Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please Help Me!


  • This topic is locked This topic is locked
14 replies to this topic

#1 rlawrence

rlawrence

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 06 February 2009 - 09:57 PM

Another victim here, to the browser hijacking. Like many others, the name and description of search results are correct, but the links point to other ad sites. I've tried running just about every program I can think of, with no luck: AVG, Spybot, SuperAntispyware, CleanIt.

Here's the log. A free drink to someone that can help me. Please! :-)

Bob




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:03 PM, on 2/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/listenonline
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL bgitvs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: tuvurrp - tuvurrp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O24 - Desktop Component 1: Desktop Uninstall - C:\WINDOWS\warnhp.html

--
End of file - 15085 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:43 PM

Posted 14 February 2009 - 07:24 PM

Hello, rlawrence
:thumbup2: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 rlawrence

rlawrence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 February 2009 - 11:28 PM

Thanks, Billy! I REALLY appreciate your help here!!!!

(I tried to include the contents of all 3 files, but they were too long to post together. So, I'll post each one separately)



Here's the OTListIt file:

OTListIt logfile created on: 2/14/2009 10:51:51 PM - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 81.06 Gb Free Space | 56.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.75 Gb Total Space | 162.74 Gb Free Space | 34.94% Space Free | Partition Type: NTFS

Computer Name: DELL
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2007/07/12 03:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[2005/03/23 00:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2005/10/05 04:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2005/09/24 00:30:38 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2007/09/07 19:22:33 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
[2007/06/29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2007/04/19 20:24:50 | 01,169,744 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
[2007/04/19 20:38:22 | 01,945,688 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
[2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2005/05/11 22:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/06/21 19:40:08 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2007/04/19 20:29:44 | 00,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/02/05 20:58:38 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2009/02/05 20:58:40 | 00,832,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
[2009/02/05 20:58:45 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/02/05 20:58:45 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/12/11 15:14:26 | 04,318,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/05/07 21:37:56 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2004/08/10 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/08/07 17:31:32 | 01,558,000 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2005/05/11 22:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
[2009/02/07 20:33:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/02/14 22:51:01 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/04/19 20:29:44 | 00,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
[2006/07/07 21:40:53 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2009/02/05 20:58:38 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/09/16 20:47:14 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/01/08 01:25:00 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
[2008/05/10 15:39:56 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2008/10/17 19:44:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2004/08/10 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (iPod Service [On_Demand | Stopped])
[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mhn.dll -- (MHN [On_Demand | Stopped])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/12/11 15:14:26 | 04,318,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2008/06/08 12:24:48 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2008/06/08 12:24:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2008/06/08 12:24:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2008/05/07 21:37:56 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess [Auto | Running])
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2008/08/07 17:31:32 | 01,558,000 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService [On_Demand | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2004/08/03 22:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/02/22 22:26:27 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2005/08/04 05:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/03/05 01:06:50 | 00,135,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavxx.sys -- (ATIAVPCI [On_Demand | Running])
[2004/08/03 22:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2009/02/05 20:58:58 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/05 20:58:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/02/05 20:59:00 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
[2009/02/05 20:58:59 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/10/14 22:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/12/11 14:40:18 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/06/28 12:43:36 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys -- (HidIr [On_Demand | Running])
[2005/12/17 00:56:00 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2005/12/17 00:56:00 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2005/12/17 00:56:00 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2005/06/28 12:43:40 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus [On_Demand | Running])
[2004/08/03 23:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 22:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2007/03/10 15:22:01 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/09 04:05:48 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2004/08/10 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2009/01/15 16:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/01/15 16:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2005/05/31 12:46:30 | 00,043,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2008/05/10 11:16:54 | 00,120,992 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/11/16 22:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2008/08/07 17:31:38 | 00,138,080 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2008/05/10 11:16:57 | 00,032,768 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Running])
[2008/05/10 11:16:57 | 00,392,320 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [Boot | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2008/08/13 17:07:20 | 00,038,112 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount [Auto | Running])
[2008/01/19 19:40:16 | 00,015,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
[2008/01/19 20:12:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2004/08/10 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/listenonline
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/listenonline
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: online.musicmatch.com (https in Trusted sites)
O15 - HKLM\..Trusted Sites: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} http://www.imagestation.com/common/classes....cab?v=1,0,0,37 (AxRUploadControl Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL bgitvs.dll
>[2008/05/10 15:39:59 | 00,143,360 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>File not found --

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
tuvurrp: "DllName" = tuvurrp.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,relog_ap,
>[2007/04/19 20:30:10 | 00,014,368 | ---- | M] (Acronis) -- C:\WINDOWS\system32\relog_ap.dll

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
"" = Auto&Play



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\Shell\AutoRun\command]
"" = J:\wd_windows_tools\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/02/14 22:51:00 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe
[2009/02/10 18:54:58 | 00,121,522 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock2.jpg
[2009/02/10 18:48:58 | 02,745,364 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock.psd
[2009/02/09 23:04:44 | 00,057,222 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock.jpg
[2009/02/09 22:46:07 | 00,507,926 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\clover.psd
[2009/02/09 22:26:09 | 00,077,344 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\clover.jpg
[2009/02/09 22:15:51 | 00,000,894 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.ico
[2009/02/09 22:14:39 | 00,000,459 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.png
[2009/02/09 22:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\aicon
[2009/02/09 22:12:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\@icon sushi.lnk
[2009/02/09 22:12:43 | 00,000,000 | ---D | C] -- C:\Program Files\aicon
[2009/02/09 22:12:13 | 00,676,818 | ---- | C] (towofu's SOFT ) -- C:\Documents and Settings\Bob\Desktop\aicon121setup_e.exe
[2009/02/09 22:11:36 | 00,040,544 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.jpg
[2009/02/09 17:45:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\wordpress
[2009/02/08 13:29:22 | 00,110,404 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\pose2.jpg
[2009/02/08 13:28:51 | 00,092,377 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\pose1.jpg
[2009/02/08 13:27:30 | 00,103,504 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion4.jpg
[2009/02/08 13:27:00 | 00,090,186 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion3.jpg
[2009/02/08 13:26:25 | 00,097,821 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion2.jpg
[2009/02/08 13:25:57 | 00,099,354 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion1.jpg
[2009/02/07 21:38:52 | 01,251,429 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0004.jpg
[2009/02/07 21:36:44 | 01,247,931 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0003.jpg
[2009/02/07 21:33:34 | 00,368,922 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dds.com
[2009/02/07 21:27:39 | 01,285,168 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0002.jpg
[2009/02/07 21:24:29 | 04,277,102 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0001.jpg
[2009/02/07 21:24:16 | 00,027,648 | -HS- | C] () -- C:\Documents and Settings\Bob\Desktop\Thumbs.db
[2009/02/07 20:28:30 | 37,561,50784 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/06 23:07:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\wsInspector
[2009/02/06 23:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\wsInspector
[2009/02/06 23:05:30 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Startup Inspector for Windows.lnk
[2009/02/06 23:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2009/02/06 23:05:00 | 00,685,988 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Bob\Desktop\isw2.exe
[2009/02/06 20:42:12 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Spybot - Search & Destroy.lnk
[2009/02/06 20:41:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/06 20:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/06 20:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/06 20:13:23 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/06 20:13:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/06 20:13:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\SUPERAntiSpyware.com
[2009/02/06 19:36:12 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/02/06 19:33:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\HijackThis.lnk
[2009/02/06 19:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/06 19:19:53 | 00,000,000 | ---D | C] -- C:\fixfiles
[2009/02/06 07:13:42 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/05 21:05:46 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/05 20:59:01 | 33,147,622 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/05 20:59:01 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/05 20:59:01 | 00,102,133 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/05 20:59:01 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2009/02/05 20:59:00 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/02/05 20:59:00 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/05 20:58:59 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/05 20:58:58 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/05 20:58:58 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/05 20:58:58 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/05 20:58:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/05 20:58:37 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/02/05 20:58:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/05 20:51:36 | 61,249,936 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Bob\Desktop\avg_avwt_stf_en_8_233a1425.exe
[2009/02/05 20:34:03 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup(2).exe
[2009/01/31 22:46:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\links2009
[2009/01/31 22:22:07 | 28,482,696 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.806.3gp
[2009/01/31 22:16:29 | 28,259,878 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.805.3gp
[2009/01/31 22:13:59 | 29,241,880 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.804.3gp
[2009/01/31 22:10:04 | 26,795,884 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.803.3gp
[2009/01/31 21:40:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/01/29 20:57:14 | 00,287,675 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\2.jpg
[2009/01/29 20:56:52 | 00,334,564 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\1.jpg
[2009/01/29 20:56:45 | 00,413,356 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\3.jpg
[2009/01/29 20:55:31 | 00,413,025 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00308-20090129-0740.jpg
[2009/01/29 20:54:32 | 00,285,624 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00306-20090128-2028.jpg
[2009/01/29 20:51:24 | 00,334,206 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00305-20090128-1815.jpg
[2009/01/21 20:39:10 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\WHCC PF ROES.lnk
[2009/01/16 22:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Move Networks

========== Files - Modified Within 30 Days ==========

[23 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/14 22:51:01 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe
[2009/02/14 22:00:01 | 00,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\AFE88988946F08B8.job
[2009/02/14 17:00:29 | 33,147,622 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/14 16:43:34 | 00,019,065 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/02/14 16:40:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/14 16:39:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/14 16:39:32 | 37,561,50784 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/13 11:16:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/11 17:18:16 | 00,102,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/10 19:05:25 | 00,121,522 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock2.jpg
[2009/02/10 19:05:09 | 02,745,364 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock.psd
[2009/02/09 23:04:45 | 00,057,222 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock.jpg
[2009/02/09 22:55:33 | 00,077,344 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\clover.jpg
[2009/02/09 22:55:21 | 00,507,926 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\clover.psd
[2009/02/09 22:15:51 | 00,000,894 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.ico
[2009/02/09 22:15:26 | 00,000,459 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.png
[2009/02/09 22:12:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\@icon sushi.lnk
[2009/02/09 22:12:20 | 00,676,818 | ---- | M] (towofu's SOFT ) -- C:\Documents and Settings\Bob\Desktop\aicon121setup_e.exe
[2009/02/09 22:11:36 | 00,040,544 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.jpg
[2009/02/09 17:30:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/08 13:29:23 | 00,110,404 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\pose2.jpg
[2009/02/08 13:28:52 | 00,092,377 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\pose1.jpg
[2009/02/08 13:27:31 | 00,103,504 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion4.jpg
[2009/02/08 13:27:02 | 00,090,186 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion3.jpg
[2009/02/08 13:26:27 | 00,097,821 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion2.jpg
[2009/02/08 13:26:00 | 00,099,354 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion1.jpg
[2009/02/07 21:40:46 | 01,251,429 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0004.jpg
[2009/02/07 21:37:36 | 01,247,931 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0003.jpg
[2009/02/07 21:33:39 | 00,368,922 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dds.com
[2009/02/07 21:29:10 | 01,285,168 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0002.jpg
[2009/02/07 21:27:42 | 00,027,648 | -HS- | M] () -- C:\Documents and Settings\Bob\Desktop\Thumbs.db
[2009/02/07 21:26:08 | 04,277,102 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0001.jpg
[2009/02/07 20:30:06 | 00,000,710 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/07 20:30:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/07 20:30:06 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/02/07 11:39:12 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/02/06 23:05:30 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Startup Inspector for Windows.lnk
[2009/02/06 23:05:07 | 00,685,988 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Bob\Desktop\isw2.exe
[2009/02/06 21:13:11 | 00,004,163 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/02/06 20:42:12 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Spybot - Search & Destroy.lnk
[2009/02/06 20:13:23 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/06 19:44:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\HijackThis.lnk
[2009/02/06 07:20:18 | 01,568,656 | -H-- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2009/02/06 07:13:42 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/05 20:59:01 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/05 20:59:01 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2009/02/05 20:59:00 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/02/05 20:59:00 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/05 20:58:59 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/05 20:58:58 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/05 20:58:58 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/05 20:58:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/05 20:55:11 | 61,249,936 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Bob\Desktop\avg_avwt_stf_en_8_233a1425.exe
[2009/02/05 20:34:48 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/05 20:34:07 | 02,737,808 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup(2).exe
[2009/02/05 18:21:56 | 02,338,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/04 19:49:01 | 00,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/02/04 19:47:20 | 00,261,800 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/31 22:27:27 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/31 22:25:04 | 28,482,696 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.806.3gp
[2009/01/31 22:21:31 | 28,259,878 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.805.3gp
[2009/01/31 22:16:13 | 29,241,880 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.804.3gp
[2009/01/31 22:11:52 | 26,795,884 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.803.3gp
[2009/01/29 20:57:16 | 00,287,675 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\2.jpg
[2009/01/29 20:56:54 | 00,334,564 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\1.jpg
[2009/01/29 20:56:47 | 00,413,356 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\3.jpg
[2009/01/29 20:56:36 | 00,413,025 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00308-20090129-0740.jpg
[2009/01/29 20:55:22 | 00,334,206 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00305-20090128-1815.jpg
[2009/01/29 20:55:18 | 00,285,624 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00306-20090128-2028.jpg
[2009/01/27 17:33:33 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\dvd.bmk
[2009/01/21 20:39:10 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\WHCC PF ROES.lnk
[2009/01/20 20:39:54 | 00,000,083 | ---- | M] () -- C:\WINDOWS\webica.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
< End of report >

#4 rlawrence

rlawrence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 February 2009 - 11:29 PM

Here's the Extras.txt file:

OTListIt logfile created on: 2/14/2009 10:51:51 PM - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 81.06 Gb Free Space | 56.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.75 Gb Total Space | 162.74 Gb Free Space | 34.94% Space Free | Partition Type: NTFS

Computer Name: DELL
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2007/07/12 03:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[2005/03/23 00:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2005/10/05 04:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2005/09/24 00:30:38 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2007/09/07 19:22:33 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
[2007/06/29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2007/04/19 20:24:50 | 01,169,744 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
[2007/04/19 20:38:22 | 01,945,688 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
[2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2005/05/11 22:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/06/21 19:40:08 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2007/04/19 20:29:44 | 00,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/02/05 20:58:38 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2009/02/05 20:58:40 | 00,832,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
[2009/02/05 20:58:45 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/02/05 20:58:45 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/12/11 15:14:26 | 04,318,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/05/07 21:37:56 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2004/08/10 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/08/07 17:31:32 | 01,558,000 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2005/05/11 22:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
[2009/02/07 20:33:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/02/14 22:51:01 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/04/19 20:29:44 | 00,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
[2006/07/07 21:40:53 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2009/02/05 20:58:38 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/09/16 20:47:14 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/01/08 01:25:00 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
[2008/05/10 15:39:56 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2008/10/17 19:44:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2004/08/10 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (iPod Service [On_Demand | Stopped])
[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mhn.dll -- (MHN [On_Demand | Stopped])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/12/11 15:14:26 | 04,318,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2008/06/08 12:24:48 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2008/06/08 12:24:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2008/06/08 12:24:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2008/05/07 21:37:56 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess [Auto | Running])
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2008/08/07 17:31:32 | 01,558,000 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService [On_Demand | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2004/08/03 22:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/02/22 22:26:27 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2005/08/04 05:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/03/05 01:06:50 | 00,135,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavxx.sys -- (ATIAVPCI [On_Demand | Running])
[2004/08/03 22:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2009/02/05 20:58:58 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/05 20:58:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/02/05 20:59:00 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
[2009/02/05 20:58:59 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/10/14 22:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/12/11 14:40:18 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/06/28 12:43:36 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys -- (HidIr [On_Demand | Running])
[2005/12/17 00:56:00 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2005/12/17 00:56:00 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2005/12/17 00:56:00 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2005/06/28 12:43:40 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus [On_Demand | Running])
[2004/08/03 23:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 22:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2007/03/10 15:22:01 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/09 04:05:48 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2004/08/10 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2009/01/15 16:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/01/15 16:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2005/05/31 12:46:30 | 00,043,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2008/05/10 11:16:54 | 00,120,992 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/11/16 22:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2008/08/07 17:31:38 | 00,138,080 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2008/05/10 11:16:57 | 00,032,768 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Running])
[2008/05/10 11:16:57 | 00,392,320 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [Boot | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2008/08/13 17:07:20 | 00,038,112 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount [Auto | Running])
[2008/01/19 19:40:16 | 00,015,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
[2008/01/19 20:12:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2004/08/10 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/listenonline
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/listenonline
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: online.musicmatch.com (https in Trusted sites)
O15 - HKLM\..Trusted Sites: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} http://www.imagestation.com/common/classes....cab?v=1,0,0,37 (AxRUploadControl Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL bgitvs.dll
>[2008/05/10 15:39:59 | 00,143,360 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>File not found --

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
tuvurrp: "DllName" = tuvurrp.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,relog_ap,
>[2007/04/19 20:30:10 | 00,014,368 | ---- | M] (Acronis) -- C:\WINDOWS\system32\relog_ap.dll

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
"" = Auto&Play



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\Shell\AutoRun\command]
"" = J:\wd_windows_tools\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/02/14 22:51:00 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe
[2009/02/10 18:54:58 | 00,121,522 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock2.jpg
[2009/02/10 18:48:58 | 02,745,364 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock.psd
[2009/02/09 23:04:44 | 00,057,222 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock.jpg
[2009/02/09 22:46:07 | 00,507,926 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\clover.psd
[2009/02/09 22:26:09 | 00,077,344 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\clover.jpg
[2009/02/09 22:15:51 | 00,000,894 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.ico
[2009/02/09 22:14:39 | 00,000,459 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.png
[2009/02/09 22:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\aicon
[2009/02/09 22:12:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\@icon sushi.lnk
[2009/02/09 22:12:43 | 00,000,000 | ---D | C] -- C:\Program Files\aicon
[2009/02/09 22:12:13 | 00,676,818 | ---- | C] (towofu's SOFT ) -- C:\Documents and Settings\Bob\Desktop\aicon121setup_e.exe
[2009/02/09 22:11:36 | 00,040,544 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.jpg
[2009/02/09 17:45:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\wordpress
[2009/02/08 13:29:22 | 00,110,404 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\pose2.jpg
[2009/02/08 13:28:51 | 00,092,377 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\pose1.jpg
[2009/02/08 13:27:30 | 00,103,504 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion4.jpg
[2009/02/08 13:27:00 | 00,090,186 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion3.jpg
[2009/02/08 13:26:25 | 00,097,821 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion2.jpg
[2009/02/08 13:25:57 | 00,099,354 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion1.jpg
[2009/02/07 21:38:52 | 01,251,429 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0004.jpg
[2009/02/07 21:36:44 | 01,247,931 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0003.jpg
[2009/02/07 21:33:34 | 00,368,922 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dds.com
[2009/02/07 21:27:39 | 01,285,168 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0002.jpg
[2009/02/07 21:24:29 | 04,277,102 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0001.jpg
[2009/02/07 21:24:16 | 00,027,648 | -HS- | C] () -- C:\Documents and Settings\Bob\Desktop\Thumbs.db
[2009/02/07 20:28:30 | 37,561,50784 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/06 23:07:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\wsInspector
[2009/02/06 23:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\wsInspector
[2009/02/06 23:05:30 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Startup Inspector for Windows.lnk
[2009/02/06 23:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2009/02/06 23:05:00 | 00,685,988 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Bob\Desktop\isw2.exe
[2009/02/06 20:42:12 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Spybot - Search & Destroy.lnk
[2009/02/06 20:41:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/06 20:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/06 20:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/06 20:13:23 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/06 20:13:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/06 20:13:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\SUPERAntiSpyware.com
[2009/02/06 19:36:12 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/02/06 19:33:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\HijackThis.lnk
[2009/02/06 19:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/06 19:19:53 | 00,000,000 | ---D | C] -- C:\fixfiles
[2009/02/06 07:13:42 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/05 21:05:46 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/05 20:59:01 | 33,147,622 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/05 20:59:01 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/05 20:59:01 | 00,102,133 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/05 20:59:01 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2009/02/05 20:59:00 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/02/05 20:59:00 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/05 20:58:59 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/05 20:58:58 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/05 20:58:58 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/05 20:58:58 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/05 20:58:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/05 20:58:37 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/02/05 20:58:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/05 20:51:36 | 61,249,936 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Bob\Desktop\avg_avwt_stf_en_8_233a1425.exe
[2009/02/05 20:34:03 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup(2).exe
[2009/01/31 22:46:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\links2009
[2009/01/31 22:22:07 | 28,482,696 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.806.3gp
[2009/01/31 22:16:29 | 28,259,878 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.805.3gp
[2009/01/31 22:13:59 | 29,241,880 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.804.3gp
[2009/01/31 22:10:04 | 26,795,884 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.803.3gp
[2009/01/31 21:40:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/01/29 20:57:14 | 00,287,675 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\2.jpg
[2009/01/29 20:56:52 | 00,334,564 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\1.jpg
[2009/01/29 20:56:45 | 00,413,356 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\3.jpg
[2009/01/29 20:55:31 | 00,413,025 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00308-20090129-0740.jpg
[2009/01/29 20:54:32 | 00,285,624 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00306-20090128-2028.jpg
[2009/01/29 20:51:24 | 00,334,206 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00305-20090128-1815.jpg
[2009/01/21 20:39:10 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\WHCC PF ROES.lnk
[2009/01/16 22:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Move Networks

========== Files - Modified Within 30 Days ==========

[23 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/14 22:51:01 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe
[2009/02/14 22:00:01 | 00,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\AFE88988946F08B8.job
[2009/02/14 17:00:29 | 33,147,622 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/14 16:43:34 | 00,019,065 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/02/14 16:40:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/14 16:39:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/14 16:39:32 | 37,561,50784 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/13 11:16:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/11 17:18:16 | 00,102,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/10 19:05:25 | 00,121,522 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock2.jpg
[2009/02/10 19:05:09 | 02,745,364 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock.psd
[2009/02/09 23:04:45 | 00,057,222 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock.jpg
[2009/02/09 22:55:33 | 00,077,344 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\clover.jpg
[2009/02/09 22:55:21 | 00,507,926 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\clover.psd
[2009/02/09 22:15:51 | 00,000,894 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.ico
[2009/02/09 22:15:26 | 00,000,459 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.png
[2009/02/09 22:12:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\@icon sushi.lnk
[2009/02/09 22:12:20 | 00,676,818 | ---- | M] (towofu's SOFT ) -- C:\Documents and Settings\Bob\Desktop\aicon121setup_e.exe
[2009/02/09 22:11:36 | 00,040,544 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.jpg
[2009/02/09 17:30:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/08 13:29:23 | 00,110,404 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\pose2.jpg
[2009/02/08 13:28:52 | 00,092,377 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\pose1.jpg
[2009/02/08 13:27:31 | 00,103,504 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion4.jpg
[2009/02/08 13:27:02 | 00,090,186 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion3.jpg
[2009/02/08 13:26:27 | 00,097,821 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion2.jpg
[2009/02/08 13:26:00 | 00,099,354 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion1.jpg
[2009/02/07 21:40:46 | 01,251,429 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0004.jpg
[2009/02/07 21:37:36 | 01,247,931 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0003.jpg
[2009/02/07 21:33:39 | 00,368,922 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dds.com
[2009/02/07 21:29:10 | 01,285,168 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0002.jpg
[2009/02/07 21:27:42 | 00,027,648 | -HS- | M] () -- C:\Documents and Settings\Bob\Desktop\Thumbs.db
[2009/02/07 21:26:08 | 04,277,102 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0001.jpg
[2009/02/07 20:30:06 | 00,000,710 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/07 20:30:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/07 20:30:06 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/02/07 11:39:12 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/02/06 23:05:30 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Startup Inspector for Windows.lnk
[2009/02/06 23:05:07 | 00,685,988 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Bob\Desktop\isw2.exe
[2009/02/06 21:13:11 | 00,004,163 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/02/06 20:42:12 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Spybot - Search & Destroy.lnk
[2009/02/06 20:13:23 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/06 19:44:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\HijackThis.lnk
[2009/02/06 07:20:18 | 01,568,656 | -H-- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2009/02/06 07:13:42 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/05 20:59:01 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/05 20:59:01 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2009/02/05 20:59:00 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/02/05 20:59:00 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/05 20:58:59 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/05 20:58:58 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/05 20:58:58 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/05 20:58:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/05 20:55:11 | 61,249,936 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Bob\Desktop\avg_avwt_stf_en_8_233a1425.exe
[2009/02/05 20:34:48 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/05 20:34:07 | 02,737,808 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup(2).exe
[2009/02/05 18:21:56 | 02,338,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/04 19:49:01 | 00,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/02/04 19:47:20 | 00,261,800 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/31 22:27:27 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/31 22:25:04 | 28,482,696 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.806.3gp
[2009/01/31 22:21:31 | 28,259,878 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.805.3gp
[2009/01/31 22:16:13 | 29,241,880 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.804.3gp
[2009/01/31 22:11:52 | 26,795,884 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.803.3gp
[2009/01/29 20:57:16 | 00,287,675 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\2.jpg
[2009/01/29 20:56:54 | 00,334,564 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\1.jpg
[2009/01/29 20:56:47 | 00,413,356 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\3.jpg
[2009/01/29 20:56:36 | 00,413,025 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00308-20090129-0740.jpg
[2009/01/29 20:55:22 | 00,334,206 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00305-20090128-1815.jpg
[2009/01/29 20:55:18 | 00,285,624 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00306-20090128-2028.jpg
[2009/01/27 17:33:33 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\dvd.bmk
[2009/01/21 20:39:10 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\WHCC PF ROES.lnk
[2009/01/20 20:39:54 | 00,000,083 | ---- | M] () -- C:\WINDOWS\webica.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
< End of report >
OTListIt logfile created on: 2/14/2009 10:51:51 PM - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 81.06 Gb Free Space | 56.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.75 Gb Total Space | 162.74 Gb Free Space | 34.94% Space Free | Partition Type: NTFS

Computer Name: DELL
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2007/07/12 03:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[2005/03/23 00:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2005/10/05 04:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2005/09/24 00:30:38 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2007/09/07 19:22:33 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
[2007/06/29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2007/04/19 20:24:50 | 01,169,744 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
[2007/04/19 20:38:22 | 01,945,688 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
[2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2005/05/11 22:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/06/21 19:40:08 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2007/04/19 20:29:44 | 00,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/02/05 20:58:38 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2009/02/05 20:58:40 | 00,832,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
[2009/02/05 20:58:45 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/02/05 20:58:45 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/12/11 15:14:26 | 04,318,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/05/07 21:37:56 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2004/08/10 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/08/07 17:31:32 | 01,558,000 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2005/05/11 22:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
[2009/02/07 20:33:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/02/14 22:51:01 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/04/19 20:29:44 | 00,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
[2006/07/07 21:40:53 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2009/02/05 20:58:38 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/09/16 20:47:14 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/01/08 01:25:00 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
[2008/05/10 15:39:56 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2008/10/17 19:44:28 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2004/08/10 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (iPod Service [On_Demand | Stopped])
[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mhn.dll -- (MHN [On_Demand | Stopped])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/12/11 15:14:26 | 04,318,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2008/06/08 12:24:48 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2008/06/08 12:24:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2008/06/08 12:24:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2008/05/07 21:37:56 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess [Auto | Running])
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2008/08/07 17:31:32 | 01,558,000 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService [On_Demand | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2004/08/03 22:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/02/22 22:26:27 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2005/08/04 05:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/03/05 01:06:50 | 00,135,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavxx.sys -- (ATIAVPCI [On_Demand | Running])
[2004/08/03 22:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2009/02/05 20:58:58 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/05 20:58:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/02/05 20:59:00 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
[2009/02/05 20:58:59 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/10/14 22:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/12/11 14:40:18 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/06/28 12:43:36 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys -- (HidIr [On_Demand | Running])
[2005/12/17 00:56:00 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2005/12/17 00:56:00 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2005/12/17 00:56:00 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2005/06/28 12:43:40 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus [On_Demand | Running])
[2004/08/03 23:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 22:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2007/03/10 15:22:01 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/09 04:05:48 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2004/08/10 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2009/01/15 16:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/01/15 16:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2005/05/31 12:46:30 | 00,043,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2008/05/10 11:16:54 | 00,120,992 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/11/16 22:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2008/08/07 17:31:38 | 00,138,080 | ---- | M] (StorageCraft) -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2008/05/10 11:16:57 | 00,032,768 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Running])
[2008/05/10 11:16:57 | 00,392,320 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [Boot | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2008/08/13 17:07:20 | 00,038,112 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount [Auto | Running])
[2008/01/19 19:40:16 | 00,015,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
[2008/01/19 20:12:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2004/08/10 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/listenonline
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/listenonline
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-2143063865-554821073-1765250577-1005\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\..\Toolbar: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2143063865-554821073-1765250577-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: online.musicmatch.com (https in Trusted sites)
O15 - HKLM\..Trusted Sites: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} http://www.imagestation.com/common/classes....cab?v=1,0,0,37 (AxRUploadControl Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL bgitvs.dll
>[2008/05/10 15:39:59 | 00,143,360 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>File not found --

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
tuvurrp: "DllName" = tuvurrp.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,relog_ap,
>[2007/04/19 20:30:10 | 00,014,368 | ---- | M] (Acronis) -- C:\WINDOWS\system32\relog_ap.dll

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
"" = Auto&Play



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\Shell\AutoRun\command]
"" = J:\wd_windows_tools\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/02/14 22:51:00 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe
[2009/02/10 18:54:58 | 00,121,522 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock2.jpg
[2009/02/10 18:48:58 | 02,745,364 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock.psd
[2009/02/09 23:04:44 | 00,057,222 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\shamrock.jpg
[2009/02/09 22:46:07 | 00,507,926 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\clover.psd
[2009/02/09 22:26:09 | 00,077,344 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\clover.jpg
[2009/02/09 22:15:51 | 00,000,894 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.ico
[2009/02/09 22:14:39 | 00,000,459 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.png
[2009/02/09 22:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\aicon
[2009/02/09 22:12:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\@icon sushi.lnk
[2009/02/09 22:12:43 | 00,000,000 | ---D | C] -- C:\Program Files\aicon
[2009/02/09 22:12:13 | 00,676,818 | ---- | C] (towofu's SOFT ) -- C:\Documents and Settings\Bob\Desktop\aicon121setup_e.exe
[2009/02/09 22:11:36 | 00,040,544 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cross.jpg
[2009/02/09 17:45:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\wordpress
[2009/02/08 13:29:22 | 00,110,404 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\pose2.jpg
[2009/02/08 13:28:51 | 00,092,377 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\pose1.jpg
[2009/02/08 13:27:30 | 00,103,504 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion4.jpg
[2009/02/08 13:27:00 | 00,090,186 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion3.jpg
[2009/02/08 13:26:25 | 00,097,821 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion2.jpg
[2009/02/08 13:25:57 | 00,099,354 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\valleymansion1.jpg
[2009/02/07 21:38:52 | 01,251,429 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0004.jpg
[2009/02/07 21:36:44 | 01,247,931 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0003.jpg
[2009/02/07 21:33:34 | 00,368,922 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dds.com
[2009/02/07 21:27:39 | 01,285,168 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0002.jpg
[2009/02/07 21:24:29 | 04,277,102 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scan0001.jpg
[2009/02/07 21:24:16 | 00,027,648 | -HS- | C] () -- C:\Documents and Settings\Bob\Desktop\Thumbs.db
[2009/02/07 20:28:30 | 37,561,50784 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/06 23:07:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\wsInspector
[2009/02/06 23:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\wsInspector
[2009/02/06 23:05:30 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Startup Inspector for Windows.lnk
[2009/02/06 23:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2009/02/06 23:05:00 | 00,685,988 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Bob\Desktop\isw2.exe
[2009/02/06 20:42:12 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Spybot - Search & Destroy.lnk
[2009/02/06 20:41:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/06 20:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/06 20:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/06 20:13:23 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/06 20:13:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/06 20:13:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\SUPERAntiSpyware.com
[2009/02/06 19:36:12 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/02/06 19:33:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\HijackThis.lnk
[2009/02/06 19:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/06 19:19:53 | 00,000,000 | ---D | C] -- C:\fixfiles
[2009/02/06 07:13:42 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/05 21:05:46 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/05 20:59:01 | 33,147,622 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/05 20:59:01 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/05 20:59:01 | 00,102,133 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/05 20:59:01 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2009/02/05 20:59:00 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/02/05 20:59:00 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/05 20:58:59 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/05 20:58:58 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/05 20:58:58 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/05 20:58:58 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/05 20:58:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/05 20:58:37 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/02/05 20:58:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/05 20:51:36 | 61,249,936 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Bob\Desktop\avg_avwt_stf_en_8_233a1425.exe
[2009/02/05 20:34:03 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup(2).exe
[2009/01/31 22:46:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\links2009
[2009/01/31 22:22:07 | 28,482,696 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.806.3gp
[2009/01/31 22:16:29 | 28,259,878 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.805.3gp
[2009/01/31 22:13:59 | 29,241,880 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.804.3gp
[2009/01/31 22:10:04 | 26,795,884 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\scrubs.803.3gp
[2009/01/31 21:40:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/01/29 20:57:14 | 00,287,675 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\2.jpg
[2009/01/29 20:56:52 | 00,334,564 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\1.jpg
[2009/01/29 20:56:45 | 00,413,356 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\3.jpg
[2009/01/29 20:55:31 | 00,413,025 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00308-20090129-0740.jpg
[2009/01/29 20:54:32 | 00,285,624 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00306-20090128-2028.jpg
[2009/01/29 20:51:24 | 00,334,206 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\IMG00305-20090128-1815.jpg
[2009/01/21 20:39:10 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\WHCC PF ROES.lnk
[2009/01/16 22:04:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Move Networks

========== Files - Modified Within 30 Days ==========

[23 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/14 22:51:01 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTListIt2.exe
[2009/02/14 22:00:01 | 00,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\AFE88988946F08B8.job
[2009/02/14 17:00:29 | 33,147,622 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/14 16:43:34 | 00,019,065 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/02/14 16:40:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/14 16:39:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/14 16:39:32 | 37,561,50784 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/13 11:16:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/11 17:18:16 | 00,102,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/10 19:05:25 | 00,121,522 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock2.jpg
[2009/02/10 19:05:09 | 02,745,364 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock.psd
[2009/02/09 23:04:45 | 00,057,222 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\shamrock.jpg
[2009/02/09 22:55:33 | 00,077,344 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\clover.jpg
[2009/02/09 22:55:21 | 00,507,926 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\clover.psd
[2009/02/09 22:15:51 | 00,000,894 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.ico
[2009/02/09 22:15:26 | 00,000,459 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.png
[2009/02/09 22:12:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\@icon sushi.lnk
[2009/02/09 22:12:20 | 00,676,818 | ---- | M] (towofu's SOFT ) -- C:\Documents and Settings\Bob\Desktop\aicon121setup_e.exe
[2009/02/09 22:11:36 | 00,040,544 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cross.jpg
[2009/02/09 17:30:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/08 13:29:23 | 00,110,404 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\pose2.jpg
[2009/02/08 13:28:52 | 00,092,377 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\pose1.jpg
[2009/02/08 13:27:31 | 00,103,504 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion4.jpg
[2009/02/08 13:27:02 | 00,090,186 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion3.jpg
[2009/02/08 13:26:27 | 00,097,821 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion2.jpg
[2009/02/08 13:26:00 | 00,099,354 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\valleymansion1.jpg
[2009/02/07 21:40:46 | 01,251,429 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0004.jpg
[2009/02/07 21:37:36 | 01,247,931 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0003.jpg
[2009/02/07 21:33:39 | 00,368,922 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dds.com
[2009/02/07 21:29:10 | 01,285,168 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0002.jpg
[2009/02/07 21:27:42 | 00,027,648 | -HS- | M] () -- C:\Documents and Settings\Bob\Desktop\Thumbs.db
[2009/02/07 21:26:08 | 04,277,102 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scan0001.jpg
[2009/02/07 20:30:06 | 00,000,710 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/07 20:30:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/07 20:30:06 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/02/07 11:39:12 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/02/06 23:05:30 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Startup Inspector for Windows.lnk
[2009/02/06 23:05:07 | 00,685,988 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Bob\Desktop\isw2.exe
[2009/02/06 21:13:11 | 00,004,163 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/02/06 20:42:12 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Spybot - Search & Destroy.lnk
[2009/02/06 20:13:23 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/06 19:44:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\HijackThis.lnk
[2009/02/06 07:20:18 | 01,568,656 | -H-- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2009/02/06 07:13:42 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/05 20:59:01 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/05 20:59:01 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2009/02/05 20:59:00 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/02/05 20:59:00 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/05 20:58:59 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/05 20:58:58 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/05 20:58:58 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/05 20:58:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/05 20:55:11 | 61,249,936 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Bob\Desktop\avg_avwt_stf_en_8_233a1425.exe
[2009/02/05 20:34:48 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/05 20:34:07 | 02,737,808 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup(2).exe
[2009/02/05 18:21:56 | 02,338,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/04 19:49:01 | 00,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/02/04 19:47:20 | 00,261,800 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/31 22:27:27 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/31 22:25:04 | 28,482,696 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.806.3gp
[2009/01/31 22:21:31 | 28,259,878 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.805.3gp
[2009/01/31 22:16:13 | 29,241,880 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.804.3gp
[2009/01/31 22:11:52 | 26,795,884 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\scrubs.803.3gp
[2009/01/29 20:57:16 | 00,287,675 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\2.jpg
[2009/01/29 20:56:54 | 00,334,564 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\1.jpg
[2009/01/29 20:56:47 | 00,413,356 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\3.jpg
[2009/01/29 20:56:36 | 00,413,025 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00308-20090129-0740.jpg
[2009/01/29 20:55:22 | 00,334,206 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00305-20090128-1815.jpg
[2009/01/29 20:55:18 | 00,285,624 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\IMG00306-20090128-2028.jpg
[2009/01/27 17:33:33 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\dvd.bmk
[2009/01/21 20:39:10 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\WHCC PF ROES.lnk
[2009/01/20 20:39:54 | 00,000,083 | ---- | M] () -- C:\WINDOWS\webica.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
< End of report >
OTListIt Extras logfile created on: 2/14/2009 10:51:51 PM - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 81.06 Gb Free Space | 56.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.75 Gb Total Space | 162.74 Gb Free Space | 34.94% Space Free | Partition Type: NTFS

Computer Name: DELL
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2004/08/10 06:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2005/05/06 19:47:08 | 02,224,128 | ---- | M] (www.BitLord.com) -- C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord
[2009/02/07 20:33:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2007/09/26 13:41:58 | 15,997,240 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/06/15 20:10:49 | 05,980,160 | ---- | M] (MP2P Technologies.) -- C:\Program Files\Blubster\blubster.exe:*:Enabled:Blubster
[2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2005/05/24 01:17:46 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2005/05/24 01:18:00 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2005/05/24 01:13:32 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/05/10 21:50:34 | 00,200,704 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/05/10 21:07:26 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2005/05/24 01:42:00 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/05/12 07:34:58 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2005/05/24 01:18:52 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/03/15 14:12:10 | 00,417,792 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/03/15 14:17:50 | 00,704,512 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2005/05/24 01:34:36 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/02/05 20:58:40 | 00,832,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
[2009/02/05 20:58:41 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/02/05 20:58:45 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@icon sushi_is1" = @icon sushi 1.21
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235674B0-A35F-4811-8A8F-E8F42A919EA3}" = PhotoPresets with One-Click WOW!
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{42A96544-2842-444E-8A27-A61848DDEC87}" = Adobe Photoshop Lightroom 2.1
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53885844-2604-4C08-9F67-1DD9C70D8513}" = DVRMSToolbox
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7210BFE2-5045-4F9C-8F9D-4AE844F93A75}" = ExpressDigital Darkroom Web Edition V8.8
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747C231B-062D-4586-8221-8E7870987D5B}" = Dora Lost City
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Seagate DiscWizard
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D859D35F-E947-4F2A-8591-C76A4D116178}" = Dora Backpack
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E95130D6-49DA-418C-BEB3-0F4E75F04A15}" = Calendar Creator
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0.5 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG 8.0
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitLord" = BitLord 1.1
"BlackBerry_{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6
"Blaze Media Pro" = Blaze Media Pro
"Blubster" = Blubster 2.6.9
"Blubster Toolbar" = Blubster Toolbar
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Citrix ICA Web Client" = Citrix ICA Web Client
"CleanUp!" = CleanUp!
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DPP" = Canon Utilities Digital Photo Professional 2.1
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.5.5
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.8.6
"EasyChange Powered by TrueSwitch" = EasyChange Powered by TrueSwitch
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"EOS Utility" = Canon Utilities EOS Utility
"ESPNMotion" = ESPNMotion
"GoldWave v5.06" = GoldWave v5.06
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver
"InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = Memorex exPressit Label Design Studio
"Neat Image_is1" = Neat Image v5.4 Home
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Photo Viewer" = Photo Viewer 2.3
"Photodex Presenter" = Photodex Presenter
"PhotoReflect Publisher 2.0" = PhotoReflect Publisher 2.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Network Connections Drivers
"ProShow Gold" = ProShow Gold
"Puppy Grows & Knows Your Name_is1" = Puppy Grows & Knows Your Name 1.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Showit_Web2.6" = Showit Web 2.6
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Web Screen Saver" = Web Screen Saver
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WGA" = Windows Genuine Advantage Validation Tool
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ROES.whcc" = ROES.whcc
"WHCC PF ROES" = WHCC PF ROES

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2143063865-554821073-1765250577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ROES.whcc" = ROES.whcc
"WHCC PF ROES" = WHCC PF ROES

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2009 9:02:26 PM | Computer Name = DELL | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_25_0_1012.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 2/6/2009 9:05:22 PM | Computer Name = DELL | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_25_0_1012.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 2/6/2009 9:10:23 PM | Computer Name = DELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3860 (0xf14) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\DVDFab
Decrypter 3\DVDFabDecrypter.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 2/6/2009 9:38:52 PM | Computer Name = DELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1868 (0x74c) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\DVDFab
Decrypter 3\DVDFabDecrypter.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 2/6/2009 10:24:45 PM | Computer Name = DELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3464 (0xd88) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\DVDFab
Platinum 3086\DVDFabPlatinum.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 2/7/2009 12:04:10 AM | Computer Name = DELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2644 (0xa54) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\DVDFab
Platinum 3086\DVDFabPlatinum.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 2/7/2009 12:14:22 AM | Computer Name = DELL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2688 (0xa80) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\DVDFab
Decrypter 3\DVDFabDecrypter.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 2/7/2009 10:35:12 PM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application HP_IZE.exe, version 1.5.1.29, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2009 8:00:21 PM | Computer Name = DELL | Source = Norton Ghost | ID = 100
Description = Error EC8F17B7: Cannot create recovery points for job: My Computer
Backup. Error EC8F03FE: Cannot read the properties of the job. Error EC8F1F62:
Cannot find external device 'My Book'. Details: The system cannot find the path specified.

Source:
Norton Ghost

Error - 2/11/2009 11:01:07 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
mso9.dll, version 9.0.0.2720, fault address 0x000a6e0a.

[ System Events ]
Error - 2/11/2009 6:36:09 PM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00123FC61567 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/11/2009 6:36:10 PM | Computer Name = DELL | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 2/12/2009 8:15:11 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 00123FC61567 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/12/2009 8:17:23 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2/12/2009 9:50:46 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2/12/2009 9:52:15 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 2/13/2009 9:48:27 PM | Computer Name = DELL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.101 on
the Network Card with network address 00123FC61567.

Error - 2/14/2009 8:54:48 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2/14/2009 5:39:38 PM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00123FC61567 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/14/2009 5:42:01 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >

#5 rlawrence

rlawrence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 February 2009 - 11:31 PM

GMER Log:


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-14 23:24:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAEA789AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAEA78A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAEA78958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAEA7896C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAEA78A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAEA78A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAEA78AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAEA78AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAEA789EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAEA78B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAEA78A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAEA78930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAEA78944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAEA789BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAEA78B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAEA78AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAEA78AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAEA78A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAEA78B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAEA78B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAEA78996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAEA78982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAEA78A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAEA78A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAEA78B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAEA78A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAEA789D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AB0 7 Bytes JMP AEA789D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577F8E 5 Bytes JMP AEA789AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E36 7 Bytes JMP AEA789EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C44 5 Bytes JMP AEA78A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B7216 7 Bytes JMP AEA789C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CA150 5 Bytes JMP AEA78934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA3DC 5 Bytes JMP AEA78948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CCB9A 5 Bytes JMP AEA78986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFE70 7 Bytes JMP AEA78970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFF26 5 Bytes JMP AEA7895C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0430 5 Bytes JMP AEA7899A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D167A 5 Bytes JMP AEA78A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80620638 7 Bytes JMP AEA78AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80620986 5 Bytes JMP AEA78B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80620C3E 7 Bytes JMP AEA78A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620F06 7 Bytes JMP AEA78B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062174C 7 Bytes JMP AEA78AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621FA4 7 Bytes JMP AEA78A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8062257E 5 Bytes JMP AEA78A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80622A0E 7 Bytes JMP AEA78A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622BDE 7 Bytes JMP AEA78A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DBE 7 Bytes JMP AEA78AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80623028 7 Bytes JMP AEA78ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80623914 5 Bytes JMP AEA78A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80623C38 7 Bytes JMP AEA78B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062415E 5 Bytes JMP AEA78B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80624278 5 Bytes JMP AEA78B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C50000
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C50F6F
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C50F80
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C50064
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C50F9B
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C50FB6
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C500A1
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C50090
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C500B2
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C50F19
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C50EFE
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C5003D
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C50011
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C50075
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C50022
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C50FD1
.text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C50F34
.text C:\WINDOWS\Explorer.EXE[316] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C40FAF
.text C:\WINDOWS\Explorer.EXE[316] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C40040
.text C:\WINDOWS\Explorer.EXE[316] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C40000
.text C:\WINDOWS\Explorer.EXE[316] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\Explorer.EXE[316] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C40F83
.text C:\WINDOWS\Explorer.EXE[316] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C4001B
.text C:\WINDOWS\Explorer.EXE[316] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\Explorer.EXE[316] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C40F94
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00BC0FDB
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00BC0000
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\Explorer.EXE[316] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\Explorer.EXE[316] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BA0000
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D00FEF
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D00065
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D00F70
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D00054
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D00043
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D00FB2
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D00F1D
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D00F2E
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D00091
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D00080
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00D00EE7
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00D00FA1
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00D00FDE
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00D00F55
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00D0001E
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00D00FCD
.text C:\Program Files\Messenger\msmsgs.exe[672] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00D00F02
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CD0F9E
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegCreateKeyExW 77DD7535 1 Byte [ E9 ]
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegCreateKeyExW + 2 77DD7537 3 Bytes [ 8A, EF, 88 ]
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CD0FAF
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CD0FD4
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CD0F7C
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CD0F8D
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CD0FE5
.text C:\Program Files\Messenger\msmsgs.exe[672] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CD000A
.text C:\Program Files\Messenger\msmsgs.exe[672] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CA0FEF
.text C:\Program Files\Messenger\msmsgs.exe[672] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00CB000A
.text C:\Program Files\Messenger\msmsgs.exe[672] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00CB0FEF
.text C:\Program Files\Messenger\msmsgs.exe[672] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00CB0FDE
.text C:\Program Files\Messenger\msmsgs.exe[672] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00CB0FC1
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FE0F83
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FE0082
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FE0FA8
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FE0065
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FE0039
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FE00C4
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FE0F72
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FE00E6
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FE0F57
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00FE0F28
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00FE0054
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00FE0093
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00FE0FCD
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00FE001E
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00FE00D5
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A10FDB
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A10076
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A1002C
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A10FB9
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10051
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\services.exe[988] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F30065
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F30F70
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F30F8D
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F30040
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F30FB9
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F3008A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F30F4E
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F30F02
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F3009B
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F300AC
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F30F9E
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F30011
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F30F5F
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F30FCA
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F30FDB
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F30F27
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F20036
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F20047
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F2001B
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F20F8A
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F20FA5
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F20FC0
.text C:\WINDOWS\system32\lsass.exe[1000] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A60076
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A60F81
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A6005B
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A60F9E
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A60FB9
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A60F38
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A60F49
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60F13
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A600B6
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A600C7
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A60040
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A60011
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A60F66
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A600A5
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A5002C
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A50062
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A50047
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A50FA5
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A50FC0
.text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE0056
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE0045
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE0F61
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE0F9E
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE0F46
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE008E
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CE00B3
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CE0F1A
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00CE0EF5
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00CE0F83
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00CE0071
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00CE0014
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00CE0FC3
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00CE0F35
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00CD0F94
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CD0036
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CD001B
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CD005B
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CD0FB9
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 016B0FEF
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 016B0F6D
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 016B0062
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 016B0F88
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 016B0051
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 016B002C
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 016B0F26
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 016B0F37
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 016B00AB
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 016B009A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 016B00BC
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 016B0FA5
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 016B000A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 016B0F52
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 016B001B
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 016B0FD4
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 016B0089
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 016A0025
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 016A0051
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 016A0FD4
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 016A0FEF
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 016A0040
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 016A0FA8
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 016A0000
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 016A0FB9
.text C:\WINDOWS\System32\svchost.exe[1424] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 014B0000
.text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 014C000A
.text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 014C0FEF
.text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 014C0027
.text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 014C0038
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A0F91
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A007C
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A005F
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A004E
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A003D
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0F80
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A00BC
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A00FE
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A00E3
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008A0F40
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008A0FAC
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008A00A1
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008A002C
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008A001B
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008A0F65
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00890FC3
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00890062
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00890FD4
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00890FE5
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00890047
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00890036
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00890000
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00890025
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00870000
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00970F43
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00970038
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00970F5E
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00970F6F
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00970F94
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00970064
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00970053
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00970093
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00970EFA
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80ADA0 1 Byte [ E9 ]
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetProcAddress + 2 7C80ADA2 3 Bytes [ 52, 16, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0097001B
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00970F32
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00970FAF
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00970F0B
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0096002F
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00960F97
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00960FDE
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00960FA8
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0096004A
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00960FC3
.text C:\WINDOWS\system32\svchost.exe[1656] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00940014
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00940FD2
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00940025
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0036
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F68
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0014
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0073
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0EEE
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F09
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0EDD
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0062
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F1A
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0028002C
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00280FA2
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00280FDB
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00280011
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0028005F
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0028004E
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00280000
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0028003D
.text C:\WINDOWS\system32\svchost.exe[1860] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A006E
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F79
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F8A
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A003D
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00AD
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0090
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00ED
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F54
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0F43
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0F9B
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A007F
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0022
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\dllhost.exe[1928] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A00C8
.text C:\WINDOWS\system32\dllhost.exe[1928] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FB2
.text C:\WINDOWS\system32\dllhost.exe[1928] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290F61
.text C:\WINDOWS\system32\dllhost.exe[1928] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290FC3
.text C:\WINDOWS\system32\dllhost.exe[1928] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\dllhost.exe[1928] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F7C
.text C:\WINDOWS\system32\dllhost.exe[1928] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290014
.text C:\WINDOWS\system32\dllhost.exe[1928] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FE5
.text C:\WINDOWS\system32\dllhost.exe[1928] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290F8D
.text C:\WINDOWS\system32\dllhost.exe[1928] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A007C
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A006B
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A004E
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F91
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0033
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00B4
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00A3
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F25
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F40
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0F14
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0FA2
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F6C
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0022
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\svchost.exe[3276] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F51
.text C:\WINDOWS\system32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00280FAF
.text C:\WINDOWS\system32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00280F72
.text C:\WINDOWS\system32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00280FCA
.text C:\WINDOWS\system32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00280FDB
.text C:\WINDOWS\system32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00280025
.text C:\WINDOWS\system32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00280F83
.text C:\WINDOWS\system32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00280000
.text C:\WINDOWS\system32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00280F94
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F6B
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F7C
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0060
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F97
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0096
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A007B
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00C2
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00B1
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0F0E
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F5A
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\dllhost.exe[3400] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F33
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FA8
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290025
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290FB9
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F68
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FE5
.text C:\WINDOWS\system32\dllhost.exe[3400] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290F8D
.text C:\WINDOWS\system32\dllhost.exe[3400] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00790FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3588] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3588] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F77
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F88
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A002C
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F35
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0087
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00C4
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00B3
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00D5
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0076
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[5296] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0098
.text C:\WINDOWS\System32\svchost.exe[5296] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00280040
.text C:\WINDOWS\System32\svchost.exe[5296] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00280F9E
.text C:\WINDOWS\System32\svchost.exe[5296] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0028002F
.text C:\WINDOWS\System32\svchost.exe[5296] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00280014
.text C:\WINDOWS\System32\svchost.exe[5296] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00280FB9
.text C:\WINDOWS\System32\svchost.exe[5296] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00280051
.text C:\WINDOWS\System32\svchost.exe[5296] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00280FEF
.text C:\WINDOWS\System32\svchost.exe[5296] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00280FD4
.text C:\WINDOWS\System32\svchost.exe[5296] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007D0000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Fastfat \Fat AA72EC8A

AttachedDevice \FileSystem\Fastfat \Fat symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths@Directory C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
Reg HKLM\SOFTWARE\Classes\CLSID\{905039D8-D3A1-70A8-DABF0692B94E6EF4}\{2661643E-85BA-F5BF-30DE18451E945353}\{906FFE4B-845A-CA7B-85F7467A0D70268A}
Reg HKLM\SOFTWARE\Classes\CLSID\{905039D8-D3A1-70A8-DABF0692B94E6EF4}\{2661643E-85BA-F5BF-30DE18451E945353}\{906FFE4B-845A-CA7B-85F7467A0D70268A}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xF2 0xE2 0xD1 0x7B ...

---- EOF - GMER 1.0.14 ----

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:43 PM

Posted 16 February 2009 - 05:26 PM

Hello, rlawrence
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbup2:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 rlawrence

rlawrence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 16 February 2009 - 06:06 PM

Billy,

Here's the log combofix.txt:




ComboFix 09-02-15.01 - Bob 2009-02-16 17:48:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2841 [GMT -5:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\afmvrqde.ini
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.

2009-02-14 23:01 . 2009-02-14 23:01 250 --a------ c:\windows\gmer.ini
2009-02-09 22:12 . 2009-02-09 22:12 <DIR> d-------- c:\program files\aicon
2009-02-09 22:12 . 2009-02-09 22:12 <DIR> d-------- c:\documents and settings\Bob\Application Data\aicon
2009-02-07 19:23 . 2009-02-07 19:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-07 11:42 . 2009-02-07 11:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-06 23:07 . 2009-02-06 23:07 <DIR> d-------- c:\documents and settings\Bob\Application Data\wsInspector
2009-02-06 23:05 . 2009-02-06 23:06 <DIR> d-------- c:\program files\Startup Inspector for Windows
2009-02-06 20:41 . 2009-02-06 20:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-06 20:41 . 2009-02-06 20:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 20:13 . 2009-02-06 20:13 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-06 20:13 . 2009-02-06 20:13 <DIR> d-------- c:\documents and settings\Bob\Application Data\SUPERAntiSpyware.com
2009-02-06 20:13 . 2009-02-06 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-06 19:36 . 2009-02-06 19:36 <DIR> d-------- c:\program files\CleanUp!
2009-02-06 19:33 . 2009-02-06 19:33 <DIR> d-------- c:\program files\Trend Micro
2009-02-06 19:19 . 2009-02-06 19:20 <DIR> d-------- C:\fixfiles
2009-02-06 07:13 . 2009-02-06 07:13 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-05 21:05 . 2009-02-13 15:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-05 20:59 . 2009-02-05 20:59 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-02-05 20:59 . 2009-02-05 20:59 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-05 20:58 . 2009-02-16 17:23 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-05 20:58 . 2009-02-05 20:58 <DIR> d-------- c:\program files\AVG
2009-02-05 20:58 . 2009-02-05 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-05 20:58 . 2009-02-05 20:58 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-05 20:58 . 2009-02-05 20:58 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-31 21:40 . 2009-01-31 21:40 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-21 20:39 . 2009-01-21 20:39 <DIR> d-------- c:\documents and settings\Bob\.WHCCPF
2009-01-16 22:04 . 2009-01-16 22:07 <DIR> d-------- c:\documents and settings\Bob\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 12:43 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-08 02:31 --------- d-----w c:\documents and settings\Bob\Application Data\Image Zone Express
2009-02-07 00:18 --------- d-----w c:\documents and settings\Bob\Application Data\U3
2009-02-06 03:54 --------- d-----w c:\program files\DIGStream
2009-02-06 01:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-05 00:53 --------- d-----w c:\program files\Blubster
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-08 23:01 --------- d-----w c:\documents and settings\LocalService\Application Data\McAfee
2009-01-08 22:49 --------- d-----w c:\documents and settings\Bob\Application Data\Malwarebytes
2009-01-08 22:48 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 03:03 --------- d-----w c:\documents and settings\Bob\Application Data\McAfee
2009-01-07 03:02 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-06 02:56 --------- d-----w c:\program files\Common Files\Adobe
2009-01-06 02:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 02:46 --------- d-s---w c:\documents and settings\All Users\Application Data\Memeo
2009-01-06 02:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-06 02:28 --------- d-----w c:\program files\Symantec
2009-01-06 02:25 --------- d-----w c:\program files\Norton Ghost
2009-01-06 02:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-29 20:45 --------- d-----w c:\program files\Calendar Creator
2008-12-29 20:43 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-29 20:43 --------- d-----w c:\program files\AVS4YOU
2008-12-29 20:42 --------- d-----w c:\program files\Google
2008-12-28 23:03 --------- d-----w c:\documents and settings\Bob\Application Data\AVS4YOU
2008-12-28 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-24 16:43 --------- d-----w c:\program files\Lavasoft
2008-12-24 16:43 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-24 16:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-18 08:00 --------- d-----w c:\program files\MSXML 6.0
2008-12-17 02:35 --------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2008-12-17 02:35 --------- d-----w c:\documents and settings\Bob\Application Data\Roxio
2008-12-17 02:31 --------- d-----w c:\documents and settings\Bob\Application Data\InstallShield
2008-12-17 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-12-17 02:06 --------- d-----w c:\program files\Roxio
2008-12-17 02:06 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-17 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-12-17 01:56 --------- d-----w c:\program files\Common Files\Research In Motion
2008-12-11 19:43 215,144 ----a-r c:\windows\pw32a.dll
2008-12-11 19:43 215,144 ----a-r c:\windows\patchw32.dll
2007-03-10 20:22 87,608 ----a-w c:\documents and settings\Bob\Application Data\ezpinst.exe
2007-03-10 20:22 47,360 ----a-w c:\documents and settings\Bob\Application Data\pcouffin.sys
2008-05-10 20:39 133,120 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-07-02 03:08 56 --sh--r c:\windows\system32\DB24917925.sys
2006-07-02 03:08 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 1945688]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-28 583048]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-07 c:\windows\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 492912]

c:\documents and settings\Bob\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-01 113664]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\windows\warnhp.html
FriendlyName= Desktop Uninstall

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 20:59 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= wdmaud.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=c:\windows\pss\Free WebSite Tools.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\Bob\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-04-19 20:29 149024 c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-02-05 20:58 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-10 15:39 1862144 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2007-09-26 13:42 267064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
--a------ 2007-01-08 10:22 20480 c:\program files\McAfee\MBK\LogonHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
--a------ 2007-01-16 12:59 4838952 c:\program files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--------- 2005-09-08 20:20 8192 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--------- 2005-09-08 20:20 110592 c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-12-07 16:44 1884160 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]
--a------ 2008-12-11 15:14 2245992 c:\program files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-20 20:18 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--------- 2006-02-22 22:26 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2008-06-08 12:24 236016 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Blubster\\blubster.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-05 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-05 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-05 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2005-08-16 5120]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1558000]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - j:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-16 c:\windows\Tasks\AFE88988946F08B8.job
- c:\docume~1\bob\applic~1\planco~1\campdartsize.exe []

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-09-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

Notify-tuvurrp - tuvurrp.dll
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sirius.com/listenonline
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ni53mvr2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ni53mvr2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ni53mvr2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Bob\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 17:57:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{905039D8-D3A1-70A8-DABF0692B94E6EF4}\{2661643E-85BA-F5BF-30DE18451E945353}\{906FFE4B-845A-CA7B-85F7467A0D70268A}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f2,e2,d1,7b,cc,17,5d,ab,50,a5,4e,30,15,7d,bc,45,54,9f,92,80,b0,
a0,ed,16,91,79,db,1b,e6,c6,0d,5d,39,34,3f,29,0e,be,0c,95,7e,33,23,2b,b5,2e,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f2,e2,d1,7b,cc,17,5d,ab,50,a5,4e,30,15,7d,bc,45,54,9f,92,80,b0,
a0,ed,16,91,79,db,1b,e6,c6,0d,5d,39,34,3f,29,0e,be,0c,95,7e,33,23,2b,b5,2e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\msdtc.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-02-16 18:01:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-16 23:01:27

Pre-Run: 86,884,839,424 bytes free
Post-Run: 86,774,697,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

368 --- E O F --- 2008-12-18 08:01:16

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:43 PM

Posted 16 February 2009 - 07:01 PM

Hello, rlawrence
We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    regnull::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{905039D8-D3A1-70A8-DABF0692B94E6EF4}\{2661643E-85BA-F5BF-30DE18451E945353}\{906FFE4B-845A-CA7B-85F7467A0D70268A}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    file::
    c:\windows\Tasks\AFE88988946F08B8.job
    folder::
    c:\docume~1\bob\applic~1\planco~1
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 rlawrence

rlawrence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 16 February 2009 - 07:31 PM

As you requested, Billy:


ComboFix 09-02-15.01 - Bob 2009-02-16 19:17:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2995 [GMT -5:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\Tasks\AFE88988946F08B8.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\bob\applic~1\planco~1
c:\docume~1\bob\applic~1\planco~1\0
c:\windows\Tasks\AFE88988946F08B8.job

.
((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-14 23:01 . 2009-02-14 23:01 250 --a------ c:\windows\gmer.ini
2009-02-09 22:12 . 2009-02-09 22:12 <DIR> d-------- c:\program files\aicon
2009-02-09 22:12 . 2009-02-09 22:12 <DIR> d-------- c:\documents and settings\Bob\Application Data\aicon
2009-02-07 19:23 . 2009-02-07 19:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-07 11:42 . 2009-02-07 11:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-06 23:07 . 2009-02-06 23:07 <DIR> d-------- c:\documents and settings\Bob\Application Data\wsInspector
2009-02-06 23:05 . 2009-02-06 23:06 <DIR> d-------- c:\program files\Startup Inspector for Windows
2009-02-06 20:41 . 2009-02-06 20:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-06 20:41 . 2009-02-06 20:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 20:13 . 2009-02-06 20:13 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-06 20:13 . 2009-02-06 20:13 <DIR> d-------- c:\documents and settings\Bob\Application Data\SUPERAntiSpyware.com
2009-02-06 20:13 . 2009-02-06 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-06 19:36 . 2009-02-06 19:36 <DIR> d-------- c:\program files\CleanUp!
2009-02-06 19:33 . 2009-02-06 19:33 <DIR> d-------- c:\program files\Trend Micro
2009-02-06 19:19 . 2009-02-06 19:20 <DIR> d-------- C:\fixfiles
2009-02-06 07:13 . 2009-02-06 07:13 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-05 21:05 . 2009-02-13 15:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-05 20:58 . 2009-02-16 19:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-31 21:40 . 2009-01-31 21:40 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-21 20:39 . 2009-01-21 20:39 <DIR> d-------- c:\documents and settings\Bob\.WHCCPF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 23:28 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-08 02:31 --------- d-----w c:\documents and settings\Bob\Application Data\Image Zone Express
2009-02-07 00:18 --------- d-----w c:\documents and settings\Bob\Application Data\U3
2009-02-06 03:54 --------- d-----w c:\program files\DIGStream
2009-02-06 01:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-05 00:53 --------- d-----w c:\program files\Blubster
2009-01-17 03:07 --------- d-----w c:\documents and settings\Bob\Application Data\Move Networks
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-08 23:01 --------- d-----w c:\documents and settings\LocalService\Application Data\McAfee
2009-01-08 22:49 --------- d-----w c:\documents and settings\Bob\Application Data\Malwarebytes
2009-01-08 22:48 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 03:03 --------- d-----w c:\documents and settings\Bob\Application Data\McAfee
2009-01-07 03:02 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-06 02:56 --------- d-----w c:\program files\Common Files\Adobe
2009-01-06 02:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 02:46 --------- d-s---w c:\documents and settings\All Users\Application Data\Memeo
2009-01-06 02:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-06 02:28 --------- d-----w c:\program files\Symantec
2009-01-06 02:25 --------- d-----w c:\program files\Norton Ghost
2009-01-06 02:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-29 20:45 --------- d-----w c:\program files\Calendar Creator
2008-12-29 20:43 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-29 20:43 --------- d-----w c:\program files\AVS4YOU
2008-12-29 20:42 --------- d-----w c:\program files\Google
2008-12-28 23:03 --------- d-----w c:\documents and settings\Bob\Application Data\AVS4YOU
2008-12-28 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-24 16:43 --------- d-----w c:\program files\Lavasoft
2008-12-24 16:43 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-24 16:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-18 08:00 --------- d-----w c:\program files\MSXML 6.0
2008-12-17 02:35 --------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2008-12-17 02:35 --------- d-----w c:\documents and settings\Bob\Application Data\Roxio
2008-12-17 02:31 --------- d-----w c:\documents and settings\Bob\Application Data\InstallShield
2008-12-17 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-12-17 02:06 --------- d-----w c:\program files\Roxio
2008-12-17 02:06 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-17 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-12-17 01:56 --------- d-----w c:\program files\Common Files\Research In Motion
2008-12-11 19:43 215,144 ----a-r c:\windows\pw32a.dll
2008-12-11 19:43 215,144 ----a-r c:\windows\patchw32.dll
2007-03-10 20:22 87,608 ----a-w c:\documents and settings\Bob\Application Data\ezpinst.exe
2007-03-10 20:22 47,360 ----a-w c:\documents and settings\Bob\Application Data\pcouffin.sys
2008-05-10 20:39 133,120 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-07-02 03:08 56 --sh--r c:\windows\system32\DB24917925.sys
2006-07-02 03:08 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-02-16_17.59.57.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-17 00:24:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1118.dat
+ 2009-02-17 00:22:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b4c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 1945688]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-28 583048]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-07 c:\windows\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 492912]

c:\documents and settings\Bob\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-01 113664]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\windows\warnhp.html
FriendlyName= Desktop Uninstall

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= wdmaud.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=c:\windows\pss\Free WebSite Tools.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\Bob\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-04-19 20:29 149024 c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-10 15:39 1862144 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2007-09-26 13:42 267064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
--a------ 2007-01-08 10:22 20480 c:\program files\McAfee\MBK\LogonHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
--a------ 2007-01-16 12:59 4838952 c:\program files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--------- 2005-09-08 20:20 8192 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--------- 2005-09-08 20:20 110592 c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-12-07 16:44 1884160 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]
--a------ 2008-12-11 15:14 2245992 c:\program files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-20 20:18 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--------- 2006-02-22 22:26 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2008-06-08 12:24 236016 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Blubster\\blubster.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2005-08-16 5120]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1558000]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - j:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-09-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sirius.com/listenonline
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ni53mvr2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ni53mvr2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ni53mvr2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Bob\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 19:24:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\system32\msdtc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-02-16 19:28:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-17 00:28:48
ComboFix2.txt 2009-02-16 23:01:43

Pre-Run: 86,748,020,736 bytes free
Post-Run: 86,733,512,704 bytes free

330 --- E O F --- 2008-12-18 08:01:16

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:43 PM

Posted 17 February 2009 - 05:56 PM

Hello, rlawrence
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 rlawrence

rlawrence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 17 February 2009 - 09:12 PM

Here's the ESET log:



# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3862 (20090217)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=0c627a6a05a0114fa5ce7a86149548ee
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-18 02:09:28
# local_time=2009-02-17 09:09:28 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=467336
# found=0
# scan_time=9213

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:43 PM

Posted 17 February 2009 - 10:16 PM

That looks good :thumbup2:

How are things running?

Are you still having problems?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 rlawrence

rlawrence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 17 February 2009 - 10:28 PM

Billy,

I just attempted my first browser search in several days, AND IT WORKS GREAT! You absolutely ROCK! I'm so glad to have my PC back! Where do I make my donation?!?!?!?!

Thanks a lot!
Bob

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:43 PM

Posted 17 February 2009 - 11:05 PM

Hello, rlawrence
Glad to hear things are doing well for you :step4:

If you wish to donate -- please note that this is a personal donation to me... just want to be up front about it.

Some wern't happy knowing that so wanted to be frank about it :step1:

Also, any donations will be used for this fun tool -> http://www.techsmith.com/camtasia.asp

If you still wish, you can do so using this link ->
https://www.paypal.com/cgi-bin/webscr?cmd=_...tton_id=3110769

Really nice for writing tutorials but more money than I can afford as a High School student.

Congratulations! You now appear clean! :thumbup2:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix
  • Please go to Start -> Run
  • Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
    Posted Image
  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
BillyIII

Edited by Billy O'Neal, 17 February 2009 - 11:06 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:43 PM

Posted 22 February 2009 - 09:23 PM

Hello, rlawrence
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users