | 000,000,092 | ---- | C] () -- C:\WINNT\System32\editinf.ini
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:773DA865
< End of report >

descriptionbeing attacked by a virus! EmptyRe: being attacked by a virus!6th February 2010, 8:11 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/02/03 23:43:45 | 001,060,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\87231324\87231324.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
    O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINNT\CouponBarIE.dll (Coupons, Inc.)
    O4 - HKLM..\Run: [56730728] C:\Documents and Settings\All Users\Application Data\56730728\56730728.exe ()
    O4 - HKLM..\Run: [87231324] C:\Documents and Settings\All Users\Application Data\87231324\87231324.exe ()
    O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - Reg Error: Value error. File not found
    [2010/02/03 23:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\56730728
    [2010/02/03 23:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\87231324[2010/01/15 12:19:24 | 000,230,808 | R--- | C] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
    [2010/02/05 12:12:48 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Security Tool.lnk



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
being attacked by a virus! DXwU4
being attacked by a virus! VvYDg

descriptionbeing attacked by a virus! Emptybeing attacked by a virus!6th February 2010, 9:05 pm

more_horiz
okay! did that. I saw in the text that exe was killed successfully. could that be true? is there anything else? thank you for your help.

descriptionbeing attacked by a virus! EmptyRe: being attacked by a virus!7th February 2010, 1:00 am

more_horiz
Were you able to get the log?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
being attacked by a virus! DXwU4
being attacked by a virus! VvYDg

descriptionbeing attacked by a virus! EmptyRe: being attacked by a virus!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum