Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Annoying popups and audio

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Annoying popups and audio

Unread postby nodzoff » January 4th, 2009, 11:44 am

Dear Gentle Malware removal person,

This is my wife's computer, an older Dell PC running Windows XP, CA antivirus, and Windows Defender. She is running the old Internet Explorer version 6, sp3. While surfing the internet last evening, we hit a bad link and were hit by a barrage of pop-up ads and even an audio clip promoting Game Fly ( I think). We ran our anti virus scan, which found nothing of note. At some point, Windows Defender alerted and identified a Trojan Downloader: Renos.gen!BB and an unidentified threat. I downloaded and ran MalwareBytes which found and removed about thirteen issues, primarily Trojan:FakeAlert and AdWare:Minibug. We ran another virus scan while we were sleeping. Woke up this morning and we still have the audio clip running from time to time, still no virus alert.

I installed Google Chrome. Installed and renamed HiJack this, ran a scan and ran an uninstall list. Both are copied in the following.

We sincerely appreciate your assistance in getting this fixed.

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:45 AM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Documents and Settings\susan\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\0PHUKU8h.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Documents and Settings\susan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\susan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\susan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\susan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\ScanMe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.hiwaay.net/~jhaddock/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\susan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\susan\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {401F2F3A-8C56-4736-8C9E-37854F174AC9} (ProjectPoint Document) - https://folders.buzzsaw.com/!/download/ ... -SL-EN.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://131.204.163.245/activex/AxisCamControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://altera.webex.com/client/v_myweb ... eatgpc.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 13058 bytes

Uninstall List:

25,000 Events & Celebrations Clip Art
3ds max 6
3ds max 6 Architectural Materials
3ds max 6 Reference Files
3ds max 6 Sdk
Active Disk
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AlgePASS Concepts and Applications
AOL Instant Messenger
Apple Software Update
Autodesk Streamline 5.0.888.25
BCM V.92 56K Modem
Brother HL-2070N
Button Builder Pro v1.0.72
CA Anti-Virus
CA Anti-Virus
Capture NX 2
character studio 4.2
COSMOSFloWorks
COSMOSMotion 2006 SP04.1
COSMOSWorks 2006 SP04.1
DAO
Dell Media Experience
Dell Photo Printer 720
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center
DellSupport
DivX Player
DivX Pro Trial
Dr. DivX Trial
DrawPlus 3.0
DS21Patch
DVDSentry
DWGeditor
EarthLink Setup Files
eDrawings 2006
ExamView Pro
FileZilla (remove only)
FinePixViewer Ver.4.1
FUJIFILM USB Driver
Glencoe PuzzleMaker 2.0
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Graph paper printer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IB Questionbank Mathematics Higher and Standard Level
ImageMixer VCD2 for FinePix
InteGrade Pro
Intel NetportExpress Software
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Interactive Chalkboard (Algebra 2)
IomegaWare 4.0.3
Java 2 Runtime Environment, SE v1.4.2
Kaspersky Online Scanner
Malwarebytes' Anti-Malware
MathType 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft Office Visio Standard 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
MicroStaff WINASPI
Modem Helper
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
National Instruments Software
NI EULA Depot
NI MDF Support
Nikon Message Center
Nikon Transfer
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
Picture Control Utility
PowerDVD
PrintMaster
QuickTime
Quicktime Browser Plug-In
RAW FILE CONVERTER LE
RCA Detective 2.0.0.95
RCA Memory Manager 2.1.0.118
RCA Memory Manager™ 2.1.0.204
RealOne Player
SafeCast Shared Components
screensaver2004
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Sketchpad
SolidWorks 2006-2007 Student Edition
SolidWorks Curriculum and Courseware (2006-2007)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Star Wars®: Knights of the Old Republic (TM)
TeacherWorks
TestCheck
TI Connect 1.6
TournaMaster
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebEx
West Point Bridge Designer 2006
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Xvid Codec 1.1.3
nodzoff
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 9:57 pm
Location: Alabama Rocket City
Advertisement
Register to Remove

Re: Annoying popups and audio

Unread postby Rodav » January 7th, 2009, 7:55 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Annoying popups and audio

Unread postby Rodav » January 7th, 2009, 8:03 pm

Step 1:
I would like to see the log from Malwarebytes when it removed those items:
Open Malwarebytes and select the Logs tab, then highlight the fist log and click Open. Copy and paste this into your next reply.

Step 2:
Download to your desktop DDS from one of the links below:

Link1
Link2
Link3
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Annoying popups and audio

Unread postby nodzoff » January 7th, 2009, 11:30 pm

First, thank you for your time and attention.

As mentioned in my 72-hour bump request, the audio file has stopped playing. I just noticed the clock and calendar are incorrect. We had a power hiccup today, maybe that had something to do with it.

I executed the steps you requested and have copied the logs in the following. First is the MalwareBytes log:

Malwarebytes' Anti-Malware 1.31
Database version: 1607
Windows 5.1.2600 Service Pack 3

1/3/2009 11:03:09 PM
mbam-log-2009-01-03 (23-03-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 218296
Time elapsed: 1 hour(s), 16 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
C:\Documents and Settings\susan\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5d2631e5-8696-7543-50b2-f674cd4308eb} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\susan\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\susan\Local Settings\Temp\~tmpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\0PHUKU8h.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\susan\Local Settings\Temp\a.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\susan\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\susan\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Next, the DDS reports:


DDS (Ver_09-01-07.01) - NTFSx86
Run by jhaddock at 8:54:10.34 on Fri 09/19/2003
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.408 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jhaddock\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://slashdot.org/
uDefault_Page_URL = hxxp://www.dellnet.com
mDefault_Page_URL = hxxp://www.dellnet.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CAVRID] "c:\program files\ca\etrust ez armor\etrust ez antivirus\CAVRID.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\VetRedir.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-10-20 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-10-20 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2007-10-20 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-10-20 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-10-20 32240]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2007-10-20 108368]
R4 CAISafe;CAISafe;c:\program files\ca\etrust ez armor\etrust ez antivirus\isafe.exe [2007-4-19 144696]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-8-17 822424]
R4 VETMSGNT;VET Message Service;c:\program files\ca\etrust ez armor\etrust ez antivirus\vetmsg.exe [2007-4-19 255216]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-10-5 13592]
S3 cdrmkaun;cdrmkaun;c:\docume~1\stephen\locals~1\temp\cdrmkaun.sys [2002-2-19 15872]

=============== Created Last 30 ================

2003-09-19 08:51 <DIR> --d----- c:\docume~1\jhaddock\applic~1\Malwarebytes
2003-09-17 13:01 844,314 -------- c:\windows\system32\msdxm.ocx
2003-09-17 02:25 10,834,944 -------- c:\windows\system32\dllcache\wmp.dll
2003-08-28 10:57 155,136 -------- c:\windows\system32\itircl.dll
2003-08-27 04:10 524,288 a------- c:\windows\opuc.dll
2003-08-25 19:12 8,059 -------- c:\windows\system32\KB824146.CAT
2003-08-25 19:06 198,424 -------- c:\windows\system32\iuengine.dll
2003-08-25 19:06 198,424 -------- c:\windows\system32\dllcache\iuengine.dll

==================== Find3M ====================

2008-08-19 21:18 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2008-08-19 19:52 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLck.DAT
2008-08-19 19:27 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2003-08-29 04:59 151,552 a------- c:\windows\BCMSMU.exe
2003-08-29 04:59 122,880 a------- c:\windows\BCMSMMSG.exe
2003-08-29 04:59 1,101,696 -------- c:\windows\system32\drivers\BCMSM.sys
2003-08-29 04:59 57,344 a------- c:\windows\BCMSMD2K.exe
2003-08-29 04:59 122,880 -------- c:\windows\system32\BCMSMI32.dll
2003-08-29 04:59 49,152 -------- c:\windows\system32\BCMSM168.dll
2003-08-21 02:00 77,824 -------- c:\windows\system32\BROSNMP.DLL
2003-08-19 02:01 49,152 -------- c:\windows\system32\umloader.dll
2003-08-13 11:27 28,672 -------- c:\windows\system32\DSentry.exe
2003-08-06 02:04 98,352 a------- c:\windows\dla.exe
2003-08-06 02:04 61,492 -------- c:\windows\system32\tfswapi.dll
2003-07-31 04:21 84,576 -------- c:\windows\system32\drivers\drvmcdb.sys
2003-07-30 03:02 17,168 -------- c:\windows\system32\drivers\pxhelp20.sys
2003-07-28 02:02 86,016 -------- c:\windows\system32\pxwma.dll
2003-07-07 12:41 33,792 a------- c:\windows\oeuninst.exe
2003-07-03 02:08 65,536 -------- c:\windows\system32\BRWEBUP.EXE
2003-06-25 18:24 299,008 -------- c:\windows\system32\FE05F051.dll

============= FINISH: 8:55:19.40 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/29/2003 11:56:06 PM
System Uptime: 9/19/2003 1:43:52 AM (7 hours ago)

Motherboard: Dell Computer Corp. | | 0M2035
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Microprocessor | 2593/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 42.623 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1865: 10/9/2008 8:34:54 PM - Software Distribution Service 3.0
RP1866: 10/10/2008 3:59:20 PM - Software Distribution Service 3.0
RP1867: 10/11/2008 4:12:38 PM - System Checkpoint
RP1868: 10/12/2008 4:18:52 PM - System Checkpoint
RP1869: 10/13/2008 4:42:52 PM - System Checkpoint
RP1870: 10/14/2008 5:19:59 PM - System Checkpoint
RP1871: 10/15/2008 3:00:24 AM - Software Distribution Service 3.0
RP1872: 10/16/2008 3:33:54 AM - System Checkpoint
RP1873: 10/17/2008 1:41:46 AM - Software Distribution Service 3.0
RP1874: 10/18/2008 2:25:57 AM - System Checkpoint
RP1875: 10/19/2008 3:30:19 AM - System Checkpoint
RP1876: 10/20/2008 4:13:59 AM - System Checkpoint
RP1877: 10/21/2008 5:25:55 AM - System Checkpoint
RP1878: 10/22/2008 6:25:58 AM - System Checkpoint
RP1879: 10/23/2008 7:14:00 AM - System Checkpoint
RP1880: 10/24/2008 1:41:37 AM - Software Distribution Service 3.0
RP1881: 10/24/2008 3:00:25 AM - Software Distribution Service 3.0
RP1882: 10/25/2008 11:01:32 AM - System Checkpoint
RP1883: 10/26/2008 11:21:41 AM - System Checkpoint
RP1884: 10/27/2008 12:11:35 PM - System Checkpoint
RP1885: 10/28/2008 1:11:38 PM - System Checkpoint
RP1886: 10/29/2008 1:47:43 AM - Software Distribution Service 3.0
RP1887: 10/30/2008 3:11:36 AM - System Checkpoint
RP1888: 10/31/2008 1:47:36 AM - Software Distribution Service 3.0
RP1889: 11/1/2008 1:52:56 AM - System Checkpoint
RP1890: 11/2/2008 1:30:45 AM - System Checkpoint
RP1891: 11/3/2008 6:06:47 AM - System Checkpoint
RP1892: 11/4/2008 7:42:47 AM - System Checkpoint
RP1893: 11/5/2008 1:31:31 AM - Software Distribution Service 3.0
RP1894: 11/6/2008 1:31:50 AM - System Checkpoint
RP1895: 11/6/2008 4:45:54 PM - Software Distribution Service 3.0
RP1896: 11/7/2008 2:11:11 PM - Software Distribution Service 3.0
RP1897: 11/8/2008 6:06:41 PM - System Checkpoint
RP1898: 11/9/2008 7:18:45 PM - System Checkpoint
RP1899: 11/10/2008 9:41:20 PM - System Checkpoint
RP1900: 11/11/2008 10:49:18 PM - System Checkpoint
RP1901: 11/12/2008 11:30:46 PM - System Checkpoint
RP1902: 11/13/2008 1:39:32 AM - Software Distribution Service 3.0
RP1903: 11/13/2008 3:00:20 AM - Software Distribution Service 3.0
RP1904: 11/14/2008 1:55:44 AM - Software Distribution Service 3.0
RP1905: 11/15/2008 10:50:00 AM - System Checkpoint
RP1906: 11/16/2008 12:25:57 PM - System Checkpoint
RP1907: 11/17/2008 1:25:55 PM - System Checkpoint
RP1908: 11/18/2008 3:25:59 PM - System Checkpoint
RP1909: 11/19/2008 4:15:01 PM - System Checkpoint
RP1910: 11/20/2008 1:54:33 AM - Software Distribution Service 3.0
RP1911: 11/21/2008 1:54:35 AM - Software Distribution Service 3.0
RP1912: 11/22/2008 2:13:36 AM - System Checkpoint
RP1913: 11/23/2008 2:23:26 AM - System Checkpoint
RP1914: 11/24/2008 3:13:35 AM - System Checkpoint
RP1915: 11/24/2008 11:03:24 PM - Software Distribution Service 3.0
RP1916: 11/25/2008 11:13:35 PM - System Checkpoint
RP1917: 11/26/2008 11:37:37 PM - System Checkpoint
RP1918: 11/27/2008 9:00:28 AM - Software Distribution Service 3.0
RP1919: 11/28/2008 9:13:28 AM - System Checkpoint
RP1920: 11/29/2008 10:13:22 AM - System Checkpoint
RP1921: 11/30/2008 10:14:27 AM - System Checkpoint
RP1922: 12/1/2008 11:13:21 AM - System Checkpoint
RP1923: 12/1/2008 3:20:01 PM - Software Distribution Service 3.0
RP1924: 12/2/2008 4:13:25 PM - System Checkpoint
RP1925: 12/3/2008 4:14:26 PM - System Checkpoint
RP1926: 12/4/2008 5:13:21 PM - System Checkpoint
RP1927: 12/4/2008 6:01:44 PM - Software Distribution Service 3.0
RP1928: 12/5/2008 8:43:53 PM - System Checkpoint
RP1929: 12/6/2008 9:33:34 PM - System Checkpoint
RP1930: 12/7/2008 11:55:25 PM - System Checkpoint
RP1931: 12/8/2008 6:11:18 PM - Software Distribution Service 3.0
RP1932: 12/9/2008 7:36:43 PM - System Checkpoint
RP1933: 12/10/2008 11:31:26 PM - System Checkpoint
RP1934: 12/11/2008 11:39:54 PM - System Checkpoint
RP1935: 12/12/2008 1:32:32 AM - Software Distribution Service 3.0
RP1936: 12/12/2008 3:00:19 AM - Software Distribution Service 3.0
RP1937: 12/13/2008 3:14:15 AM - System Checkpoint
RP1938: 12/14/2008 4:14:18 AM - System Checkpoint
RP1939: 12/15/2008 4:26:18 AM - System Checkpoint
RP1940: 12/16/2008 2:17:42 AM - Software Distribution Service 3.0
RP1941: 12/17/2008 2:38:18 AM - System Checkpoint
RP1942: 12/18/2008 5:26:17 AM - System Checkpoint
RP1943: 12/19/2008 2:17:33 AM - Software Distribution Service 3.0
RP1944: 12/19/2008 3:00:27 AM - Software Distribution Service 3.0
RP1945: 12/20/2008 3:50:18 AM - System Checkpoint
RP1946: 12/21/2008 2:29:27 PM - System Checkpoint
RP1947: 12/22/2008 3:53:30 PM - System Checkpoint
RP1948: 12/23/2008 1:33:47 AM - Software Distribution Service 3.0
RP1949: 12/24/2008 5:55:22 AM - System Checkpoint
RP1950: 12/25/2008 6:31:22 AM - System Checkpoint
RP1951: 12/25/2008 9:53:12 AM - Software Distribution Service 3.0
RP1952: 12/26/2008 1:43:13 PM - System Checkpoint
RP1953: 12/27/2008 2:34:01 PM - System Checkpoint
RP1954: 12/28/2008 3:46:47 PM - System Checkpoint
RP1955: 12/29/2008 12:52:42 PM - Software Distribution Service 3.0
RP1956: 12/30/2008 1:48:28 PM - System Checkpoint
RP1957: 12/31/2008 2:49:21 PM - System Checkpoint
RP1958: 1/1/2009 4:01:49 PM - System Checkpoint
RP1959: 1/2/2009 1:28:56 AM - Software Distribution Service 3.0
RP1960: 1/3/2009 1:30:50 AM - System Checkpoint
RP1961: 1/3/2009 8:51:18 PM - Windows Defender Checkpoint
RP1962: 1/4/2009 9:11:34 PM - System Checkpoint
RP1963: 1/5/2009 10:16:42 AM - Software Distribution Service 3.0
RP1964: 1/6/2009 10:22:29 AM - System Checkpoint
RP1965: 1/7/2009 11:16:38 AM - System Checkpoint
RP1966: 9/19/2003 2:04:35 AM - System Checkpoint

==== Installed Programs ======================

25,000 Events & Celebrations Clip Art
3ds max 6
3ds max 6 Architectural Materials
3ds max 6 Reference Files
3ds max 6 Sdk
Active Disk
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
AlgePASS Concepts and Applications
AOL Instant Messenger
Apple Software Update
Autodesk Streamline 5.0.888.25
AutoUpdate
Banctec Service Agreement
BCM V.92 56K Modem
Brother HL-2070N
Button Builder Pro v1.0.72
CA Anti-Virus
Capture NX 2
character studio 4.2
COSMOSFloWorks
COSMOSMotion 2006 SP04.1
COSMOSWorks 2006 SP04.1
DAO
Dell Media Experience
Dell Networking Guide
Dell Photo Printer 720
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center
DellSupport
DivX Player
DivX Pro Trial
Dr. DivX Trial
DrawPlus 3.0
DS21Patch
DVDSentry
DWGeditor
EarthLink Setup Files
eDrawings 2006
ExamView Pro
FileZilla (remove only)
FinePixViewer Ver.4.1
FUJIFILM USB Driver
Glencoe PuzzleMaker 2.0
Google Toolbar for Internet Explorer
Graph paper printer
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IB Questionbank Mathematics Higher and Standard Level
ImageMixer VCD2 for FinePix
InteGrade Pro
Intel NetportExpress Software
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Interactive Chalkboard (Algebra 2)
IomegaWare 4.0.3
Java 2 Runtime Environment, SE v1.4.2
Kaspersky Online Scanner
Malwarebytes' Anti-Malware
MathType 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft Office Visio Standard 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
MicroStaff WINASPI
Modem Helper
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
National Instruments Software
NI-DAQmx - LabVIEW shared documentation
NI-RPC 3.3.0f0
NI-RPC 3.3.0f0 for Phar Lap ETS
NI Assistant Framework
NI Assistant Framework LabVIEW Code Generator 6.1
NI Assistant Framework LabVIEW Code Generator 7.0
NI Assistant Framework LabVIEW Code Generator 7.1
NI Assistant Framework LabVIEW Code Generator 8.0
NI Assistant Framework LabVIEW Code Generator 8.2
NI DataSocket 4.4.0
NI EULA Depot
NI Example Finder 8.2
NI Instrument IO Assistant for LabVIEW 8.2
NI LabVIEW 8.2
NI LabVIEW 8.2 Activity
NI LabVIEW 8.2 Applibs
NI LabVIEW 8.2 CINtools
NI LabVIEW 8.2 Device Detection and Deployment Support
NI LabVIEW 8.2 Examples
NI LabVIEW 8.2 gMath
NI LabVIEW 8.2 Help
NI LabVIEW 8.2 Help File
NI LabVIEW 8.2 iMath
NI LabVIEW 8.2 Instr.lib
NI LabVIEW 8.2 Manuals
NI LabVIEW 8.2 MeasAppChm File
NI LabVIEW 8.2 Menus
NI LabVIEW 8.2 Project
NI LabVIEW 8.2 Resource
NI LabVIEW 8.2 Simulation
NI LabVIEW 8.2 Templates
NI LabVIEW 8.2 User.lib
NI LabVIEW 8.2 VI.lib
NI LabVIEW 8.2 WWW
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Deployable License 8.2
NI LabVIEW MAX XML
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Run-Time Engine 8.0
NI LabVIEW Run-Time Engine 8.2
NI LabWindows/CVI 7.1.1 Run Time Engine
NI LabWindows/CVI Code Generator
NI License Manager
NI Logos 4.7
NI Logos LabVIEW 8.2 Support
NI LVBrokerAux 8.2
NI LVBrokerAux8.0
NI Math Kernel Libraries
NI MAX LabVIEW Support
NI MDF Support
NI Measurement & Automation Explorer 4.1
NI Measurement Studio Recipe Processor
NI MXS
NI OPC Support
NI Portable Configuration
NI Registration Wizard
NI Remote Provider for MAX
NI Remote PXI Provider for MAX
NI Service Locator
NI Software Provider for MAX
NI TDMS
NI Uninstaller
NI USI 1.3.0
NI Variable Engine
NI Variable Engine LabVIEW 8.2 Support
NI Variable Manager
NI Web Pipeline
Nikon Message Center
Nikon Transfer
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
Picture Control Utility
PowerDVD
PrintMaster
QuickTime
Quicktime Browser Plug-In
RAW FILE CONVERTER LE
RCA Detective 2.0.0.95
RCA Memory Manager 2.1.0.118
RCA Memory Manager™ 2.1.0.204
RealOne Player
SafeCast Shared Components
screensaver2004
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Sketchpad
SolidWorks 2006-2007 Student Edition
SolidWorks Curriculum and Courseware (2006-2007)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Star Wars®: Knights of the Old Republic (TM)
TeacherWorks
TestCheck
TI Connect 1.6
TournaMaster
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebEx
WebFldrs XP
West Point Bridge Designer 2006
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid Codec 1.1.3

==== Event Viewer Messages From Past Week ========

10/24/2008 3:08:18 AM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
10/13/2008 3:37:39 PM, error: Print [6161] - The document Microsoft Word - Harmless.doc owned by susan failed to print on printer Brother HL-2070N series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\LIEBNITZ. Win32 error code returned by the print processor: 259 (0x103).
9/19/2008 11:14:21 PM, error: Service Control Manager [7031] - The CAISafe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/26/2008 9:42:12 PM, error: Print [6161] - The document Microsoft Word - notebooktest1DHS.doc owned by susan failed to print on printer HP LaserJet IIP Plus. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\LIEBNITZ. Win32 error code returned by the print processor: 1801 (0x709).
1/3/2009 9:36:32 PM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... tid=132866 Scan ID: {206BCADB-F6BB-464A-AC3D-840CC96877FA} User: LIEBNITZ\susan Name: TrojanDownloader:Win32/Renos.gen!BB ID: 132866 Severity: High Category: Trojan Downloader Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
1/6/2009 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
1/6/2009 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
1/6/2009 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
1/6/2009 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
1/6/2009 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
1/6/2009 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
1/6/2009 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
1/6/2009 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
1/6/2009 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
1/6/2009 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
1/6/2009 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
1/6/2009 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
1/6/2009 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
1/6/2009 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
1/6/2009 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
1/6/2009 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
1/6/2009 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
1/6/2009 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
1/6/2009 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
1/6/2009 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
1/6/2009 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
1/6/2009 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
1/6/2009 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
1/6/2009 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
1/6/2009 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
1/6/2009 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
1/6/2009 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
1/6/2009 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
1/6/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
1/6/2009 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
1/6/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
1/6/2009 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
1/6/2009 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
1/6/2009 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
1/6/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
1/6/2009 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
1/6/2009 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
1/6/2009 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
1/6/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
1/6/2009 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
1/6/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
1/6/2009 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
1/6/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
1/6/2009 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
1/7/2009 12:37:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
1/7/2009 12:55:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
1/7/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
1/7/2009 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
9/19/2003 3:44:15 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/19/2003 3:59:00 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +167404692 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.95.4:123->207.46.197.32:123) is working properly.

==== End Of File ===========================
nodzoff
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 9:57 pm
Location: Alabama Rocket City

Re: Annoying popups and audio

Unread postby Rodav » January 8th, 2009, 3:08 pm

Try Right clicking on the time on the bottom right hand corner and select Adjust Date/Time, click the Internet Time tab then clicking the update now button to see if it restores the correct time.

Things are a few steps we need to do still.

Step 1:
Older versions of Java have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel > Add/Remove Programs.
  • Check Java 2 Runtime Environment, SE v1.4.2
  • Click the Remove or Change/Remove button.
  • Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment(JRE) and install it to your computer.


Step 2:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.


Step 3:
  1. Please download OTViewIt and save it to your desktop.
  2. Double click on OTViewIt.exe to run it.
  3. Click on the Run Scan button at the top left hand corner.
  4. OTViewIt will start running. When done, 2 Notepad files will open. Please post the contents of these 2 files in your next reply along with the ESET results. You can use multiple posts if you need to.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Annoying popups and audio

Unread postby nodzoff » January 9th, 2009, 3:55 am

Dear Rodav,

We replaced the JRE as you directed. Here are the results for the Eest scan and the two logs from OTViewit:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3752 (20090108)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=ed75753e1214ef479a931542a4c18561
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-09 06:18:29
# local_time=2009-01-09 12:18:29 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=490505
# found=10
# scan_time=4935
C:\Documents and Settings\chris\My Documents\Install_AIM.exe Win32/Adware.WBug.A application 2816C9D1C6FB95C534540222AFF48F20
C:\Documents and Settings\chris\My Documents\Install_AIM.exe »WISE »WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Documents and Settings\chris\My Documents\Install_AIM.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUE0MIHF\count[2].htm JS/TrojanDownloader.Agent.NHJ trojan 483E79E31F0270C9B1B73FA34E59950A
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O5ET9NPC\count[1].htm JS/TrojanDownloader.Agent.NHJ trojan F6BEE78F78856F8243342E6FD6A2F127
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QT0BURER\count[1].htm JS/TrojanDownloader.Agent.NHJ trojan F35A1747E251CBC46D16E47818EAE050
C:\Documents and Settings\susan\Local Settings\Temp\b.exe a variant of Win32/TrojanDownloader.FakeAlert.UX trojan 9E18D7D2BD296BC4E4C4235DAA1B76EE
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application E0D92AC5FDD264E4ED40D45C75934F1B
C:\Program Files\AIM\Sysfiles\WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1961\A0102222.dll Win32/Adware.WBug.A application 5CB0279BC8B35D99E79764293D279C85

OTViewIt logfile created on: 1/9/2009 1:42:27 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\jhaddock\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 257.21 Mb Available Physical Memory | 33.54% Memory free
1.83 Gb Paging File | 1.50 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): C:\pagefile.sys 1150 1350;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 42.53 Gb Free Space | 57.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIEBNITZ
Current User Name: susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/05 22:11:34 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2004/03/04 09:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
[2004/03/04 09:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
[2004/03/30 18:38:30 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
[2008/02/07 01:16:02 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
[2002/09/04 14:11:04 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
[2006/06/19 13:01:52 | 00,688,190 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\SYSTEM32\lkcitdl.exe
[2006/07/25 16:28:02 | 00,045,056 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\SYSTEM32\lkads.exe
[2006/07/25 16:28:10 | 00,057,344 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\SYSTEM32\lktsrv.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/07/15 18:47:00 | 00,005,728 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
[2006/07/25 16:28:16 | 00,200,704 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
[2006/02/06 15:46:42 | 00,049,152 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\SYSTEM32\nisvcloc.exe
[2006/07/25 16:36:40 | 00,696,320 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
[2003/10/06 14:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
[2006/03/10 17:04:34 | 00,626,688 | ---- | M] () -- C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
[2005/08/17 06:24:56 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2008/09/10 00:03:59 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2002/09/24 16:39:48 | 00,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
[2003/08/26 19:47:34 | 00,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
[2002/08/13 14:30:57 | 00,086,016 | ---- | M] (Iomega) -- C:\Program Files\Iomega\DriveIcons\Imgicon.exe
[2003/08/13 10:27:40 | 00,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
[2003/08/06 01:04:00 | 00,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
[2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
[2002/09/24 16:39:24 | 00,147,456 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
[2003/10/27 15:52:40 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/09/10 00:03:59 | 00,234,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\cavrid.exe
[2006/10/05 22:11:54 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/10/11 00:14:57 | 00,247,024 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
[2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[2008/09/06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rundll32.exe
[2007/10/15 15:56:20 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2009/01/04 09:04:43 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\susan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2003/07/09 20:34:10 | 00,241,664 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\FinePixViewer\QuickDCF.exe
[2008/10/11 00:14:57 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
[2007/10/18 19:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2008/03/06 11:45:28 | 01,110,016 | ---- | M] (Audiovox Electronics Corp.) -- C:\Documents and Settings\susan\My Documents\RCA Detective\RCADetective.exe
[2007/01/04 15:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[2009/01/08 22:09:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\notepad.exe
[2009/01/09 01:40:42 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhaddock\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
[2004/03/30 18:38:30 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
[2008/10/11 00:14:57 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
[2008/02/07 01:16:02 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe -- (CAISafe [Auto | Running])
[2007/04/13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2007/10/07 12:34:44 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])
[2002/09/04 14:11:04 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Auto | Running])
[2004/03/04 09:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2006/06/19 13:01:52 | 00,688,190 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\SYSTEM32\lkcitdl.exe -- (LkCitadelServer [Auto | Running])
[2006/07/25 16:28:02 | 00,045,056 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\SYSTEM32\lkads.exe -- (lkClassAds [Auto | Running])
[2006/07/25 16:28:10 | 00,057,344 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\SYSTEM32\lktsrv.exe -- (lkTimeSync [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/07/15 18:47:00 | 00,005,728 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr [Auto | Running])
[2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2006/07/25 16:28:16 | 00,200,704 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService [Auto | Running])
[2006/06/27 18:55:28 | 01,007,616 | ---- | M] (Macrovision Corporation) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager [On_Demand | Stopped])
[2006/02/06 15:46:42 | 00,049,152 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\SYSTEM32\nisvcloc.exe -- (niSvcLoc [Auto | Running])
[2006/07/25 16:36:40 | 00,696,320 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService [Auto | Running])
[2003/10/06 14:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2004/12/02 07:28:32 | 00,098,304 | ---- | M] (OPC Foundation) -- C:\WINDOWS\SYSTEM32\Opcenum.exe -- (OpcEnum [On_Demand | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/03/10 17:04:34 | 00,626,688 | ---- | M] () -- C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe -- (Remote Solver for COSMOSFloWorks 2006 [Auto | Running])
[2005/08/17 06:24:56 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
[2008/09/10 00:03:59 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe -- (VETMSGNT [Auto | Running])
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/05 22:11:34 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2002/09/24 16:39:48 | 00,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_ [Auto | Running])
[2009/01/08 22:09:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Disabled | Stopped])
[2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Disabled | Stopped])
[2003/08/29 03:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
[2000/07/24 01:01:00 | 00,019,537 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\BRPAR.SYS -- (BrPar [Auto | Running])
[2004/03/30 18:38:31 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS -- (CdaC15BA [Auto | Running])
[2002/02/19 03:57:44 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\stephen\Local Settings\Temp\cdrmkaun.sys -- (cdrmkaun [On_Demand | Stopped])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Disabled | Stopped])
[2006/07/27 09:00:00 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv [Auto | Running])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Disabled | Stopped])
[2003/07/31 03:21:00 | 00,084,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2003/06/20 02:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2003/03/04 11:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
[2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC [On_Demand | Stopped])
[2004/08/03 23:29:36 | 00,161,020 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/03 23:29:37 | 00,012,415 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/03 23:29:37 | 00,012,127 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/03 23:29:37 | 00,011,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/03 23:29:47 | 00,012,063 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/03 23:29:49 | 00,019,455 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/03 23:29:41 | 00,029,311 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/03 23:29:42 | 00,019,551 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/03 23:29:43 | 00,033,599 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/03 23:29:45 | 00,023,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4 [On_Demand | Stopped])
[2002/09/04 14:11:08 | 00,030,258 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IomDisk.sys -- (iomdisk [Boot | Running])
[2000/03/29 17:11:20 | 00,008,096 | ---- | M] (MicroStaff Co.,Ltd.) -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT [Auto | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Disabled | Stopped])
[2003/10/06 14:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2003/07/30 02:02:00 | 00,017,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Disabled | Stopped])
[2008/04/13 12:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/01/28 15:03:26 | 00,021,456 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\SYSTEM32\DRIVERS\SilvrLnk.sys -- (SilverLink [On_Demand | Running])
[2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
[2003/06/18 14:52:18 | 00,578,176 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Disabled | Stopped])
[2003/07/14 11:28:40 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2003/07/14 11:28:22 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Disabled | Stopped])
[2005/11/07 21:59:31 | 00,004,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Disabled | Stopped])
[2003/08/06 01:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2003/08/06 01:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2003/08/06 01:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2003/08/06 01:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2003/08/06 01:04:00 | 00,083,284 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2003/08/06 01:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2003/08/06 01:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2003/08/06 01:04:00 | 00,098,068 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2003/08/06 01:04:00 | 00,100,373 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2006/02/03 10:37:33 | 00,049,536 | R--- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\SYSTEM32\DRIVERS\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Disabled | Stopped])
[2008/09/10 00:04:00 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
[2008/09/10 00:04:00 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
[2008/06/05 00:15:17 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
[2008/06/05 00:15:17 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
[2008/09/10 00:04:00 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
[2008/09/10 00:04:00 | 00,032,240 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2002/08/29 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dellnet.com
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.dellnet.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dellnet.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://home.hiwaay.net/~jhaddock/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ADUserMon"=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
"BCMSMMSG"=BCMSMMSG.exe (Broadcom Corporation)
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" (CA, Inc.)
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
"Deskup"=C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART (Iomega)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe (Iomega)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /install (NVIDIA Corporation)
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (Adobe Systems Incorporated)
"Google Update"="C:\Documents and Settings\susan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" File not found
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (NVIDIA Corporation)
"Sonic RecordNow!"= File not found
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2003/07/09 20:34:10 | 00,241,664 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
[2007/10/18 19:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2008/03/06 11:45:28 | 01,110,016 | ---- | M] (Audiovox Electronics Corp.) -- C:\Documents and Settings\susan\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\susan\My Documents\RCA Detective\RCADetective.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"= [binary data]

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2004/05/18 18:58:38 | 10,080,960 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2004/12/08 16:50:04 | 00,067,160 | ---- | M] (America Online, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F02} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F03} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F04} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/12/08 16:50:04 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=58813 -- Office Genuine Advantage Validation Tool
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://www.kaspersky.com/kos/eng/partne ... nicode.cab -- CKAVWebScan Object
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}: http://www.musicnotes.com/download/mnviewer.cab -- Musicnotes Viewer
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdat ... t/opuc.cab -- Office Update Installation Engine
{401F2F3A-8C56-4736-8C9E-37854F174AC9}: https://folders.buzzsaw.com/!/download/ ... -SL-EN.exe -- ProjectPoint Document
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/OnlineScanner.cab -- OnlineScanner Control
{62475759-9E84-458E-A1AB-5D2C442ADFDE}: http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe -- Reg Error: Key does not exist or could not be opened.
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}: http://picture.vzw.com/activex/VerizonW ... ontrol.cab -- Verizon Wireless Media Upload
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/fl ... rashim.cab -- Reg Error: Key does not exist or could not be opened.
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}: http://131.204.163.245/activex/AxisCamControl.cab -- CamImage Class
{95D88B35-A521-472B-A182-BB1A98356421}: http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab -- Pearson Installation Assistant 2
{9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupdate.microsoft.com/C ... 8701041667 -- Reg Error: Key does not exist or could not be opened.
{A8683C98-5341-421B-B23C-8514C05354F1}: http://photo.walmart.com/photo/uploads/ ... Client.cab -- FujifilmUploader Class
{A8F2B9BD-A6A0-486A-9744-18920D898429}: http://www.sibelius.com/download/softwa ... Plugin.cab -- ScorchPlugin Class
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdat ... /opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}: https://www-secure.symantec.com/techsup ... mAData.cab -- Reg Error: Value does not exist or could not be read.
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/sh ... wflash.cab -- Shockwave Flash Object
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://altera.webex.com/client/v_myweb ... eatgpc.cab -- GpcContainer Class
{E6D23284-0E9B-417D-A782-03E4487FC947}: http://asp.mathxl.com/books/_Players/MathPlayer.cab -- Pearson MathXL Player

========== (O17) DNS Name Servers ==========

{0D7EAE86-384F-4D60-9E29-7FFB682CA944} (Servers: | Description: 1394 Net Adapter)
{1B59C0CA-CFBB-402B-B5F2-2213F2E38D47} (Servers: | Description: Intel(R) PRO/100 VE Network Connection)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/09/03 08:59:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5137e27e-86c7-11dd-9a66-0007e94d02aa}\Shell\AutoRun\command]
""=G:\rcasw_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5137e27e-86c7-11dd-9a66-0007e94d02aa}\Shell\Manage your videos\command]
""=RCAMemoryMgr.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0b21805-6896-11db-9a0b-0007e94d02aa}\Shell\AutoRun\command]
""=G:\Installer.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\susan\My Documents\*.tmp files]
[2009/01/08 22:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/01/08 17:34:26 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\susan\My Documents\NASAtelecon2009.doc
[2009/01/07 12:22:15 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\Shortcut to Internet.lnk
[2009/01/05 20:05:56 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\EFExperimentData.xls
[2009/01/04 09:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\My Documents\Downloads
[2009/01/04 09:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\Local Settings\Application Data\Deployment
[2009/01/04 08:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/03 21:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\Application Data\Malwarebytes
[2009/01/03 21:44:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 21:44:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/03 21:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/03 21:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/03 21:05:36 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2009/01/03 21:05:36 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2009/01/03 21:05:36 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2009/01/03 21:05:36 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2009/01/03 21:05:36 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2009/01/03 21:05:36 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2009/01/03 21:05:35 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2009/01/03 21:05:35 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2009/01/03 21:05:35 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2009/01/03 21:05:35 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2009/01/03 21:05:35 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2009/01/03 21:05:34 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2009/01/03 21:05:33 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2009/01/03 20:50:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2009/01/03 20:50:19 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2009/01/03 20:50:18 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/01/01 22:42:37 | 45,517,780 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\Awards.avi
[2008/12/31 17:01:48 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\susan\My Documents\kickofffirst.doc
[2008/12/29 19:23:29 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\susan\My Documents\danielslab.xls
[2008/12/23 14:34:41 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\susan\My Documents\Robotics team programs town future.doc

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\susan\My Documents\*.tmp files]
[2009/01/09 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2009/01/09 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/01/09 00:55:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2009/01/09 00:37:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/01/08 23:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009/01/08 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009/01/08 22:05:04 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/01/08 22:04:11 | 00,477,404 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/08 22:04:11 | 00,405,310 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/01/08 22:04:11 | 00,063,860 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/01/08 22:03:24 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/01/08 22:02:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/08 22:01:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/01/08 22:01:50 | 80,432,7424 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/08 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2009/01/08 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/01/08 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2009/01/08 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/01/08 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2009/01/08 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/01/08 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2009/01/08 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/01/08 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009/01/08 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/01/08 17:34:26 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\susan\My Documents\NASAtelecon2009.doc
[2009/01/08 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009/01/08 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/01/08 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009/01/08 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/01/08 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009/01/08 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/01/08 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009/01/08 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/01/08 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009/01/08 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/01/08 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009/01/08 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/01/08 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009/01/08 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/01/08 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009/01/08 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/01/08 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009/01/08 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/01/08 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/01/08 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009/01/08 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/01/08 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009/01/08 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/01/08 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009/01/08 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009/01/08 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009/01/08 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009/01/08 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2009/01/08 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009/01/08 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2009/01/08 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009/01/08 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2009/01/07 12:22:15 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\Shortcut to Internet.lnk
[2009/01/05 22:45:40 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\EFExperimentData.xls
[2009/01/03 16:53:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/01 23:17:16 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/01 22:53:34 | 45,517,780 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\Awards.avi
[2008/12/31 17:01:49 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\susan\My Documents\kickofffirst.doc
[2008/12/30 13:28:29 | 00,001,868 | -H-- | M] () -- C:\Documents and Settings\susan\My Documents\Default.rdp
[2008/12/29 19:23:29 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\susan\My Documents\danielslab.xls
[2008/12/23 14:34:41 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\susan\My Documents\Robotics team programs town future.doc
[2008/12/12 11:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 11:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 03:03:55 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >


OTViewIt Extras logfile created on: 1/9/2009 1:42:27 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\jhaddock\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 257.21 Mb Available Physical Memory | 33.54% Memory free
1.83 Gb Paging File | 1.50 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): C:\pagefile.sys 1150 1350;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 42.53 Gb Free Space | 57.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIEBNITZ
Current User Name: susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe:*:Enabled:Charter High-Speed Security Suite
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\SYSTEM32\vetredir.dll (Computer Associates International, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2004/03/22 20:58:01 | 08,140,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033B84B7-B1FD-4C2E-B85C-43CA64897F29}"=Interactive Chalkboard (Algebra 2)
"{06E3C3B7-85B8-42F1-A8DA-B5A09C6262B9}"=NI Remote Provider for MAX
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{0EC523EE-3D9F-415C-8D30-95F973D53D87}"=NI LabVIEW Real-Time Error Dialog
"{0EE24AF8-91DD-49C0-B50E-1986F67D2BE3}"=NI Instrument IO Assistant for LabVIEW 8.2
"{0FED2492-9E91-4D8D-9D62-82DD96EB9F84}"=NI MAX LabVIEW Support
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}"=Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{13986395-0222-41E7-ABF0-FF60BF43A90B}"=NI Assistant Framework LabVIEW Code Generator 7.0
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}"=Dell Picture Studio - Dell Image Expert
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1B4F40BA-A00A-4FFA-B03A-E3EF2011248C}"=NI LVBrokerAux 8.2
"{1CECDCCE-1D2D-46E8-9F02-CCFC93120B55}"=DWGeditor
"{1E0428CF-3C4A-431F-9857-AB021F2767A3}"=Brother HL-2070N
"{1EC6EA0C-15A8-46E9-891F-8D3A0931B81F}"=NI LabVIEW 8.2 VI.lib
"{211150B1-F84E-439B-B474-4D31F5715ADF}"=NI LabVIEW 8.2 Activity
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.1
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{26F64866-149F-4347-B016-60A55E154647}"=NI LabVIEW 8.2 CINtools
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}"=Star Wars®: Knights of the Old Republic (TM)
"{2CB66651-850E-40FB-8AE6-008EF02FDEFF}"=NI Assistant Framework LabVIEW Code Generator 8.0
"{2CDB410A-9319-47D9-9469-79928AC34A8B}"=NI LabVIEW 8.2 Help
"{2F4E9559-6F87-413E-9D9F-841330D59984}"=NI-DAQmx - LabVIEW shared documentation
"{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}"=character studio 4.2
"{32117214-B9F1-4EAC-8EC3-417161EC388D}"=NI LabVIEW MAX XML
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E641A24-6C19-4ED1-B8A8-C06E18DA1390}"=NI-RPC 3.3.0f0 for Phar Lap ETS
"{411313F8-C89C-40CC-92F6-136A23775668}"=NI Variable Engine
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}"=NI Measurement Studio Recipe Processor
"{43B4AC9D-F421-4584-857A-A1ECE0B21B6F}"=NI LabVIEW 8.2
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{44F6D111-8407-4E7B-AD20-04B9BE377C3D}"=SolidWorks 2006-2007 Student Edition
"{480A08A0-8903-4FDC-A76B-DAA1085F6844}"=NI OPC Support
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}"=Banctec Service Agreement
"{4CDE9452-7BA2-46BC-9551-6A041F4A3B66}"=NI LabVIEW Run-Time Engine 8.2
"{4D16E10D-1FFA-4C52-98E9-E7678CBC26E0}"=NI LabVIEW 8.2 Resource
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{59EC01D4-E48A-49C8-BE02-3B3B986DF752}"=TestCheck
"{5AC6F03B-0186-4CC8-A67D-BA37FD504CC4}"=COSMOSWorks 2006 SP04.1
"{5D25B8F8-3D08-4510-8ACE-74020ACCDCDF}"=COSMOSMotion 2006 SP04.1
"{62369F2F77534556AEF4C58152E3BDE5}"=Dr. DivX Trial
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{64116298-93C5-401D-B06C-39D8E3338508}"=DAO
"{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}"=NI LVBrokerAux8.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}"=Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69E6A869-8B59-4619-A9E9-58DDFA7C05B8}"=3ds max 6
"{6EF6A7A5-C42B-45EF-B662-236438E4AA49}"=NI LabVIEW 8.2 Simulation
"{70C20366-2982-496B-8841-CB4EBDDBE989}"=NI LabVIEW 8.2 Project
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{78E617C3-69A1-40E9-BC94-3BE34F8239A7}"=NI LabVIEW 8.2 WWW
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Pro Trial
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8303DB34-18AF-476D-B688-D28ACA19B0AC}"=NI MXS
"{87441A59-5E64-4096-A170-14EFE67200C3}"=Picture Control Utility
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E0D6646-85F7-46C0-B644-F45FBE2062E7}"=NI Variable Engine LabVIEW 8.2 Support
"{90AF0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}"=Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91130409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Basic Edition 2003
"{91530409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Standard 2003
"{922A9446-0E48-48DB-8E2B-D4BF66284F1D}"=NI Registration Wizard
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}"=ImageMixer VCD2 for FinePix
"{94F8151E-1946-4D81-9FBF-E167DF25954A}"=NI LabVIEW Run-Time Engine 8.0
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}"=DVDSentry
"{9944827A-6E24-429C-B232-406E58E19492}"=COSMOSFloWorks
"{994C8F90-8554-4041-993D-3743338B857D}"=NI-RPC 3.3.0f0
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}"=EarthLink Setup Files
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}"=DS21Patch
"{9B90CA69-D7A7-44C5-BA69-539042267ED7}"=NI Remote PXI Provider for MAX
"{9BB82BF9-CEC7-49E8-9019-A282359292FB}"=NI LabVIEW 8.2 Applibs
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}"=NI LabWindows/CVI 7.1.1 Run Time Engine
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A1F7BDF1-6D46-46FC-92D1-BC91202251DD}"=NI Service Locator
"{A2DC3907-B0A3-484F-9677-A16F1D58BF60}"=NI TDMS
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}"=Intel(R) PROSet
"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6
"{AA037D1D-1B1E-4459-BFA1-15AE14470AF7}"=NI LabVIEW 8.2 Menus
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AD8163DD-C80D-40D0-A81B-0B6E78BB444B}"=NI LabVIEW 8.2 MeasAppChm File
"{AFA2EB4F-C276-4453-9630-1C11A3A3CD36}"=NI LabVIEW 8.2 User.lib
"{B3E8502E-1C67-41B9-AC9D-7797F045D701}"=NI Measurement & Automation Explorer 4.1
"{B964D613-8A52-4B00-862F-7B6A1A4FBC8E}"=NI Logos LabVIEW 8.2 Support
"{BA9A5320-416B-40E5-B641-E6E8DB4D1E38}"=NI LabVIEW 8.2 Templates
"{BAADD05A-8BDD-4C1B-BE38-94627C552A86}"=NI Logos 4.7
"{BC14A1F6-0511-4360-8351-FB7964979317}"=3ds max 6 Reference Files
"{C0CE5F31-3524-4662-B816-7D6E272D4409}"=NI LabVIEW 8.2 Help File
"{C287DB98-BAD7-4F94-B247-E27384B134D0}"=NI LabVIEW 8.2 iMath
"{C3E9E1F2-1EF7-4086-A8B5-858E3DEB9BAE}"=NI MDF Support
"{C49D9F01-F9FD-4F3D-A901-1E3A5EB7EE53}"=NI LabVIEW 8.2 Examples
"{C71CF39A-D4C2-43F5-BB72-F3ABEEC875D0}"=3ds max 6 Sdk
"{C81F3D95-B8FC-4640-8C73-6A538245FC7C}"=NI Assistant Framework
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CCCCF64D-0535-4422-A3F5-605BD12A56CC}"=NI EULA Depot
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}"=NI Web Pipeline
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D3AFDD5D-7E5A-49CC-BC41-D4F1123F1167}"=NI LabVIEW 8.2 Manuals
"{D47C97B6-DCF4-4081-906D-43BF89160AFA}"=NI DataSocket 4.4.0
"{D4EAAC9B-B7CA-40FD-B5D8-EF5E8A0C8689}"=NI LabVIEW 8.2 Instr.lib
"{D673F503-0DA3-493B-A23E-785FCBABF526}"=NI Assistant Framework LabVIEW Code Generator 7.1
"{D680C913-5955-469D-9D88-C1940F7506D6}"=RAW FILE CONVERTER LE
"{D699EE6C-4670-4EE9-A51E-5D7175E94102}"=NI Uninstaller
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}"=Paint Shop Pro 7
"{D73DA717-E403-48AF-91BA-49573B632E89}"=NI Example Finder 8.2
"{D8B7A9C5-7ACE-4F9C-9788-77D08850AB4F}"=NI USI 1.3.0
"{DA7B6629-813A-4D19-AA71-A17705C96F17}"=NI LabVIEW Deployable License 8.2
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}"=NI Math Kernel Libraries
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DCFD19E7-1C7E-43C1-BCC9-64A2F8A86D81}"=NI LabVIEW Broker
"{DD8C1183-6548-4A43-B9E5-CD0E970751E4}"=3ds max 6 Architectural Materials
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}"=NI LabVIEW C Interface
"{E2C8866F-CF32-4D32-94BF-0D5F5D6AC7C6}"=NI LabVIEW 8.2 gMath
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center
"{E44895E5-15CA-48CB-B136-707E5183BEF3}"=eDrawings 2006
"{E4AF8094-EDCE-43A2-A74C-D87F771B1EC9}"=NI Assistant Framework LabVIEW Code Generator 6.1
"{E7B3BFC0-2EA8-4372-B03F-139DD08B9DB6}"=NI Variable Manager
"{E906727C-FC79-4EBD-89F7-316E268ED28E}"=NI LabVIEW 8.2 Device Detection and Deployment Support
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}"=Nikon Transfer
"{E9B491CB-A194-4E2B-8F3B-692423A7BC54}"=SolidWorks Curriculum and Courseware (2006-2007)
"{F0E4A8B8-87CD-41BA-8500-635B10BBE73F}"=NI Assistant Framework LabVIEW Code Generator 8.2
"{F5F0798A-6EC2-4C3D-99C9-EA399AF82580}"=NI Software Provider for MAX
"{F9AFA93C-BBD7-43A7-89A9-7E898E39C566}"=NI Portable Configuration
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}"=Banctec Service Agreement
"{FCA1ADDE-E694-4581-A7D8-99C607CFBF89}"=NI LabWindows/CVI Code Generator
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDB8EF7A-4118-4B27-8892-4FBE82729340}"=NI License Manager
"25,000 Events & Celebrations Clip Art"=25,000 Events & Celebrations Clip Art
"Active Disk"=Active Disk
"ActiveTouchMeetingClient"=WebEx
"Adobe Acrobat 4.0"=Adobe Acrobat 4.0
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"AlgePASS Concepts and Applications"=AlgePASS Concepts and Applications
"AOL Instant Messenger"=AOL Instant Messenger
"BCM V.92 56K Modem"=BCM V.92 56K Modem
"Capture NX 2"=Capture NX 2
"cciss_av"=CA Anti-Virus
"CdaC13Ba"=SafeCast Shared Components
"Dell Photo Printer 720"=Dell Photo Printer 720
"DrawPlus 3.0"=DrawPlus 3.0
"DSMT5"=MathType 5
"EsetOnlineScanner"=ESET Online Scanner
"ExamView Pro"=ExamView Pro
"FileZilla"=FileZilla (remove only)
"Glencoe PuzzleMaker 2.0"=Glencoe PuzzleMaker 2.0
"Graph paper printer"=Graph paper printer
"HijackThis"=HijackThis 2.0.2
"IB Questionbank IB_MA"=IB Questionbank Mathematics Higher and Standard Level
"InteGrade Pro"=InteGrade Pro
"Intel NetportExpress Software"=Intel NetportExpress Software
"IomegaWare"=IomegaWare 4.0.3
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"MWASPI"=MicroStaff WINASPI
"NI Uninstaller"=National Instruments Software
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver"=NVIDIA Display Driver
"PrintMaster 10"=PrintMaster
"ProjectPoint-5"=Autodesk Streamline 5.0.888.25
"PROSet"=Intel(R) PRO Network Adapters and Drivers
"QuicktimePluginDeinstallKey"=Quicktime Browser Plug-In
"RCA Detective_is1"=RCA Detective 2.0.0.95
"RCA Memory Manager_is1"=RCA Memory Manager 2.1.0.118
"RCA Memory Manager™_is1"=RCA Memory Manager™ 2.1.0.204
"RealPlayer 6.0"=RealOne Player
"screensaver2004"=screensaver2004
"Sketchpad"=Sketchpad
"ST6UNST #1"=TournaMaster
"ST6UNST #2"=Button Builder Pro v1.0.72
"TeacherWorks"=TeacherWorks
"VETWIN32Vp5"=CA Anti-Virus
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebPost"=Microsoft Web Publishing Wizard 1.52
"West_Point_Bridge_Designer_2006"=West Point Bridge Designer 2006
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Codec_is1"=Xvid Codec 1.1.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2008 7:06:00 PM | Computer Name = LIEBNITZ | Source = Application Error | ID = 1000
Description = Faulting application isafe.exe, version 8.0.9.0, faulting module isafserv.dll,
version 8.0.9.0, fault address 0x00011790.

Error - 1/3/2009 10:51:49 PM | Computer Name = LIEBNITZ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2009 11:59:25 PM | Computer Name = LIEBNITZ | Source = Application Hang | ID = 1002
Description = Hanging application ~tmpd.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/4/2009 12:27:14 AM | Computer Name = LIEBNITZ | Source = Application Hang | ID = 1002
Description = Hanging application ~tmpd.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/4/2009 12:56:58 AM | Computer Name = LIEBNITZ | Source = Application Hang | ID = 1002
Description = Hanging application ~tmpd.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2003 2:52:59 AM | Computer Name = LIEBNITZ | Source = Google Update | ID = 20
Description =

Error - 9/19/2003 3:18:02 AM | Computer Name = LIEBNITZ | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1592.0,
P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 9/19/2003 3:53:00 AM | Computer Name = LIEBNITZ | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 1/8/2009 11:00:00 PM | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At46.job command failed to start due to the following error: %%2147942402

Error - 1/9/2009 | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402

Error - 1/9/2009 | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At47.job command failed to start due to the following error: %%2147942402

Error - 1/9/2009 12:02:23 AM | Computer Name = LIEBNITZ | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 1/9/2009 1:00:00 AM | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At24.job command failed to start due to the following error: %%2147942402

Error - 1/9/2009 1:00:01 AM | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At48.job command failed to start due to the following error: %%2147942402

Error - 1/9/2009 2:37:00 AM | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 1/9/2009 2:55:00 AM | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At25.job command failed to start due to the following error: %%2147942402

Error - 1/9/2009 3:00:00 AM | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942402

Error - 1/9/2009 3:00:00 AM | Computer Name = LIEBNITZ | Source = Schedule | ID = 7901
Description = The At26.job command failed to start due to the following error: %%2147942402


< End of report >
nodzoff
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 9:57 pm
Location: Alabama Rocket City

Re: Annoying popups and audio

Unread postby Rodav » January 9th, 2009, 10:32 am

Step 1:
Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: Select all
:files
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At1.job
C:\Program Files\AIM\Sysfiles\WxBug.EXE
C:\Documents and Settings\chris\My Documents\Install_AIM.exe

:commands
[emptytemp]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Step 2:
Run DDS again and post the log along with the OTMoveIt3 results in your next reply and let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Annoying popups and audio

Unread postby nodzoff » January 10th, 2009, 12:27 am

This seems to be going well so far. Have I mentioned how much I appreciate your assistance?

As you requested, the OTMoveIt log, and the two DDS files are provided below.

========== FILES ==========
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\Program Files\AIM\Sysfiles\WxBug.EXE moved successfully.
C:\Documents and Settings\chris\My Documents\Install_AIM.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\susan\LOCALS~1\Temp\etilqs_BhRXUxCCpG1chEh scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\susan\LOCALS~1\Temp\~DFA23F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\susan\LOCALS~1\Temp\~DFF728.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\susan\LOCALS~1\Temp\~DFFBB5.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_12c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP000002224626F8575DF39DB2 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01092009_220829

Files moved on Reboot...
File C:\DOCUME~1\susan\LOCALS~1\Temp\etilqs_BhRXUxCCpG1chEh not found!
C:\DOCUME~1\susan\LOCALS~1\Temp\~DFA23F.tmp moved successfully.
C:\DOCUME~1\susan\LOCALS~1\Temp\~DFF728.tmp moved successfully.
C:\DOCUME~1\susan\LOCALS~1\Temp\~DFFBB5.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_12c.dat not found!
File C:\WINDOWS\temp\TMP000002224626F8575DF39DB2 not found!



DDS (Ver_09-01-07.01) - NTFSx86
Run by susan at 22:19:52.37 on Fri 01/09/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.345 [GMT -6:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\susan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Documents and Settings\susan\My Documents\RCA Detective\RCADetective.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\susan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\susan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\susan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jhaddock\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.hiwaay.net/~jhaddock/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dellnet.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Google Update] "c:\documents and settings\susan\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CAVRID] "c:\program files\ca\etrust ez armor\etrust ez antivirus\CAVRID.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\susan\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\susan\my documents\rca

detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\VetRedir.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-10-20 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-10-20 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2007-10-20 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-10-20 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-10-20 32240]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2007-10-20 108368]
R4 CAISafe;CAISafe;c:\program files\ca\etrust ez armor\etrust ez antivirus\isafe.exe [2007-4-19 144696]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-8-17 822424]
R4 VETMSGNT;VET Message Service;c:\program files\ca\etrust ez armor\etrust ez antivirus\vetmsg.exe [2007-4-19 255216]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-10-5 13592]
S3 cdrmkaun;cdrmkaun;c:\docume~1\stephen\locals~1\temp\cdrmkaun.sys [2002-2-19 15872]

=============== Created Last 30 ================

2009-01-09 22:08 <DIR> --d----- C:\_OTMoveIt
2009-01-08 22:12 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-08 22:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-08 22:10 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-04 08:58 <DIR> --d----- c:\program files\Trend Micro
2009-01-03 21:44 <DIR> --d----- c:\docume~1\susan\applic~1\Malwarebytes
2009-01-03 21:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-03 21:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 21:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 21:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2008-12-12 11:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 19:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 19:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 19:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-08-19 20:18 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2008-08-19 18:52 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLck.DAT
2008-08-19 18:27 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2006-02-16 20:10 28,672 a------- c:\documents and settings\susan\atwbxdet.dll

============= FINISH: 22:20:59.40 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/29/2003 11:56:06 PM
System Uptime: 1/9/2009 10:14:47 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0M2035
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Microprocessor | 2593/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 44.072 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1868: 10/12/2008 4:18:52 PM - System Checkpoint
RP1869: 10/13/2008 4:42:52 PM - System Checkpoint
RP1870: 10/14/2008 5:19:59 PM - System Checkpoint
RP1871: 10/15/2008 3:00:24 AM - Software Distribution Service 3.0
RP1872: 10/16/2008 3:33:54 AM - System Checkpoint
RP1873: 10/17/2008 1:41:46 AM - Software Distribution Service 3.0
RP1874: 10/18/2008 2:25:57 AM - System Checkpoint
RP1875: 10/19/2008 3:30:19 AM - System Checkpoint
RP1876: 10/20/2008 4:13:59 AM - System Checkpoint
RP1877: 10/21/2008 5:25:55 AM - System Checkpoint
RP1878: 10/22/2008 6:25:58 AM - System Checkpoint
RP1879: 10/23/2008 7:14:00 AM - System Checkpoint
RP1880: 10/24/2008 1:41:37 AM - Software Distribution Service 3.0
RP1881: 10/24/2008 3:00:25 AM - Software Distribution Service 3.0
RP1882: 10/25/2008 11:01:32 AM - System Checkpoint
RP1883: 10/26/2008 11:21:41 AM - System Checkpoint
RP1884: 10/27/2008 12:11:35 PM - System Checkpoint
RP1885: 10/28/2008 1:11:38 PM - System Checkpoint
RP1886: 10/29/2008 1:47:43 AM - Software Distribution Service 3.0
RP1887: 10/30/2008 3:11:36 AM - System Checkpoint
RP1888: 10/31/2008 1:47:36 AM - Software Distribution Service 3.0
RP1889: 11/1/2008 1:52:56 AM - System Checkpoint
RP1890: 11/2/2008 1:30:45 AM - System Checkpoint
RP1891: 11/3/2008 6:06:47 AM - System Checkpoint
RP1892: 11/4/2008 7:42:47 AM - System Checkpoint
RP1893: 11/5/2008 1:31:31 AM - Software Distribution Service 3.0
RP1894: 11/6/2008 1:31:50 AM - System Checkpoint
RP1895: 11/6/2008 4:45:54 PM - Software Distribution Service 3.0
RP1896: 11/7/2008 2:11:11 PM - Software Distribution Service 3.0
RP1897: 11/8/2008 6:06:41 PM - System Checkpoint
RP1898: 11/9/2008 7:18:45 PM - System Checkpoint
RP1899: 11/10/2008 9:41:20 PM - System Checkpoint
RP1900: 11/11/2008 10:49:18 PM - System Checkpoint
RP1901: 11/12/2008 11:30:46 PM - System Checkpoint
RP1902: 11/13/2008 1:39:32 AM - Software Distribution Service 3.0
RP1903: 11/13/2008 3:00:20 AM - Software Distribution Service 3.0
RP1904: 11/14/2008 1:55:44 AM - Software Distribution Service 3.0
RP1905: 11/15/2008 10:50:00 AM - System Checkpoint
RP1906: 11/16/2008 12:25:57 PM - System Checkpoint
RP1907: 11/17/2008 1:25:55 PM - System Checkpoint
RP1908: 11/18/2008 3:25:59 PM - System Checkpoint
RP1909: 11/19/2008 4:15:01 PM - System Checkpoint
RP1910: 11/20/2008 1:54:33 AM - Software Distribution Service 3.0
RP1911: 11/21/2008 1:54:35 AM - Software Distribution Service 3.0
RP1912: 11/22/2008 2:13:36 AM - System Checkpoint
RP1913: 11/23/2008 2:23:26 AM - System Checkpoint
RP1914: 11/24/2008 3:13:35 AM - System Checkpoint
RP1915: 11/24/2008 11:03:24 PM - Software Distribution Service 3.0
RP1916: 11/25/2008 11:13:35 PM - System Checkpoint
RP1917: 11/26/2008 11:37:37 PM - System Checkpoint
RP1918: 11/27/2008 9:00:28 AM - Software Distribution Service 3.0
RP1919: 11/28/2008 9:13:28 AM - System Checkpoint
RP1920: 11/29/2008 10:13:22 AM - System Checkpoint
RP1921: 11/30/2008 10:14:27 AM - System Checkpoint
RP1922: 12/1/2008 11:13:21 AM - System Checkpoint
RP1923: 12/1/2008 3:20:01 PM - Software Distribution Service 3.0
RP1924: 12/2/2008 4:13:25 PM - System Checkpoint
RP1925: 12/3/2008 4:14:26 PM - System Checkpoint
RP1926: 12/4/2008 5:13:21 PM - System Checkpoint
RP1927: 12/4/2008 6:01:44 PM - Software Distribution Service 3.0
RP1928: 12/5/2008 8:43:53 PM - System Checkpoint
RP1929: 12/6/2008 9:33:34 PM - System Checkpoint
RP1930: 12/7/2008 11:55:25 PM - System Checkpoint
RP1931: 12/8/2008 6:11:18 PM - Software Distribution Service 3.0
RP1932: 12/9/2008 7:36:43 PM - System Checkpoint
RP1933: 12/10/2008 11:31:26 PM - System Checkpoint
RP1934: 12/11/2008 11:39:54 PM - System Checkpoint
RP1935: 12/12/2008 1:32:32 AM - Software Distribution Service 3.0
RP1936: 12/12/2008 3:00:19 AM - Software Distribution Service 3.0
RP1937: 12/13/2008 3:14:15 AM - System Checkpoint
RP1938: 12/14/2008 4:14:18 AM - System Checkpoint
RP1939: 12/15/2008 4:26:18 AM - System Checkpoint
RP1940: 12/16/2008 2:17:42 AM - Software Distribution Service 3.0
RP1941: 12/17/2008 2:38:18 AM - System Checkpoint
RP1942: 12/18/2008 5:26:17 AM - System Checkpoint
RP1943: 12/19/2008 2:17:33 AM - Software Distribution Service 3.0
RP1944: 12/19/2008 3:00:27 AM - Software Distribution Service 3.0
RP1945: 12/20/2008 3:50:18 AM - System Checkpoint
RP1946: 12/21/2008 2:29:27 PM - System Checkpoint
RP1947: 12/22/2008 3:53:30 PM - System Checkpoint
RP1948: 12/23/2008 1:33:47 AM - Software Distribution Service 3.0
RP1949: 12/24/2008 5:55:22 AM - System Checkpoint
RP1950: 12/25/2008 6:31:22 AM - System Checkpoint
RP1951: 12/25/2008 9:53:12 AM - Software Distribution Service 3.0
RP1952: 12/26/2008 1:43:13 PM - System Checkpoint
RP1953: 12/27/2008 2:34:01 PM - System Checkpoint
RP1954: 12/28/2008 3:46:47 PM - System Checkpoint
RP1955: 12/29/2008 12:52:42 PM - Software Distribution Service 3.0
RP1956: 12/30/2008 1:48:28 PM - System Checkpoint
RP1957: 12/31/2008 2:49:21 PM - System Checkpoint
RP1958: 1/1/2009 4:01:49 PM - System Checkpoint
RP1959: 1/2/2009 1:28:56 AM - Software Distribution Service 3.0
RP1960: 1/3/2009 1:30:50 AM - System Checkpoint
RP1961: 1/3/2009 8:51:18 PM - Windows Defender Checkpoint
RP1962: 1/4/2009 9:11:34 PM - System Checkpoint
RP1963: 1/5/2009 10:16:42 AM - Software Distribution Service 3.0
RP1964: 1/6/2009 10:22:29 AM - System Checkpoint
RP1965: 1/7/2009 11:16:38 AM - System Checkpoint
RP1966: 9/19/2003 2:04:35 AM - System Checkpoint
RP1967: 1/7/2009 10:31:41 PM - System Checkpoint
RP1968: 1/8/2009 7:44:52 PM - Software Distribution Service 3.0
RP1969: 1/8/2009 9:58:03 PM - Removed Java 2 Runtime Environment, SE v1.4.2
RP1970: 1/8/2009 10:09:36 PM - Installed Java(TM) 6 Update 11

==== Installed Programs ======================

25,000 Events & Celebrations Clip Art
3ds max 6
3ds max 6 Architectural Materials
3ds max 6 Reference Files
3ds max 6 Sdk
Active Disk
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2
AlgePASS Concepts and Applications
AOL Instant Messenger
Apple Software Update
Autodesk Streamline 5.0.888.25
AutoUpdate
Banctec Service Agreement
BCM V.92 56K Modem
Brother HL-2070N
Button Builder Pro v1.0.72
CA Anti-Virus
Capture NX 2
character studio 4.2
COSMOSFloWorks
COSMOSMotion 2006 SP04.1
COSMOSWorks 2006 SP04.1
DAO
Dell Media Experience
Dell Networking Guide
Dell Photo Printer 720
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center
DellSupport
DivX Player
DivX Pro Trial
Dr. DivX Trial
DrawPlus 3.0
DS21Patch
DVDSentry
DWGeditor
EarthLink Setup Files
eDrawings 2006
ESET Online Scanner
ExamView Pro
FileZilla (remove only)
FinePixViewer Ver.4.1
FUJIFILM USB Driver
Glencoe PuzzleMaker 2.0
Google Chrome
Google Toolbar for Internet Explorer
Graph paper printer
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IB Questionbank Mathematics Higher and Standard Level
ImageMixer VCD2 for FinePix
InteGrade Pro
Intel NetportExpress Software
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Interactive Chalkboard (Algebra 2)
IomegaWare 4.0.3
Java(TM) 6 Update 11
Kaspersky Online Scanner
Malwarebytes' Anti-Malware
MathType 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft Office Visio Standard 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
MicroStaff WINASPI
Modem Helper
Move Networks Media Player for Internet Explorer
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
National Instruments Software
NI-DAQmx - LabVIEW shared documentation
NI-RPC 3.3.0f0
NI-RPC 3.3.0f0 for Phar Lap ETS
NI Assistant Framework
NI Assistant Framework LabVIEW Code Generator 6.1
NI Assistant Framework LabVIEW Code Generator 7.0
NI Assistant Framework LabVIEW Code Generator 7.1
NI Assistant Framework LabVIEW Code Generator 8.0
NI Assistant Framework LabVIEW Code Generator 8.2
NI DataSocket 4.4.0
NI EULA Depot
NI Example Finder 8.2
NI Instrument IO Assistant for LabVIEW 8.2
NI LabVIEW 8.2
NI LabVIEW 8.2 Activity
NI LabVIEW 8.2 Applibs
NI LabVIEW 8.2 CINtools
NI LabVIEW 8.2 Device Detection and Deployment Support
NI LabVIEW 8.2 Examples
NI LabVIEW 8.2 gMath
NI LabVIEW 8.2 Help
NI LabVIEW 8.2 Help File
NI LabVIEW 8.2 iMath
NI LabVIEW 8.2 Instr.lib
NI LabVIEW 8.2 Manuals
NI LabVIEW 8.2 MeasAppChm File
NI LabVIEW 8.2 Menus
NI LabVIEW 8.2 Project
NI LabVIEW 8.2 Resource
NI LabVIEW 8.2 Simulation
NI LabVIEW 8.2 Templates
NI LabVIEW 8.2 User.lib
NI LabVIEW 8.2 VI.lib
NI LabVIEW 8.2 WWW
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Deployable License 8.2
NI LabVIEW MAX XML
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Run-Time Engine 8.0
NI LabVIEW Run-Time Engine 8.2
NI LabWindows/CVI 7.1.1 Run Time Engine
NI LabWindows/CVI Code Generator
NI License Manager
NI Logos 4.7
NI Logos LabVIEW 8.2 Support
NI LVBrokerAux 8.2
NI LVBrokerAux8.0
NI Math Kernel Libraries
NI MAX LabVIEW Support
NI MDF Support
NI Measurement & Automation Explorer 4.1
NI Measurement Studio Recipe Processor
NI MXS
NI OPC Support
NI Portable Configuration
NI Registration Wizard
NI Remote Provider for MAX
NI Remote PXI Provider for MAX
NI Service Locator
NI Software Provider for MAX
NI TDMS
NI Uninstaller
NI USI 1.3.0
NI Variable Engine
NI Variable Engine LabVIEW 8.2 Support
NI Variable Manager
NI Web Pipeline
Nikon Message Center
Nikon Transfer
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
Picture Control Utility
PowerDVD
PrintMaster
QuickTime
Quicktime Browser Plug-In
RAW FILE CONVERTER LE
RCA Detective 2.0.0.95
RCA Memory Manager 2.1.0.118
RCA Memory Manager™ 2.1.0.204
RealOne Player
SafeCast Shared Components
screensaver2004
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Sketchpad
SolidWorks 2006-2007 Student Edition
SolidWorks Curriculum and Courseware (2006-2007)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Star Wars®: Knights of the Old Republic (TM)
TeacherWorks
TestCheck
TI Connect 1.6
TournaMaster
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebEx
WebFldrs XP
West Point Bridge Designer 2006
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid Codec 1.1.3

==== Event Viewer Messages From Past Week ========

1/3/2009 9:36:32 PM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... tid=132866 Scan ID: {206BCADB-F6BB-464A-AC3D-840CC96877FA} User: LIEBNITZ\susan Name: TrojanDownloader:Win32/Renos.gen!BB ID: 132866 Severity: High Category: Trojan Downloader Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
1/3/2009 9:40:02 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
1/6/2009 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
1/6/2009 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
1/6/2009 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
1/6/2009 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
1/6/2009 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
1/6/2009 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
1/6/2009 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
1/6/2009 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
1/6/2009 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
1/6/2009 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
1/6/2009 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
1/6/2009 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
1/6/2009 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
1/6/2009 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
1/6/2009 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
1/6/2009 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
1/6/2009 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
1/6/2009 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
1/6/2009 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
1/6/2009 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
1/6/2009 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
1/6/2009 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
1/6/2009 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
1/6/2009 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
1/6/2009 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
1/6/2009 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
1/6/2009 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
1/6/2009 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
1/6/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
1/6/2009 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
1/6/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
1/6/2009 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
1/6/2009 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
1/6/2009 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
1/6/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
1/6/2009 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
1/6/2009 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
1/6/2009 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
1/6/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
1/6/2009 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
1/6/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
1/6/2009 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
1/6/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
1/6/2009 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
1/7/2009 12:37:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
1/7/2009 12:55:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
1/7/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
1/7/2009 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================
nodzoff
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 9:57 pm
Location: Alabama Rocket City

Re: Annoying popups and audio

Unread postby Rodav » January 10th, 2009, 5:02 pm

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

Please download OTMoveIt3 and save it to desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

You can also delete any of the tools and logs created during the cleanup process.


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm


Your logs are now clean. :D :D
If you still feel you are having any issues please let me know now, otherwise read through the following:


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you can follow any steps that you have not already implemented
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install a Hosts File
    I recommend MVPS Hosts File
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • The last and most important thing I can tell you is UPDATE, UPDATE, UPDATE.
    If you don't update your security programs (Antivirus, Antispyware, even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

Miekiemoes an expert in malware removal has a fantastic article on how to prevent Malware for further tips, it's well worth a read. http://users.telenet.be/bluepatchy/miek ... ntion.html

Please reply to this topic one more time so I know you have read through it or with any questions you may have.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Annoying popups and audio

Unread postby nodzoff » January 12th, 2009, 1:12 pm

Dear Rodav,

I have completed most of the steps you listed in your last posting. I will take this moment to pause and acknowledge that your instructions have cleaned up the symptoms we experienced and our system is working fine.

Thank you for your time and attention. We sincerely appreciate your help and appreciate the Malware Removal forum for providing this service.

Best wishes for health and prosperity in this new year.

Warmest regards,

nodzoff
nodzoff
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 9:57 pm
Location: Alabama Rocket City

Re: Annoying popups and audio

Unread postby Rodav » January 12th, 2009, 2:04 pm

You're very welcome, happy new year to you too. :)
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Annoying popups and audio

Unread postby NonSuch » January 13th, 2009, 6:50 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware