Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Tidserv


  • This topic is locked This topic is locked
11 replies to this topic

#1 TSau

TSau

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 07 August 2009 - 10:15 AM

Hi, Iíve been reading this forum and hope you can assist me. I am running NIS09 on my laptop. Every time I start the machine I get an alert that Norton Virus Scanner has detected a virus (Backdoor.Tidserv) that could not be removed. Rescanning does nothing and the issue also resides in the Unresolved Security Risk. I have run SUPERAntiSpyware Free Edition and Malwarebytes' Anti-Malware after following Nortonís directions. The keys/subkeys and files listed do not exists on my computer. I have also downloaded and run SDFix and Norman Malware Cleaner. I have found and deleted a registry key (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hjgruiwqgfoxwk) and two DAT files (system32\hjgruiufhlaqcp.dat and system32\hjgruipkmktylw.dat) that referred to the dll file indicated by NIS09 (globalroot/systemroot/system32/hjgruilukjkuhr.dll). I have also deleted two other files (UACwnwrxvpukkbmyxyea.db and uactmp.db). Something has worked as now I do not receive a notice that Nortonís SONAR Advanced Protection was unable to load and there have been no ill effects. NIS09, SUPERAntiSpyware Free Edition and Malwarebytes' Anti-Malware all show no infections however immediately after startup I get the NIS09 alert. Please tell me if my computer is indeed clean and NIS is holding on to an old virus signature or some small leftover piece or empty file. Or if I still have an infection and if so how to get rid of it.
Thanks in advance for your help. (Sorry for the long explanation but I am trying to give you all the information that might be relevant.)
TSau


DDS (Ver_09-07-30.01) - NTFSx86
Run by Terrell Saunders at 10:21:19.56 on Fri 08/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3318.2466 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\e4613a34-4965-4863-8055-a336bd01f25e.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\All Users\Documents\Downloads\hijack\Third3.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Terrell Saunders\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=czBR5P966l3IcIkXe5Try8OoYms
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\e4613a34-4965-4863-8055-a336bd01f25e.exe
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDF4 Registry Controller] "c:\program files\scansoft\pdf professional 4.0\\RegistryController.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
StartupFolder: c:\docume~1\terrel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office 2000\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf professional 4.0\cnvres_eng.dll /100
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247311919500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: {923E603C-D395-4914-ADC3-5A6CD740CC2A} = 66.174.95.44 69.78.96.14
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-7-22 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-7-22 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-7-22 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090730.003\IDSXpx86.sys [2009-7-31 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-7-22 115560]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-7-28 822424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-19 101936]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090806.023\NAVENG.SYS [2009-8-6 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090806.023\NAVEX15.SYS [2009-8-6 875728]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]

=============== Created Last 30 ================

2009-08-07 09:01 <DIR> --d----- c:\program files\Sophos
2009-08-06 07:58 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-06 07:56 <DIR> --d----- c:\windows\ERUNT
2009-08-06 07:48 <DIR> --d----- C:\SDFix
2009-08-05 05:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12791404
2009-07-28 16:11 4,608 a------- c:\windows\system32\drivers\symlcbrd.sys
2009-07-28 15:44 <DIR> --d----- c:\program files\Norton Ghost
2009-07-28 15:42 <DIR> --d----- c:\docume~1\terrel~1\applic~1\Symantec
2009-07-28 14:44 307,200 -------- c:\windows\IsUninstAct.exe
2009-07-28 14:44 192,590 a------- c:\windows\system32\ActExt.dll
2009-07-28 14:44 159,744 a------- c:\windows\system32\ActAB32.dll
2009-07-28 14:44 140,096 -------- c:\windows\system32\COMDLG32.OCX
2009-07-28 14:44 115,016 -------- c:\windows\system32\Msinet.ocx
2009-07-28 14:44 192,512 a------- c:\windows\system32\EmailShared.dll
2009-07-28 14:44 96,016 -------- c:\windows\system32\Modem.cpl
2009-07-28 14:43 48,640 a------- c:\windows\system32\ActiveActX.DEU
2009-07-28 14:43 48,128 a------- c:\windows\system32\ActiveActX.FRA
2009-07-28 14:43 47,104 a------- c:\windows\system32\ActiveActX.ESP
2009-07-28 14:43 43,520 a------- c:\windows\system32\activeactx.ITA
2009-07-28 14:43 43,008 a------- c:\windows\system32\ActiveActX.ENU
2009-07-28 14:43 893,440 a------- c:\windows\system32\ActiveActX.ocx
2009-07-27 14:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-07-22 04:57 32,592 a------- c:\windows\system32\msonpmon.dll
2009-07-20 06:23 <DIR> --d--r-- c:\program files\Norton Support
2009-07-20 06:09 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-20 06:08 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-20 06:08 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-20 06:08 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-20 06:08 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-20 06:08 <DIR> --d----- c:\program files\Symantec
2009-07-20 06:08 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-07-20 06:08 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-07-20 06:08 <DIR> --d----- c:\program files\Norton Internet Security
2009-07-20 06:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-20 06:06 <DIR> --d----- c:\program files\NortonInstaller
2009-07-20 06:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-18 15:02 <DIR> --d----- C:\CompChecker
2009-07-15 11:54 1,140,850,688 a--sh--- C:\NRTPage.sys
2009-07-14 09:17 <DIR> --d----- c:\windows\pss
2009-07-14 08:25 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-13 19:23 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-07-13 19:23 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-07-13 19:23 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-13 19:19 <DIR> --d----- c:\docume~1\terrel~1\applic~1\Malwarebytes
2009-07-13 19:19 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 19:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 19:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 19:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-13 17:06 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-07-13 17:06 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-07-13 17:06 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 17:06 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 17:06 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 17:06 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 17:06 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 17:06 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 17:06 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-07-13 17:06 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 16:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-13 16:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-13 16:49 <DIR> --d----- c:\docume~1\terrel~1\applic~1\SUPERAntiSpyware.com
2009-07-13 16:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-13 06:57 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-13 06:57 27,496 a------- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2009-07-19 09:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-07 11:31 1,914 a------- c:\docume~1\terrel~1\applic~1\SAS7_000.DAT
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-26 10:25 0 a------- c:\docume~1\terrel~1\applic~1\wklnhst.dat
2009-02-23 18:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022320090224\index.dat

============= FINISH: 10:21:48.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:18 AM

Posted 07 August 2009 - 11:56 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with the following Gmer log.

Thanks

unite.jpg


#3 TSau

TSau
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 07 August 2009 - 01:24 PM

GMER 1.0.15.15020 [ii44qlk6.exe] - http://www.gmer.net
Rootkit scan 2009-08-07 14:18:54
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8AD81698 ZwAlertResumeThread
SSDT 8A996AE0 ZwAlertThread
SSDT 8AE52758 ZwAllocateVirtualMemory
SSDT 8AF647E0 ZwAssignProcessToJobObject
SSDT 8A9BF148 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA8CEF040]
SSDT 8AD9C5B8 ZwCreateMutant
SSDT 8AAD99F8 ZwCreateSymbolicLinkObject
SSDT 8AD7F570 ZwCreateThread
SSDT 8AE160E8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA8CEF2C0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA8CEF820]
SSDT 8AAA41A8 ZwDuplicateObject
SSDT 8B014B48 ZwFreeVirtualMemory
SSDT 8A99D108 ZwImpersonateAnonymousToken
SSDT 8AD5EDC0 ZwImpersonateThread
SSDT 8AD79230 ZwLoadDriver
SSDT 8AE955E0 ZwMapViewOfSection
SSDT 8AFCC628 ZwOpenEvent
SSDT 8ADBBB50 ZwOpenProcess
SSDT 8AFEF628 ZwOpenProcessToken
SSDT 8AD84238 ZwOpenSection
SSDT 8AAA4338 ZwOpenThread
SSDT 8A6A6AC0 ZwProtectVirtualMemory
SSDT 8AF8BBF0 ZwResumeThread
SSDT 8AF59C80 ZwSetContextThread
SSDT 8AAD35B0 ZwSetInformationProcess
SSDT 8AF1DD30 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA8CEFA70]
SSDT 8AD5AC28 ZwSuspendProcess
SSDT 8A9B3400 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA8BEDDF0]
SSDT 8AAD0C28 ZwTerminateThread
SSDT 8AF9BA30 ZwUnmapViewOfSection
SSDT 8ADB5568 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA8 80504544 4 Bytes CALL 52DB26A9
? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- EOF - GMER 1.0.15 ----

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:18 AM

Posted 07 August 2009 - 01:40 PM

It looks like the rootkit is gone please try this step from Nortons site.

THE FIX:
It is not necesary to erase the complete Qbackup folder, neither you need to boot in safe mode also.QBackup folder (Quarantine Backup) is used by Norton AntiVirus component to store backup recoveries of repaired and removed threats when you fix/remove threats during the scan. It may also contain information about threats detected and retains the remediated data in your computer itself. It will be automatically recreated by Norton program when you run scan next time.
So to FIX this problem. Just open NIS2009 history, GO to "unresolved security risk" Press "Remove*" the item failed to remove, wait for the "failed to remove" status, this will update the "*.qbi" file which have the history of the unresolved items. Then go to NIS2009 settings, go to "miscellaneous setting" and disable the Norton Product Tamper Protection under Miscellanious Settings. Then open your windows explorer and go to
"C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup"
and erase your most recently (updated, newly) "*.QBI" file. The asteric it a long number as "{DDAB4332-ED04-4898-9C20-D231FDC4B0C5}.qbi" it will be a small file 1-10 KB. Only deleted this file. Close Windows explorer, go to NIS2009 reactived the Norton Product Tamper Protection under Miscellanious Settings and you can enter to the HISTORY and you will find it is empty (clear).

Hope this will help to not erase the hole (complete) "Qbackup folder".


Then let me no if the norton alerts have gone.

Edited by syler, 07 August 2009 - 01:40 PM.

unite.jpg


#5 TSau

TSau
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 07 August 2009 - 08:48 PM

No alert as of yet and an hour has gone by. Thank you so much for your help. :thumbup2: I donít know how long it will take before I trust my computer again but Iíll give it a probationary period just to be sure nothing pops up. Thanks again for my peace of mind. :)

Have a great weekend,

TSau

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:18 AM

Posted 07 August 2009 - 09:03 PM

Hi TSau,

That's good news :thumbup2: we are not quite done yet though, I would like to do a couple more check with you to make sure and clean up some bits.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 15.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Update Adobe reader
  • Click Start > Control Panel > Add/Remove Programs
  • Remove any older versions of Adobe Reader.
  • Click here to download the latest version of Adobe Acrobat Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Next

Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.
Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following:
  • Bitdefender report
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#7 TSau

TSau
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 08 August 2009 - 07:04 AM

Syler
Thanks again for your help!
Java JRE 6 Update 15 Done
Adobe Reader Removed (I use a Scansoft product anyway)
BitDefender See the results of the current computer scan

No viruses were found on your computer
181104 analized, 1 threat(s) found, 1 threats eliminated

The threats it found were the two files that I had changed the name of and copied to a flash drive. (UACwnwrxvpukkbmyxyea.db and uactmp.db).

The other two reports are below.

TSau

OTL logfile created on: 8/8/2009 7:49:01 AM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Terrell Saunders\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.73 Gb Total Space | 66.98 Gb Free Space | 62.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 0.09 Gb Free Space | 4.72% Space Free | Partition Type: FAT
Drive F: | 488.60 Mb Total Space | 235.19 Mb Free Space | 48.13% Space Free | Partition Type: FAT
Drive G: | 1.87 Gb Total Space | 1.83 Gb Free Space | 97.51% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D97S2ZC1
Current User Name: Terrell Saunders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/22 18:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/22 18:32:58 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/05/24 19:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/09/09 19:09:10 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe
PRC - [2006/03/24 17:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2009/08/08 04:15:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/08/22 16:32:18 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2005/09/09 19:09:24 | 01,537,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005/02/16 17:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/12/13 03:45:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/12/13 03:41:08 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2006/08/03 19:51:42 | 01,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/12/13 15:30:00 | 00,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/09/09 19:09:28 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2006/11/22 18:35:50 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2009/08/08 04:15:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/15 06:16:11 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/06/23 11:01:38 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\e4613a34-4965-4863-8055-a336bd01f25e.exe
PRC - [2003/09/10 03:24:00 | 00,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netWaiting.exe
PRC - [2005/08/24 19:25:00 | 00,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
PRC - [2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/05/24 19:28:28 | 00,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/26 20:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/07/28 16:11:02 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2004/09/15 06:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/08/08 03:54:23 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terrell Saunders\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/05/24 19:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004/12/13 15:30:08 | 00,079,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/09/09 19:09:10 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity [Auto | Running])
SRV - [2009/06/15 06:16:08 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/08/08 04:15:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/09/09 19:09:28 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/04/14 11:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2009/07/28 16:11:02 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2004/09/15 06:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2006/11/22 18:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/11/22 18:34:36 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/08/25 01:23:08 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2006/05/24 19:04:04 | 00,851,434 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/05/24 19:05:26 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2006/05/24 19:00:50 | 00,066,488 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2009/07/22 15:30:31 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/07/28 17:52:58 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/07/19 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2005/09/09 19:09:10 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GearAspiWDM [System | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/01 01:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 01:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2005/12/13 04:09:34 | 01,364,574 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2009/07/12 01:15:32 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090730.003\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2005/10/04 22:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009/07/28 17:52:58 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.048\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/28 17:52:58 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.048\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2003/05/15 19:41:16 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Stopped])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/01/26 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/07/14 04:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2005/07/12 05:00:30 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
DRV - [2006/11/07 19:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Running])
DRV - [2006/10/20 11:28:04 | 00,026,368 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2005/07/14 03:28:38 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys -- (rismxdp [On_Demand | Running])
DRV - [2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/09/02 17:06:35 | 00,042,240 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\ser2plms.sys -- (ser2plms [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2002/11/26 15:54:58 | 00,016,936 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5 [On_Demand | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/03/12 04:43:27 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/03/12 04:43:27 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2006/03/24 17:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009/03/12 04:43:27 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/07/22 15:30:49 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/03/12 04:42:36 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/03/12 04:42:36 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/07/28 16:11:02 | 00,004,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2009/03/12 04:43:27 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2005/09/09 19:09:20 | 00,144,832 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap [Boot | Running])
DRV - [2009/03/12 04:43:27 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/03/08 12:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/09/09 19:09:20 | 00,056,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount [System | Running])
DRV - [2005/12/01 01:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\S-1-5-21-2833273469-3643476747-561824064-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/08 04:15:22 | 00,000,000 | ---D | M]


O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\e4613a34-4965-4863-8055-a336bd01f25e.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Terrell Saunders\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247311919500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/08 07:48:10 | 00,010,885 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\My Documents\See the results of the current computer scan.docx
[2009/08/08 04:25:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/08/08 04:25:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/08 04:17:34 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/08 04:15:41 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/08 04:15:41 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/08 04:15:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/08 04:15:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/08 04:15:41 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/08 04:15:13 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/08 04:07:46 | 16,668,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Terrell Saunders\Desktop\jre-6u15-windows-i586.exe
[2009/08/08 03:54:23 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terrell Saunders\Desktop\OTL.exe
[2009/08/07 13:26:45 | 00,287,744 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\Desktop\ii44qlk6.exe
[2009/08/07 10:20:38 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\Desktop\dds.scr
[2009/08/07 09:01:22 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/08/07 07:23:00 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/08/07 07:23:00 | 00,000,947 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/08/07 07:23:00 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/08/07 07:23:00 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/08/06 20:15:21 | 34,796,33920 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/06 07:58:00 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/08/06 07:56:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/08/06 07:48:52 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/08/05 05:58:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/08/05 05:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\12791404
[2009/07/28 16:11:02 | 00,004,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2009/07/28 15:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Ghost
[2009/07/28 15:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Application Data\Symantec
[2009/07/28 14:44:30 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SideACT!.lnk
[2009/07/28 14:44:30 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ACT!.lnk
[2009/07/28 14:44:21 | 00,307,200 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninstAct.exe
[2009/07/28 14:44:20 | 00,192,590 | ---- | C] () -- C:\WINDOWS\System32\ActExt.dll
[2009/07/28 14:44:20 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ActAB32.dll
[2009/07/28 14:44:01 | 00,140,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/07/28 14:44:01 | 00,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx
[2009/07/28 14:44:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2009/07/28 14:44:00 | 00,096,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Modem.cpl
[2009/07/28 14:43:59 | 00,048,640 | ---- | C] (Windswept Software LLC, 508-540-5458, www.windsweptsoftware.net) -- C:\WINDOWS\System32\ActiveActX.DEU
[2009/07/28 14:43:59 | 00,048,128 | ---- | C] () -- C:\WINDOWS\System32\ActiveActX.FRA
[2009/07/28 14:43:59 | 00,047,104 | ---- | C] (Windswept Software LLC, 508-540-5458, www.windsweptsoftware.net) -- C:\WINDOWS\System32\ActiveActX.ESP
[2009/07/28 14:43:59 | 00,043,520 | ---- | C] (Windswept Software LLC, 508-540-5458, www.windsweptsoftware.net) -- C:\WINDOWS\System32\activeactx.ITA
[2009/07/28 14:43:59 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\ActiveActX.ENU
[2009/07/28 14:43:58 | 00,893,440 | ---- | C] (Windswept Software LLC http://www.photoact.net) -- C:\WINDOWS\System32\ActiveActX.ocx
[2009/07/27 14:18:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/07/27 08:10:34 | 00,598,314 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\Cat.DB
[2009/07/22 15:30:48 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.sys
[2009/07/22 15:30:48 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.sys
[2009/07/22 15:30:48 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.sys
[2009/07/22 15:30:48 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symtdi.sys
[2009/07/22 15:30:48 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symfw.sys
[2009/07/22 15:30:48 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.sys
[2009/07/22 15:30:48 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndisv.sys
[2009/07/22 15:30:48 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndis.sys
[2009/07/22 15:30:48 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symids.sys
[2009/07/22 15:30:48 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.cat
[2009/07/22 15:30:48 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.cat
[2009/07/22 15:30:48 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.cat
[2009/07/22 15:30:48 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.CAT
[2009/07/22 15:30:48 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.cat
[2009/07/22 15:30:48 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.cat
[2009/07/22 15:30:48 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.inf
[2009/07/22 15:30:48 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.inf
[2009/07/22 15:30:48 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.inf
[2009/07/22 15:30:48 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.inf
[2009/07/22 15:30:48 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.inf
[2009/07/22 15:30:48 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.inf
[2009/07/22 15:30:31 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/07/22 15:30:30 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\isolate.ini
[2009/07/22 15:30:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1005000.087
[2009/07/22 05:07:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\My Documents\OneNote Notebooks
[2009/07/22 04:57:39 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/07/20 06:23:30 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/07/20 06:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Local Settings\Application Data\Symantec
[2009/07/20 06:13:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\My Documents\Symantec
[2009/07/20 06:09:11 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/07/20 06:08:59 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/07/20 06:08:59 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/07/20 06:08:59 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/07/20 06:08:59 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/07/20 06:08:59 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/07/20 06:08:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/07/20 06:08:49 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/07/20 06:08:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/07/20 06:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/07/20 06:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/07/20 06:08:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/07/20 06:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/07/20 06:06:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/07/18 22:09:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Desktop\New Old Folder
[2009/07/18 15:31:41 | 00,000,580 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\Desktop\Shortcut to CC.lnk
[2009/07/18 15:02:15 | 00,000,000 | ---D | C] -- C:\CompChecker
[2009/07/18 14:58:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MS
[2009/07/18 13:26:53 | 02,908,976 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Terrell Saunders\Desktop\Norton_Removal_Tool 1.exe
[2009/07/15 11:54:55 | 11,408,50688 | -HS- | C] () -- C:\NRTPage.sys
[2009/07/14 14:33:01 | 02,908,976 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Terrell Saunders\Desktop\Norton_Removal_Tool.exe
[2009/07/14 09:17:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/14 08:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/07/13 19:23:31 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/07/13 19:23:31 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/07/13 19:23:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/07/13 19:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Application Data\Malwarebytes
[2009/07/13 19:19:38 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 19:19:36 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 19:19:34 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 19:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/13 19:19:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/13 17:06:54 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/07/13 17:06:54 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/07/13 17:06:53 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/07/13 17:06:53 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/07/13 17:06:53 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/07/13 17:06:53 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/07/13 17:06:53 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/07/13 17:06:53 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/07/13 17:06:53 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/07/13 17:06:52 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/07/13 16:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/13 16:49:41 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 16:49:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/13 16:49:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Application Data\SUPERAntiSpyware.com
[2009/07/13 16:48:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/13 06:57:48 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/07/13 06:57:48 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/07/02 14:33:53 | 00,001,832 | ---- | C] () -- C:\WINDOWS\TCADWIN.INI
[2009/06/09 23:14:51 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/09 01:03:11 | 00,000,398 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/05/01 10:04:46 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO5140.INI
[2009/05/01 10:04:34 | 00,000,458 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/01 10:04:34 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/02/24 03:16:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/05/17 01:37:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/17 01:33:47 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/05/17 01:31:04 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/17 01:21:45 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/05/17 01:21:43 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/05/17 01:00:27 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/05/17 00:59:06 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 19:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/11/10 02:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 13:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/08 07:48:11 | 00,010,885 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\My Documents\See the results of the current computer scan.docx
[2009/08/08 07:42:55 | 00,000,458 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/08 07:42:55 | 00,000,026 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/08 04:24:10 | 00,376,022 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/08 04:24:10 | 00,328,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/08 04:24:10 | 00,041,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/08 04:19:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/08 04:19:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/08 04:19:23 | 34,796,33920 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/08 04:18:08 | 05,678,304 | -H-- | M] () -- C:\Documents and Settings\Terrell Saunders\Local Settings\Application Data\IconCache.db
[2009/08/08 04:15:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/08 04:15:18 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/08 04:15:18 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/08 04:15:18 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/08 04:15:18 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/08 04:07:46 | 16,668,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Terrell Saunders\Desktop\jre-6u15-windows-i586.exe
[2009/08/08 03:54:23 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terrell Saunders\Desktop\OTL.exe
[2009/08/07 13:26:45 | 00,287,744 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\Desktop\ii44qlk6.exe
[2009/08/07 10:20:48 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\Desktop\dds.scr
[2009/08/07 07:22:30 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/07 07:22:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/08/07 07:22:30 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/07 04:29:00 | 11,408,50688 | -HS- | M] () -- C:\NRTPage.sys
[2009/08/07 00:16:41 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/08/06 07:58:00 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/31 16:10:59 | 00,598,314 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\Cat.DB
[2009/07/28 16:11:02 | 00,004,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2009/07/28 14:44:30 | 00,000,972 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/07/28 14:44:30 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SideACT!.lnk
[2009/07/28 14:44:30 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACT!.lnk
[2009/07/27 08:10:06 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/07/22 15:30:49 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/07/22 15:30:49 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/07/22 15:30:49 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/07/22 15:30:49 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/07/22 15:30:31 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/07/22 15:30:30 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\isolate.ini
[2009/07/22 05:07:42 | 00,000,947 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/07/19 09:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 09:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 09:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 06:07:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/18 15:31:41 | 00,000,580 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\Desktop\Shortcut to CC.lnk
[2009/07/18 13:26:53 | 02,908,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Terrell Saunders\Desktop\Norton_Removal_Tool 1.exe
[2009/07/17 21:37:16 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/15 23:26:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 14:33:02 | 02,908,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Terrell Saunders\Desktop\Norton_Removal_Tool.exe
[2009/07/14 08:47:27 | 00,387,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/13 19:19:38 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
< End of report >



OTL Extras logfile created on: 8/8/2009 7:49:01 AM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Terrell Saunders\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.73 Gb Total Space | 66.98 Gb Free Space | 62.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 0.09 Gb Free Space | 4.72% Space Free | Partition Type: FAT
Drive F: | 488.60 Mb Total Space | 235.19 Mb Free Space | 48.13% Space Free | Partition Type: FAT
Drive G: | 1.87 Gb Total Space | 1.83 Gb Free Space | 97.51% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D97S2ZC1
Current User Name: Terrell Saunders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E6867A7-2C41-4D3B-8F39-35B61A2870BE}_is1" = PC Backup Utilities 2008
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40B0A7CC-1676-43E9-8444-2EF2377E87B8}" = ScanSoft PDF Professional 4
"{41E993EE-14C3-413D-A922-4A941AB2BCC1}" = VZAccess Manager for RIM
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006 with GPS Locator
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{9B2E8AF3-0BF6-4822-BF21-32D493319042}" = Component Checker
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"ACT!" = ACT!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ONENOTER" = Microsoft Office OneNote 2007
"PROR" = Microsoft Office Professional 2007
"SearchAssist" = SearchAssist
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.4
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2009 4:09:40 PM | Computer Name = D97S2ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module msvcr80.dll, version 8.0.50727.762, fault address 0x00048918.

Error - 8/4/2009 11:29:05 AM | Computer Name = D97S2ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/4/2009 9:42:58 PM | Computer Name = D97S2ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/5/2009 6:03:28 AM | Computer Name = D97S2ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/5/2009 12:17:07 PM | Computer Name = D97S2ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/5/2009 3:24:18 PM | Computer Name = D97S2ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/5/2009 9:49:48 PM | Computer Name = D97S2ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/6/2009 7:42:32 AM | Computer Name = D97S2ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/6/2009 9:25:01 AM | Computer Name = D97S2ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/7/2009 12:38:22 PM | Computer Name = D97S2ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

[ OSession Events ]
Error - 2/25/2009 6:55:05 PM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1605
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 3/6/2009 8:23:00 AM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 267188
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 4/2/2009 2:14:12 PM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1292685
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 4/3/2009 | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 35133
seconds with 660 seconds of active time. This session ended with a crash.

Error - 4/20/2009 2:41:06 AM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 295820
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/29/2009 7:29:48 AM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 163035
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 4/30/2009 9:48:30 PM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/4/2009 10:16:04 AM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 222798
seconds with 660 seconds of active time. This session ended with a crash.

Error - 5/19/2009 8:37:11 AM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 409520
seconds with 4380 seconds of active time. This session ended with a crash.

Error - 6/10/2009 11:42:43 AM | Computer Name = D97S2ZC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 27417
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/8/2009 4:18:06 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/8/2009 4:18:07 AM | Computer Name = D97S2ZC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:18 AM

Posted 09 August 2009 - 10:16 AM

Hi TSau,

The threats it found were these two files that I had changed the name of and copied to a flash drive. (UACwnwrxvpukkbmyxyea.db and uactmp.db).


Why would you want to keep the files? are you aware that these are rootkit files.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
    O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Reg Error: Key error.)
    [2009/08/05 05:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\12791404
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.
Then please post back here with the following:
  • OTL results
  • New DDS log
Thanks

unite.jpg


#9 TSau

TSau
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 10 August 2009 - 03:50 AM

Hi TSau,

The threats it found were these two files that I had changed the name of and copied to a flash drive. (UACwnwrxvpukkbmyxyea.db and uactmp.db).


Why would you want to keep the files? are you aware that these are rootkit files.


Actually no, I didnít know they were rootkit files. But I did suspect them so, as with any file that Iím not sure of, I changed the name and saved it to a flash drive just in case the system became unstable. If I was wrong to delete them I would still have the opportunity to put the files back the way I found them and continue to work at the problem from other avenues. After conformation that the files were toxic they would have been deleted.

[*] You will get a log that shows the results of the fix. Please post it.
[*] Then also run and post a new OTL log.
[/list]Then please post back here with the following:

  • OTL results
  • New DDS log
Thanks


Fix Log
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2833273469-3643476747-561824064-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-2833273469-3643476747-561824064-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2833273469-3643476747-561824064-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Starting removal of ActiveX control {44990301-3C9D-426D-81DF-AAB636FA4345}
C:\WINDOWS\Downloaded Program Files\tgctlsr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
C:\Documents and Settings\All Users\Application Data\12791404 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1512832 bytes
->Temporary Internet Files folder emptied: 1142268 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 37933 bytes

User: NetworkService
->Temp folder emptied: 32768 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 34852 bytes

User: Owner

User: Terrell Saunders
File delete failed. C:\Documents and Settings\Terrell Saunders\Local Settings\Temp\Perflib_Perfdata_4e0.dat scheduled to be deleted on reboot.
->Temp folder emptied: 7507693 bytes
File delete failed. C:\Documents and Settings\Terrell Saunders\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49036952 bytes
->Java cache emptied: 584542 bytes

User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 184978 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\JETF107.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_178.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_724.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 33216 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57.35 mb


OTL by OldTimer - Version 3.0.10.5 log created on 08102009_035555

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Terrell Saunders\Local Settings\Temp\Perflib_Perfdata_4e0.dat not found!
File\Folder C:\WINDOWS\temp\JETF107.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_178.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_724.dat not found!

Registry entries deleted on Reboot...


New OTL Log
OTL logfile created on: 8/10/2009 4:04:20 AM - Run 2
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Terrell Saunders\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.73 Gb Total Space | 66.98 Gb Free Space | 62.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 0.09 Gb Free Space | 4.72% Space Free | Partition Type: FAT
Drive F: | 488.60 Mb Total Space | 235.19 Mb Free Space | 48.13% Space Free | Partition Type: FAT
Drive G: | 1.87 Gb Total Space | 1.83 Gb Free Space | 97.51% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D97S2ZC1
Current User Name: Terrell Saunders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/22 18:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/22 18:32:58 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/05/24 19:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2005/09/09 19:09:10 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe
PRC - [2009/08/08 04:15:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/09/09 19:09:28 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2009/07/28 16:11:02 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2004/09/15 06:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/03/24 17:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/08/22 16:32:18 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2005/09/09 19:09:24 | 01,537,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005/02/16 17:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/12/13 03:45:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/12/13 03:41:08 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2006/08/03 19:51:42 | 01,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/12/13 15:30:00 | 00,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 18:35:50 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2009/08/08 04:15:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/15 06:16:11 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/06/23 11:01:38 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\e4613a34-4965-4863-8055-a336bd01f25e.exe
PRC - [2003/09/10 03:24:00 | 00,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netWaiting.exe
PRC - [2005/08/24 19:25:00 | 00,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
PRC - [2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/05/24 19:28:28 | 00,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/26 20:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/08/08 03:54:23 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terrell Saunders\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/05/24 19:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2004/12/13 15:30:04 | 00,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004/12/13 15:30:08 | 00,079,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004/12/13 15:30:10 | 00,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/09/09 19:09:10 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity [Auto | Running])
SRV - [2009/06/15 06:16:08 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/08/08 04:15:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/09/09 19:09:28 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2009/03/12 04:42:35 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/04/14 11:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2009/07/28 16:11:02 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2004/09/15 06:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2006/11/22 18:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2006/11/22 18:34:36 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/08/25 01:23:08 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2006/05/24 19:04:04 | 00,851,434 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/05/24 19:05:26 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2006/05/24 19:00:50 | 00,066,488 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2009/07/22 15:30:31 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/07/28 17:52:58 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/07/19 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2005/09/09 19:09:10 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GearAspiWDM [System | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/01 01:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 01:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2005/12/13 04:09:34 | 01,364,574 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2009/07/12 01:15:32 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090730.003\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2005/10/04 22:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009/07/28 17:52:58 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.048\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/28 17:52:58 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.048\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2003/05/15 19:41:16 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Stopped])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/01/26 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/07/14 04:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2005/07/12 05:00:30 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
DRV - [2006/11/07 19:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Running])
DRV - [2006/10/20 11:28:04 | 00,026,368 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2005/07/14 03:28:38 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys -- (rismxdp [On_Demand | Running])
DRV - [2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/09/02 17:06:35 | 00,042,240 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\ser2plms.sys -- (ser2plms [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2002/11/26 15:54:58 | 00,016,936 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5 [On_Demand | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/03/12 04:43:27 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/03/12 04:43:27 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2006/03/24 17:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009/03/12 04:43:27 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/07/22 15:30:49 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/03/12 04:43:27 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/03/12 04:42:36 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/03/12 04:42:36 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/07/28 16:11:02 | 00,004,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2009/03/12 04:43:27 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2005/09/09 19:09:20 | 00,144,832 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap [Boot | Running])
DRV - [2009/03/12 04:43:27 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/03/08 12:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/09/09 19:09:20 | 00,056,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount [System | Running])
DRV - [2005/12/01 01:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
IE - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\S-1-5-21-2833273469-3643476747-561824064-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/08 04:15:22 | 00,000,000 | ---D | M]


O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\e4613a34-4965-4863-8055-a336bd01f25e.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Terrell Saunders\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2833273469-3643476747-561824064-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247311919500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/10 03:55:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/08 07:48:10 | 00,011,690 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\My Documents\See the results of the current computer scan.docx
[2009/08/08 04:25:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/08/08 04:17:34 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/08 04:15:41 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/08 04:15:41 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/08 04:15:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/08 04:15:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/08 04:15:41 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/08 04:15:13 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/08 04:07:46 | 16,668,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Terrell Saunders\Desktop\jre-6u15-windows-i586.exe
[2009/08/08 03:54:23 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terrell Saunders\Desktop\OTL.exe
[2009/08/07 13:26:45 | 00,287,744 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\Desktop\ii44qlk6.exe
[2009/08/07 10:20:38 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\Desktop\dds.scr
[2009/08/07 09:01:22 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/08/07 07:23:00 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/08/07 07:23:00 | 00,000,947 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/08/07 07:23:00 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/08/07 07:23:00 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/08/06 20:15:21 | 34,796,33920 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/06 07:58:00 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/08/06 07:56:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/08/06 07:48:52 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/08/05 05:58:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/28 16:11:02 | 00,004,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2009/07/28 15:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Ghost
[2009/07/28 15:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Application Data\Symantec
[2009/07/28 14:44:30 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SideACT!.lnk
[2009/07/28 14:44:30 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ACT!.lnk
[2009/07/28 14:44:21 | 00,307,200 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninstAct.exe
[2009/07/28 14:44:20 | 00,192,590 | ---- | C] () -- C:\WINDOWS\System32\ActExt.dll
[2009/07/28 14:44:20 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ActAB32.dll
[2009/07/28 14:44:01 | 00,140,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/07/28 14:44:01 | 00,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx
[2009/07/28 14:44:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2009/07/28 14:44:00 | 00,096,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Modem.cpl
[2009/07/28 14:43:59 | 00,048,640 | ---- | C] (Windswept Software LLC, 508-540-5458, www.windsweptsoftware.net) -- C:\WINDOWS\System32\ActiveActX.DEU
[2009/07/28 14:43:59 | 00,048,128 | ---- | C] () -- C:\WINDOWS\System32\ActiveActX.FRA
[2009/07/28 14:43:59 | 00,047,104 | ---- | C] (Windswept Software LLC, 508-540-5458, www.windsweptsoftware.net) -- C:\WINDOWS\System32\ActiveActX.ESP
[2009/07/28 14:43:59 | 00,043,520 | ---- | C] (Windswept Software LLC, 508-540-5458, www.windsweptsoftware.net) -- C:\WINDOWS\System32\activeactx.ITA
[2009/07/28 14:43:59 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\ActiveActX.ENU
[2009/07/28 14:43:58 | 00,893,440 | ---- | C] (Windswept Software LLC http://www.photoact.net) -- C:\WINDOWS\System32\ActiveActX.ocx
[2009/07/27 14:18:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/07/27 08:10:34 | 00,598,314 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\Cat.DB
[2009/07/22 15:30:48 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.sys
[2009/07/22 15:30:48 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.sys
[2009/07/22 15:30:48 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.sys
[2009/07/22 15:30:48 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symtdi.sys
[2009/07/22 15:30:48 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symfw.sys
[2009/07/22 15:30:48 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.sys
[2009/07/22 15:30:48 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndisv.sys
[2009/07/22 15:30:48 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndis.sys
[2009/07/22 15:30:48 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symids.sys
[2009/07/22 15:30:48 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.cat
[2009/07/22 15:30:48 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.cat
[2009/07/22 15:30:48 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.cat
[2009/07/22 15:30:48 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.CAT
[2009/07/22 15:30:48 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.cat
[2009/07/22 15:30:48 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.cat
[2009/07/22 15:30:48 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.inf
[2009/07/22 15:30:48 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.inf
[2009/07/22 15:30:48 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.inf
[2009/07/22 15:30:48 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.inf
[2009/07/22 15:30:48 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.inf
[2009/07/22 15:30:48 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.inf
[2009/07/22 15:30:31 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/07/22 15:30:30 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\isolate.ini
[2009/07/22 15:30:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1005000.087
[2009/07/22 05:07:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\My Documents\OneNote Notebooks
[2009/07/22 04:57:39 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/07/20 06:23:30 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/07/20 06:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Local Settings\Application Data\Symantec
[2009/07/20 06:13:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\My Documents\Symantec
[2009/07/20 06:09:11 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/07/20 06:08:59 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/07/20 06:08:59 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/07/20 06:08:59 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/07/20 06:08:59 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/07/20 06:08:59 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/07/20 06:08:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/07/20 06:08:49 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/07/20 06:08:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/07/20 06:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/07/20 06:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/07/20 06:08:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/07/20 06:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/07/20 06:06:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/07/18 22:09:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Desktop\New Old Folder
[2009/07/18 15:31:41 | 00,000,580 | ---- | C] () -- C:\Documents and Settings\Terrell Saunders\Desktop\Shortcut to CC.lnk
[2009/07/18 15:02:15 | 00,000,000 | ---D | C] -- C:\CompChecker
[2009/07/18 14:58:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MS
[2009/07/18 13:26:53 | 02,908,976 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Terrell Saunders\Desktop\Norton_Removal_Tool 1.exe
[2009/07/15 11:54:55 | 11,408,50688 | -HS- | C] () -- C:\NRTPage.sys
[2009/07/14 14:33:01 | 02,908,976 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Terrell Saunders\Desktop\Norton_Removal_Tool.exe
[2009/07/14 09:17:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/14 08:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/07/13 19:23:31 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/07/13 19:23:31 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/07/13 19:23:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/07/13 19:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Application Data\Malwarebytes
[2009/07/13 19:19:38 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 19:19:36 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 19:19:34 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 19:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/13 19:19:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/13 17:06:54 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/07/13 17:06:54 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/07/13 17:06:53 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/07/13 17:06:53 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/07/13 17:06:53 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/07/13 17:06:53 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/07/13 17:06:53 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/07/13 17:06:53 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/07/13 17:06:53 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/07/13 17:06:52 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/07/13 16:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/13 16:49:41 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 16:49:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/13 16:49:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Terrell Saunders\Application Data\SUPERAntiSpyware.com
[2009/07/13 16:48:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/13 06:57:48 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/07/13 06:57:48 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/07/02 14:33:53 | 00,001,832 | ---- | C] () -- C:\WINDOWS\TCADWIN.INI
[2009/06/09 23:14:51 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/09 01:03:11 | 00,000,398 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/05/01 10:04:46 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO5140.INI
[2009/05/01 10:04:34 | 00,000,458 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/01 10:04:34 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/02/24 03:16:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/05/17 01:37:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/17 01:33:47 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/05/17 01:31:04 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/17 01:21:45 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/05/17 01:21:43 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/05/17 01:00:27 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/05/17 00:59:06 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 19:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/11/10 02:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 13:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/10 04:02:48 | 00,376,022 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/10 04:02:48 | 00,328,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/10 04:02:48 | 00,041,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/10 03:58:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/10 03:57:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/10 03:57:46 | 34,796,33920 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/08 08:05:54 | 00,011,690 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\My Documents\See the results of the current computer scan.docx
[2009/08/08 07:42:55 | 00,000,458 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/08 07:42:55 | 00,000,026 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/08 04:18:08 | 05,678,304 | -H-- | M] () -- C:\Documents and Settings\Terrell Saunders\Local Settings\Application Data\IconCache.db
[2009/08/08 04:15:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/08 04:15:18 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/08 04:15:18 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/08 04:15:18 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/08 04:15:18 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/08 04:07:46 | 16,668,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Terrell Saunders\Desktop\jre-6u15-windows-i586.exe
[2009/08/08 03:54:23 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terrell Saunders\Desktop\OTL.exe
[2009/08/07 13:26:45 | 00,287,744 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\Desktop\ii44qlk6.exe
[2009/08/07 10:20:48 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\Desktop\dds.scr
[2009/08/07 07:22:30 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/07 07:22:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/08/07 07:22:30 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/07 04:29:00 | 11,408,50688 | -HS- | M] () -- C:\NRTPage.sys
[2009/08/07 00:16:41 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/08/06 07:58:00 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/31 16:10:59 | 00,598,314 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\Cat.DB
[2009/07/28 16:11:02 | 00,004,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2009/07/28 14:44:30 | 00,000,972 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/07/28 14:44:30 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SideACT!.lnk
[2009/07/28 14:44:30 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACT!.lnk
[2009/07/27 08:10:06 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/07/22 15:30:49 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/07/22 15:30:49 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/07/22 15:30:49 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/07/22 15:30:49 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/07/22 15:30:31 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/07/22 15:30:30 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\isolate.ini
[2009/07/22 05:07:42 | 00,000,947 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/07/19 09:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 09:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 09:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 06:07:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/18 15:31:41 | 00,000,580 | ---- | M] () -- C:\Documents and Settings\Terrell Saunders\Desktop\Shortcut to CC.lnk
[2009/07/18 13:26:53 | 02,908,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Terrell Saunders\Desktop\Norton_Removal_Tool 1.exe
[2009/07/17 21:37:16 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/15 23:26:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 14:33:02 | 02,908,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Terrell Saunders\Desktop\Norton_Removal_Tool.exe
[2009/07/14 08:47:27 | 00,387,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/13 19:19:38 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
< End of report >

New DDS Log

DDS (Ver_09-07-30.01) - NTFSx86
Run by Terrell Saunders at 4:22:49.48 on Mon 08/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3318.2792 [GMT -4:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Terrell Saunders\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070517
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=czBR5P966l3IcIkXe5Try8OoYms
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\e4613a34-4965-4863-8055-a336bd01f25e.exe
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDF4 Registry Controller] "c:\program files\scansoft\pdf professional 4.0\\RegistryController.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\terrel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office 2000\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf professional 4.0\cnvres_eng.dll /100
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247311919500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-7-22 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-7-22 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-7-22 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090730.003\IDSXpx86.sys [2009-7-31 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-7-22 115560]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-7-28 822424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-19 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090809.020\NAVENG.SYS [2009-8-10 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090809.020\NAVEX15.SYS [2009-8-10 875728]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]

=============== Created Last 30 ================

2009-08-10 03:55 <DIR> --d----- C:\_OTL
2009-08-08 04:15 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-08 04:15 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-07 09:01 <DIR> --d----- c:\program files\Sophos
2009-08-06 07:58 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-06 07:56 <DIR> --d----- c:\windows\ERUNT
2009-08-06 07:48 <DIR> --d----- C:\SDFix
2009-07-28 16:11 4,608 a------- c:\windows\system32\drivers\symlcbrd.sys
2009-07-28 15:44 <DIR> --d----- c:\program files\Norton Ghost
2009-07-28 15:42 <DIR> --d----- c:\docume~1\terrel~1\applic~1\Symantec
2009-07-28 14:44 307,200 -------- c:\windows\IsUninstAct.exe
2009-07-28 14:44 192,590 a------- c:\windows\system32\ActExt.dll
2009-07-28 14:44 159,744 a------- c:\windows\system32\ActAB32.dll
2009-07-28 14:44 140,096 -------- c:\windows\system32\COMDLG32.OCX
2009-07-28 14:44 115,016 -------- c:\windows\system32\Msinet.ocx
2009-07-28 14:44 192,512 a------- c:\windows\system32\EmailShared.dll
2009-07-28 14:44 96,016 -------- c:\windows\system32\Modem.cpl
2009-07-28 14:43 48,640 a------- c:\windows\system32\ActiveActX.DEU
2009-07-28 14:43 48,128 a------- c:\windows\system32\ActiveActX.FRA
2009-07-28 14:43 47,104 a------- c:\windows\system32\ActiveActX.ESP
2009-07-28 14:43 43,520 a------- c:\windows\system32\activeactx.ITA
2009-07-28 14:43 43,008 a------- c:\windows\system32\ActiveActX.ENU
2009-07-28 14:43 893,440 a------- c:\windows\system32\ActiveActX.ocx
2009-07-27 14:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-07-22 04:57 32,592 a------- c:\windows\system32\msonpmon.dll
2009-07-20 06:23 <DIR> --d--r-- c:\program files\Norton Support
2009-07-20 06:09 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-20 06:08 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-20 06:08 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-20 06:08 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-20 06:08 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-20 06:08 <DIR> --d----- c:\program files\Symantec
2009-07-20 06:08 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-07-20 06:08 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-07-20 06:08 <DIR> --d----- c:\program files\Norton Internet Security
2009-07-20 06:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-20 06:06 <DIR> --d----- c:\program files\NortonInstaller
2009-07-20 06:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-18 15:02 <DIR> --d----- C:\CompChecker
2009-07-15 11:54 1,140,850,688 a--sh--- C:\NRTPage.sys
2009-07-14 09:17 <DIR> --d----- c:\windows\pss
2009-07-14 08:25 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-13 19:23 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-07-13 19:23 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-07-13 19:23 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-13 19:19 <DIR> --d----- c:\docume~1\terrel~1\applic~1\Malwarebytes
2009-07-13 19:19 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 19:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 19:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 19:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-13 17:06 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-07-13 17:06 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-07-13 17:06 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 17:06 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 17:06 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 17:06 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 17:06 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 17:06 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 17:06 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-07-13 17:06 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 16:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-13 16:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-13 16:49 <DIR> --d----- c:\docume~1\terrel~1\applic~1\SUPERAntiSpyware.com
2009-07-13 16:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-13 06:57 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-13 06:57 27,496 a------- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2009-07-19 09:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-07 11:31 1,914 a------- c:\docume~1\terrel~1\applic~1\SAS7_000.DAT
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-26 10:25 0 a------- c:\docume~1\terrel~1\applic~1\wklnhst.dat
2009-02-23 18:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022320090224\index.dat

============= FINISH: 4:23:20.23 ===============


Thanks for your help.
TSau

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:18 AM

Posted 10 August 2009 - 01:13 PM

TSau, Yor logs look fine to me now.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates is always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

unite.jpg


#11 TSau

TSau
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 10 August 2009 - 02:01 PM

Syler,

:thumbup2: :) Thank You sooooomuch for your help. I was at the point of wiping my hard drive and starting over. That would have been stupid as I was almost out of the woods!! I try to stay updated and surf clean, but you never know where bad stuff can come from.

I hope you have a blessed day and remember:
God loves you!!!!!!!!!!!!!!!!!!!!!!!! :)

TSau

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:18 AM

Posted 10 August 2009 - 02:15 PM

You're very welcome TSau :thumbup2:

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users