Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newer Rootkit (Trojan-Spy.Win32.Agent.azpj)


  • This topic is locked This topic is locked
15 replies to this topic

#1 Ray Grimm

Ray Grimm

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 September 2009 - 07:32 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/255236/infected-with-trojan-spywin32agentazpj/ ~ OB

2009-09-09,07:59:09

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<DellSupport><"C:\Program Files\Dell Support\DSAgnt.exe" /startup>  [Gteko Ltd.]
	<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
	<DellSupportCenter><"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter>  [(Verified)Dell Inc.]
	<Monopod><C:\DOCUME~1\Barbara\LOCALS~1\Temp\a.exe>  [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<nwiz><nwiz.exe /installquiet>  []
	<NVHotkey><rundll32.exe nvHotkey.dll,Start>  [NVIDIA Corporation]
	<SigmatelSysTrayApp><stsystra.exe>  [SigmaTel, Inc.]
	<Dell QuickSet><C:\Program Files\Dell\QuickSet\quickset.exe>  [Dell Inc]
	<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup>  [InstallShield Software Corporation]
	<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
	<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  [(Verified)Google Inc.]
	<PCMService><"C:\Program Files\Dell\MediaDirect\PCMService.exe">  [CyberLink Corp.]
	<Logitech Hardware Abstraction Layer><KHALMNPR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Kernel and Hardware Abstraction Layer><KHALMNPR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<dla><C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions]
	<dscactivate><"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe">  [ ]
	<DellSupportCenter><"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter>  [(Verified)Dell Inc.]
	<AppleSyncNotifier><C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe>  [(Verified)Apple Inc.]
	<HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
	<hpbdfawep><C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1>  [File is missing]
	<IntelZeroConfig><"C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe">  [Intel(R) Corporation]
	<IntelWireless><"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray>  [Intel(R) Corporation]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<AVP><"C:\Program Files\EarthLink\EarthLink Protection Control Center\avp.exe">  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
	<UPnPMonitor><C:\WINDOWS\system32\upnpui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
	<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
	<WinlogonNotify: LBTWlgn><c:\program files\common files\logitech\bluetooth\LBTWlgn.dll>  [(Verified)Logitech]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
	<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
	<SCRNSAVE.EXE><C:\WINDOWS\system32\scrnsave.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
[Bluetooth]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk --> C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [Broadcom Corporation.]><N>
[Digital Line Detect]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk --> C:\PROGRA~1\DIGITA~1\DLG.exe [BVRP Software]><N>
[Logitech SetPoint]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk --> C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [Logitech, Inc.]><N>
[LUMIX Simple Viewer]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk --> C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [Matsubleepa Electric Industrial Co., Ltd.]><N>

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[EarthLink Protection Control Center / AVP][Stopped/Auto Start]
  <"C:\Program Files\EarthLink\EarthLink Protection Control Center\avp.exe" -r><N/A>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[Bluetooth Service / btwdins][Running/Auto Start]
  <C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe>
[Intel® PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\WiFi\bin\EvtEng.exe><Intel(R) Corporation>
[Google Desktop Manager 5.7.806.10245 / GoogleDesktopManager-061008-081103][Stopped/Manual Start]
  <"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"><Google>
[Google Update Service (gupdate1c9f262ec9a71d2) / gupdate1c9f262ec9a71d2][Stopped/Auto Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Google Software Updater / gusvc][Stopped/Auto Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[Lavasoft Ad-Aware Service / Lavasoft Ad-Aware Service][Stopped/Auto Start]
  <"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"><(File is missing)>
[Logitech Bluetooth Service / LBTServ][Running/Auto Start]
  <C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE><Logitech, Inc.>
[MAPILab Groupware Server Interlayer / MGFInterlayer][Running/Manual Start]
  <"C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFInterlayer.exe"><MAPILab Ltd.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Intel® PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
  <C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe><Intel(R) Corporation>
[Intel® PROSet/Wireless WiFi Service / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\WiFi\bin\S24EvMon.exe><Intel(R) Corporation>
[SupportSoft Sprocket Service (dellsupportcenter) / sprtsvc_dellsupportcenter][Running/Auto Start]
  <C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter><SupportSoft, Inc.>

==================================
Drivers
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[APPDRV / APPDRV][Running/System Start]
  <\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS><Dell Inc>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys>
[Bluetooth Audio Device / btaudio][Running/Manual Start]
  <system32\drivers\btaudio.sys>
[Bluetooth Virtual Communications Driver / BTDriver][Running/Manual Start]
  <system32\DRIVERS\btport.sys>
[Bluetooth Bus Enumerator / BTKRNL][Running/Manual Start]
  <system32\DRIVERS\btkrnl.sys>
[Bluetooth Serial Driver / BTSERIAL][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\btserial.sys>
[Bluetooth LAN Access Server / BTWDNDIS][Running/Manual Start]
  <system32\DRIVERS\btwdndis.sys>
[btwhid / btwhid][Running/Manual Start]
  <system32\DRIVERS\btwhid.sys>
[Bluetooth Modem / btwmodem][Running/Manual Start]
  <system32\DRIVERS\btwmodem.sys>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start]
  <System32\Drivers\btwusb.sys>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
  <system32\drivers\drvnddm.sys><Sonic Solutions>
[DSproct / DSproct][Running/Manual Start]
  <\??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys><GTek Technologies Ltd.>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HPFXBULK / HPFXBULK][Stopped/Manual Start]
  <system32\drivers\hpfxbulk.sys><Hewlett Packard>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Kingsun KS-959 USB Infrared Adapter / KS-959][Stopped/Manual Start]
  <system32\DRIVERS\KS-959.sys><Kingsun Corporation>
[Logitech SetPoint KMDF HID Filter Driver / LHidFilt][Running/Manual Start]
  <system32\DRIVERS\LHidFilt.Sys><Logitech, Inc.>
[Logitech SetPoint HID Mouse Filter Driver / LHidKe][Stopped/Manual Start]
  <system32\DRIVERS\LHidKE.Sys><Logitech, Inc.>
[Logitech SetPoint KMDF Mouse Filter Driver / LMouFilt][Running/Manual Start]
  <system32\DRIVERS\LMouFilt.Sys><Logitech, Inc.>
[Logitech SetPoint Mouse Filter Driver / LMouKE][Stopped/Manual Start]
  <system32\DRIVERS\LMouKE.Sys><Logitech, Inc.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[McAfee Inc. mfeavfk / mfeavfk][Stopped/Manual Start]
  <system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. mfebopk / mfebopk][Stopped/Manual Start]
  <system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. mferkdk / mferkdk][Stopped/Manual Start]
  <system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. mfesmfk / mfesmfk][Stopped/Manual Start]
  <system32\drivers\mfesmfk.sys><McAfee, Inc.>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit / NETw3x32][Stopped/Manual Start]
  <system32\DRIVERS\NETw3x32.sys><Intel® Corporation>
[Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit / NETw4x32][Stopped/Manual Start]
  <system32\DRIVERS\NETw4x32.sys><Intel Corporation>
[Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit / NETw5x32][Running/Manual Start]
  <system32\DRIVERS\NETw5x32.sys><Intel Corporation>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[OMCI WDM Device Driver / omci][Running/System Start]
  <system32\DRIVERS\omci.sys><Dell Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  <system32\DRIVERS\rixdptsk.sys><REDC>
[rootrepeal / rootrepeal][Stopped/]
  <2 - The system cannot find the file specified.
><N/A>
[WLAN Transport / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sscdbhk5 / sscdbhk5][Running/System Start]
  <system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
  <system32\drivers\ssrtln.sys><Sonic Solutions>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tfsnboio / tfsnboio][Running/Auto Start]
  <system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
  <system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
  <system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
  <system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
  <system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
  <system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
  <system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
  <system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
  <system32\dla\tfsnudfa.sys><Sonic Solutions>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll, (Signed) Google Inc.>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll, (Signed) Google Inc.>
[CBrowserHelperObject Object]
  {CA6319C0-31B7-401E-A518-A07C3DB8F777} <C:\Program Files\BAE\BAE.dll, Dell Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[Web Anti-Virus statistics]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\EarthLink\EarthLink Protection Control Center\SCIEPlgn.dll, (Signed) EarthLink>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[@btrez.dll,-4015]
  {CCA281CA-C863-46ef-9331-5C8D4460577F} <, >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Google Toolbar]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, (Signed) >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.5.0_07]
  {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0]
  {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <, >
[get_atlcom Class]
  {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, (Signed) NOS Microsystems Ltd.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {089FD14D-132B-48FC-8861-0048AE113215} <, >
[]
  {0BF43445-2F28-4351-9252-17FE6E806AA0} <, >
[]
  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Google Toolbar]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[]
  {39FD89BF-D3F1-45B6-BB56-3582CCF489E1} <, >
[]
  {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} <, >
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <, >
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll, (Signed) Google Inc.>
[]
  {B164E929-A1B6-4A06-B104-2CD0E90A88FF} <, >
[]
  {BA52B914-B692-46C4-B683-905236F6F655} <, >
[&Discuss]
  {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} <shdocvw.dll, Microsoft Corporation>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll, (Signed) Google Inc.>
[CBrowserHelperObject Object]
  {CA6319C0-31B7-401E-A518-A07C3DB8F777} <C:\Program Files\BAE\BAE.dll, Dell Inc.>
[]
  {CCA281CA-C863-46EF-9331-5C8D4460577F} <, >
[]
  {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} <, >
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >

==================================
Running Processes
[PID: 1648 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1768 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1796 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\klogon.dll]  [EarthLink, 7.0.1.325]
	[c:\program files\common files\logitech\bluetooth\LBTWlgn.dll]  [Logitech, Inc., 4.60.122]
	[c:\program files\common files\logitech\bluetooth\LBTServ.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\system32\netprovcredman.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
[PID: 1840 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
[PID: 1852 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\system32\netprovcredman.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
[PID: 144 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
[PID: 236 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 468 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 504 / SYSTEM][C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE]  [Logitech, Inc., 4.60.122]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
[PID: 604 / SYSTEM][C:\Program Files\Intel\WiFi\bin\S24EvMon.exe]  [Intel(R) Corporation, 12, 1, 1, 9]
	[C:\Program Files\Intel\WiFi\bin\IntStngs.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL]  [N/A, ]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll]  [Intel(R) Corporation, 12, 1, 1, 2]
	[C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
	[C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\SupplicantPlugin.dll]  [Intel(R) Corporation, 12, 1, 1, 12]
	[C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\WSCPlugin.dll]  [Intel(R) Corporation, 12, 1, 1, 5]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\Intel\WiFi\bin\supplicant.dll]  [Devicescape Software, Inc., 1, 0, 72, 0]
[PID: 868 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
[PID: 1060 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1340 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\bthcrp.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\WidcommSdk.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\HpTcpMon.dll]  [Hewlett Packard, 6.01.00.007]
	[C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 2.01.00.004]
	[C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 6.01.00.007]
	[C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 6.01.00.007]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp43e.DLL]  [Hewlett-Packard Corporation, 60.053.644.00]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 1428 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1468 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.12.33.0]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
[PID: 1488 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,5,11]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
[PID: 1512 / SYSTEM][C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe]  [Broadcom Corporation., 5.0.1.2609]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
[PID: 1540 / SYSTEM][C:\Program Files\Intel\WiFi\bin\EvtEng.exe]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll]  [Intel(R) Corporation, 12, 1, 1, 2]
	[C:\Program Files\Intel\WiFi\bin\MurocApi.dll]  [Intel(R) Corporation, 12, 1, 1, 5]
	[C:\Program Files\Intel\WiFi\bin\IntStngs.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
	[C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll]  [Intel(R) Corporation, 12, 1, 1, 2]
	[C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll]  [Intel(R) Corporation, 12, 1, 1, 1]
[PID: 1704 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
[PID: 356 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8429]
[PID: 648 / SYSTEM][C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
[PID: 880 / SYSTEM][C:\WINDOWS\system32\tcpsvcs.exe]  [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 936 / SYSTEM][C:\WINDOWS\System32\snmp.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 952 / SYSTEM][C:\Program Files\Dell Support Center\bin\sprtsvc.exe]  [SupportSoft, Inc., 7.0.1117.0]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Dell Support Center\bin\sprtsched.dll]  [SupportSoft, Inc., 7.0.940.0]
	[C:\Program Files\Dell Support Center\bin\sprtfod.dll]  [SupportSoft, Inc., 7.0.940.0]
	[C:\Program Files\Dell Support Center\bin\LIBEAY32.dll]  [SupportSoft, Inc., 0, 9, 8, 4, 1]
	[C:\Program Files\Dell Support Center\bin\sprtsync.dll]  [SupportSoft, Inc., 7.0.1302.0]
	[C:\Program Files\Dell Support Center\bin\sprtupdate.dll]  [SupportSoft, Inc., 7.0.940.0]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
[PID: 2852 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
[PID: 3484 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
[PID: 2088 / Barbara][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\btncopy.dll]  [Broadcom Corporation., 5.0.1.2609]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll]  [Sun Microsystems, Inc., 8.0.0.9118]
	[C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll]  [Sun Microsystems, Inc., 8.0.0.9107]
	[C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll]  [STLport Consulting, Inc., 4.5.2003.0120]
	[C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\WINDOWS\system32\netprovcredman.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]
	[C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
	[C:\Program Files\Dell\QuickSet\dadkeyb.dll]  [N/A, ]
	[c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll]  [McAfee, Inc., 13,3,127,0]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\ShellEx.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 2988 / Barbara][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\nvHotkey.dll]  [NVIDIA Corporation, 6.14.10.8429]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 2996 / Barbara][C:\WINDOWS\stsystra.exe]  [SigmaTel, Inc., 1.0.4995.1  nd446 cp1]
	[C:\WINDOWS\system32\STLang.dll]  [SigmaTel, Inc., 1.1.4991.0  nd229 cp1]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\stacapi.dll]  [SigmaTel, Inc., 1.0.4995.1  nd446 cp1]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 3016 / Barbara][C:\Program Files\Dell\QuickSet\quickset.exe]  [Dell Inc, 7, 1, 12, 0]
	[C:\Program Files\Dell\QuickSet\IWH9.dll]  [Dell Inc, 7, 1, 12, 0]
	[C:\Program Files\Dell\QuickSet\IWH10.dll]  [Dell Inc, 7, 1, 12, 0]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Intel\WiFi\bin\MurocApi.dll]  [Intel(R) Corporation, 12, 1, 1, 5]
	[C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
	[C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll]  [Intel(R) Corporation, 12, 1, 1, 2]
	[C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll]  [Intel(R) Corporation, 12, 1, 1, 1]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Dell\QuickSet\dadkeyb.dll]  [N/A, ]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 3028 / Barbara][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.2.4.6 08Mar06]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.2.4.6 08Mar06]
	[C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.2.4.6 08Mar06]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 3044 / Barbara][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [InstallShield Software Corporation, 3, 10, 100, 1155]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 3080 / Barbara][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe]  [Google, 5.7.806.10245]
	[C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL]  [Google, 5.7.806.10245]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll]  [Google, 5.7.806.10245]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 5.7.806.10245]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 5.7.806.10245]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll]  [Google, 5.7.806.10245]
	[C:\Program Files\Google\Google Desktop Search\gzlib.dll]  [N/A, ]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 3268 / Barbara][C:\Program Files\Dell\MediaDirect\PCMService.exe]  [CyberLink Corp., 4, 5, 0, 0]
	[C:\Program Files\Dell\MediaDirect\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\Dell\MediaDirect\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Dell\MediaDirect\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Dell\MediaDirect\Kernel\common\CLRCEngine3.dll]  [CyberLink Corp., 4.07.2314]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 1720 / Barbara][C:\WINDOWS\system32\dla\tfswctrl.exe]  [Sonic Solutions, 1.04.08a]
	[C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.08a]
	[C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.08a]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 3984 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
[PID: 780 / Barbara][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Co., 50.0.146.000]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 2136 / Barbara][C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe]  [Intel(R) Corporation, 12.1.1.8]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
	[C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll]  [Intel(R) Corporation, 12, 1, 1, 2]
	[C:\Program Files\Intel\WiFi\bin\MurocApi.dll]  [Intel(R) Corporation, 12, 1, 1, 5]
	[C:\Program Files\Intel\WiFi\bin\IntStngs.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll]  [Intel(R) Corporation, 12, 1, 1, 1]
	[C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll]  [Intel(R) Corporation, 12, 1, 1, 2]
	[C:\Program Files\Intel\WiFi\bin\DbEngine.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 2180 / Barbara][C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\WiWiTray.dll]  [Intel(R) Corporation, 12, 1, 1, 1]
	[C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\ConnMgr.dll]  [Intel(R) Corporation, 12.1.1.11]
	[C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.DLL]  [Intel(R) Corporation, 12, 1, 1, 2]
	[C:\Program Files\Intel\WiFi\bin\MurocApi.dll]  [Intel(R) Corporation, 12, 1, 1, 5]
	[C:\Program Files\Intel\WiFi\bin\IntStngs.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll]  [Intel(R) Corporation, 12, 1, 1, 1]
	[C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll]  [Intel(R) Corporation, 12, 1, 1, 2]
	[C:\Program Files\Intel\WiFi\bin\DbEngine.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 2224 / Barbara][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Inc., 8.0.2.20]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\QuickTime\QTSystem\QuickTime.qts]  [Apple Inc., 7.6 (1292)]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll]  [Apple Inc., 185.11.0.10]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
[PID: 2232 / Barbara][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe]  [Google, 5.7.806.10245]
	[C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL]  [Google, 5.7.806.10245]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll]  [Google, 5.7.806.10245]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 5.7.806.10245]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 5.7.806.10245]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
[PID: 204 / Barbara][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
[PID: 2588 / Barbara][C:\Program Files\Dell Support\DSAgnt.exe]  [Gteko Ltd., 2, 1, 3, 176]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Dell Support\GTAgnt.dll]  [Gteko Ltd., 1, 0, 0, 12]
	[C:\Program Files\Dell Support\CfgData.DLL]  [Gteko Ltd., 1, 0, 0, 42]
	[C:\Program Files\Dell Support\ActMgr.dll]  [Gteko Ltd., 1, 0, 0, 18]
	[c:\progra~1\dellsu~1\gtaction\handlers\grouph.dll]  [Gteko Ltd., 1, 0, 0, 39]
	[c:\progra~1\dellsu~1\gtaction\handlers\qdiagh.dll]  [Gteko Ltd., 1, 0, 0, 32]
	[c:\progra~1\dellsu~1\gtaction\handlers\trgloadh.dll]  [Gteko Ltd., 1, 0, 0, 12]
	[c:\progra~1\dellsu~1\gtaction\handlers\trgregh.dll]  [Gteko Ltd., 1, 0, 0, 32]
	[C:\Program Files\Dell Support\TrgMgr.DLL]  [Gteko Ltd., 1, 0, 1, 19]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\PROGRA~1\DELLSU~1\GTACTION\TRIGGERS\TIMERT.DLL]  [Gteko Ltd., 1, 0, 0, 9]
	[C:\PROGRA~1\DELLSU~1\gdql_d.dll]  [Gteko Ltd., 1, 0, 0, 127]
	[C:\PROGRA~1\DELLSU~1\GTACTION\TRIGGERS\DSPROCT.DLL]  [Gteko Ltd., 1, 0, 1, 12]
	[C:\PROGRA~1\DELLSU~1\GTACTION\TRIGGERS\DSWNHNT.DLL]  [Gteko Ltd., 1, 0, 3, 25]
	[C:\Program Files\Dell Support\AUPNP.dll]  [Gteko Ltd., 1, 0, 0, 27]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
[PID: 2360 / Barbara][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\gtn.dll]  [Google Inc., 5, 1, 1309, 15642]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll]  [Google Inc., 5, 1, 1309, 15642]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 2644 / Barbara][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 3144 / Barbara][C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\btwhidcs.DLL]  [Broadcom Corporation., 5.0.1.2609]
	[C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\btrez.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\CSH.dll]  [Blue Sky Software Corporation, 2.00.039]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
[PID: 3180 / Barbara][C:\Program Files\Digital Line Detect\DLG.exe]  [BVRP Software, 1, 0, 0, 1]
	[C:\Program Files\Digital Line Detect\BVRPDIAG.dll]  [BVRP Software, 1.0]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\MdmXSdk.dll]  [Conexant, 1.0.2.006]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 3284 / Barbara][C:\Program Files\Logitech\SetPoint\SetPoint.exe]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\system32\KemXML.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\system32\kemutb.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\system32\KemUtil.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.42]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\system32\KemWnd.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Logitech\SetPoint\SetPointCOM.dll]  [Logitech, Inc., 4.60.122]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.42]
	[C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Logitech\SetPoint\IMHook.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Logitech\SetPoint\WebBrowserSupport.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\Program Files\Common Files\Logishrd\KHAL2\KhalApi.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Common Files\Logitech\bluetooth\LBTServ.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Logitech\SetPoint\kgame.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Logitech\SetPoint\GameHook.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Common Files\Logitech\bluetooth\lbtinte.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Logitech\SetPoint\LCabHandler.dll]  [Logitech, Inc., 4.60.122]
[PID: 3124 / Barbara][C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe]  [Matsubleepa Electric Industrial Co., Ltd., 1.10L09.0057]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\CmLibs2.dll]  [Matsubleepa Electric Industrial Co., Ltd., 1.10L04.0163]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\ippi20.dll]  [Intel Corporation., 3,0,18,54]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\CmlibsEx.dll]  [Matsubleepa Electric Industrial Co., Ltd., 1.10L01.0117]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\CheckMarkCache.dll]  [Matsubleepa Electric Industrial Co., Ltd., 1.10L01.0082]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\ipp20\ippiw7.dll]  [Intel Corporation., 3,0,18,54]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\PictureLib.pcp]  [Matsubleepa Electric Industrial Co., Ltd., 1.10L01.0130]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\LTKRN12n.dll]  [LEAD Technologies, Inc., 12.1.0.068]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\LTDIS12n.dll]  [LEAD Technologies, Inc., 12.1.0.068]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\LTFIL12n.DLL]  [LEAD Technologies, Inc., 12.1.0.068]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\IppJpeg.dll]  [Matsubleepa Electric Industrial Co., Ltd., 1.00L10.0065]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\ippcore.dll]  [Intel Corporation., 3,0,18,18]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\ippj20.dll]  [Intel Corporation., 3,0,17,35]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\ipp20\ippjw7.dll]  [Intel Corporation., 3,0,17,35]
	[C:\Program Files\Panasonic\LUMIXSimpleViewer\MjThumb.vcp]  [Matsubleepa Electric Industrial Co., Ltd., 1.10L01.0133]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 2720 / Barbara][C:\WINDOWS\system32\wbem\unsecapp.exe]  [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 2632 / Barbara][C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\btins.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\BtAudioHelper.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\system32\btrez.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\CSH.dll]  [Blue Sky Software Corporation, 2.00.039]
	[C:\WINDOWS\system32\btosif_ol.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\btosif_olx.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\btosif_notes.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
[PID: 2908 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Intel\WiFi\bin\iWMSProv.dll]  [N/A, ]
	[C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll]  [Intel(R) Corporation, 12, 1, 1, 0]
	[C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll]  [Intel(R) Corporation, 12, 1, 1, 2]
[PID: 2576 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Inc., 8.0.2.20]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Inc., 8.0.2.20]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
[PID: 3740 / Barbara][C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE]  [Logitech, Inc., 4.60.42]
	[C:\Program Files\Common Files\Logishrd\KHAL2\KHALAPI.DLL]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Common Files\Logitech\bluetooth\LBTServ.dll]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.DLL]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.DLL]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.DLL]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.DLL]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.DLL]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.DLL]  [Logitech, Inc., 4.60.122]
	[C:\Program Files\Common Files\Logitech\bluetooth\lbtinte.dll]  [Logitech, Inc., 4.60.122]
[PID: 2052 / Barbara][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 5148 / Barbara][C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE]  [Microsoft Corporation, 11.0.8217]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopOffice.dll]  [Google, 5.7.806.10245]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 5.7.806.10245]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 5.7.806.10245]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll]  [Google, 5.7.806.10245]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\mcou.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\mapiedk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\prremote.dll]  [EarthLink, 7.0.1.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\prloader.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\prkernel.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\pxstub.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\params.ppl]  [EarthLink, 7.0.1.325]
	[C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFServerEvents.dll]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[C:\WINDOWS\system32\btsendto_office.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\btsendto.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\WidcommSdk.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.0.1.2609]
	[C:\WINDOWS\system32\mgfmsp32.dll]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFServerPS.dll]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[C:\Program Files\Martin Information Services Inc\Global Calendar Sharing\CalendarAdminDLL.dll]  [Martin Information Services, Inc., 2.02.0005]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\mcouas.dll]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\winreg.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\trainsup.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\mdb.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\msoe.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\antispam.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\sfdb.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\thpimpl.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\basegui.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\nfio.ppl]  [EarthLink, 7.0.1.325]
	[c:\program files\earthlink\earthlink protection control center\fsdrvplg.ppl]  [EarthLink, 7.0.1.325]
	[C:\Program Files\CyberLink\OutlookAddinSetup\OutlookAddin.dll]  [TODO: <Company name>, 1.0.0.1]
	[C:\Program Files\CyberLink\OutlookAddinSetup\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
	[C:\Program Files\CyberLink\OutlookAddinSetup\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
	[C:\PROGRA~1\COMMON~1\Apple\MOBILE~1\bin\OUTLOO~2.DLL]  [Apple Inc., 8.0.2.0]
	[c:\program files\earthlink\earthlink protection control center\mailmsg.ppl]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
	[C:\Program Files\Dell\QuickSet\dadkeyb.dll]  [N/A, ]
[PID: 5872 / MGS_USER][C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFInterlayer.exe]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFServerEvents.dll]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFServerPS.dll]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
[PID: 5492 / Barbara][C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFEventsProxy.exe]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFServerEvents.dll]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\Program Files\MAPILab Ltd\MAPILab Groupware Server\MGFServerPS.dll]  [MAPILab Ltd., 1.5.3.2, build at January 19, 2009]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
[PID: 2536 / Barbara][C:\WINDOWS\system32\mstsc.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
	[C:\Program Files\Dell\QuickSet\dadkeyb.dll]  [N/A, ]
	[C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
	[C:\WINDOWS\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
	[C:\WINDOWS\system32\tsd32.dll]  [, ]
[PID: 3720 / Barbara][C:\Documents and Settings\Barbara\Desktop\Computer Maintenance\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 5372 / Barbara][C:\Documents and Settings\Barbara\Desktop\Computer Maintenance\sreng2\SRE8e99dfd1.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Program Files\Logitech\SetPoint\lgscroll.dll]  [Logitech, Inc., 4.60.122]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Documents and Settings\Barbara\Desktop\Computer Maintenance\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\miscr3.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\fssync.dll]  [EarthLink, 7.0.5.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\adialhk.dll]  [EarthLink, 7.0.1.325]
	[\\?\globalroot\Device\__max++>\44681016.x86.dll]  [N/A, ]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\scrchpg.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\dnsq.dll]  [EarthLink, 7.0.1.325]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,5,11]
	[C:\Program Files\EarthLink\EarthLink Protection Control Center\klscav.dll]  [EarthLink, 7.0.1.325]
[PID: 1048 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
[PID: 2064 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
	[C:\PROGRA~1\EARTHL~1\EARTHL~1\adialhk.dll]  [EarthLink, 7.0.1.325]
==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 604, C:\PROGRAM FILES\INTEL\WIFI\BIN\S24EVMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1512, C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1540, C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 648, C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2996, C:\WINDOWS\STSYSTRA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3016, C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3044, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3268, C:\PROGRAM FILES\DELL\MEDIADIRECT\PCMSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1720, C:\WINDOWS\SYSTEM32\DLA\TFSWCTRL.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 780, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2136, C:\PROGRAM FILES\INTEL\WIFI\BIN\ZCFGSVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2180, C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\IFRMEWRK.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2588, C:\PROGRAM FILES\DELL SUPPORT\DSAGNT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3144, C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3180, C:\PROGRAM FILES\DIGITAL LINE DETECT\DLG.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3124, C:\PROGRAM FILES\PANASONIC\LUMIXSIMPLEVIEWER\PHLEAUTORUN.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2632, C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3720, C:\DOCUMENTS AND SETTINGS\BARBARA\DESKTOP\COMPUTER MAINTENANCE\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] GoogleUpdateTaskMachineUA.job
		C:\Program Files\Google\Update\GoogleUpdate.exe 
[Enabled] GoogleUpdateTaskMachineCore.job
		C:\Program Files\Google\Update\GoogleUpdate.exe 
[Enabled] Google Software Updater.job
		C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
[Enabled] AppleSoftwareUpdate.job
		C:\Program Files\Apple Software Update\SoftwareUpdate.exe 
[Enabled] Ad-Aware Update (Weekly).job
		C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 
[Enabled] {BB65B0FB-5712-401b-B616-E69AC55E2757}.job
		C:\DOCUME~1\Barbara\LOCALS~1\Temp\a.exe 
[Enabled] {7B02EF0B-A410-4938-8480-9BA26420A627}.job
		C:\WINDOWS\msa.exe 

==================================
Windows Security Update Check
KB940157,  Windows Search 4.0 for Windows XP (KB940157) 
KB940157,  Windows Live Essentials 
KB909520,  Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) 
KB931125,  Update for Root Certificates [May 2009] (KB931125) 
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86 
KB951847,  Office Live add-in 1.4 
KB968389,  Update for Windows XP (KB968389) 
KB973874,  Update for Internet Explorer 8 Compatibility View List for Windows XP (KB973874) 
KB973515,  Update for Microsoft Office Outlook 2003 Junk Email Filter (KB973515) 
KB974331,  Update for Microsoft Silverlight (KB974331) 
KB956844,  Security Update for Windows XP (KB956844) MS09-046
KB890830,  Windows Malicious Software Removal Tool - September 2009 (KB890830) 
KB971961,  Security Update for Jscript 5.8 for Windows XP (KB971961) MS09-045
KB968816,  Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB968816) MS09-047

==================================
API HOOK
RVA Error:  LoadLibraryA (Dangerous Level: High,  Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error:  LoadLibraryExA (Dangerous Level: High,  Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error:  LoadLibraryExW (Dangerous Level: High,  Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error:  LoadLibraryW (Dangerous Level: High,  Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error:  GetProcAddress (Dangerous Level: High,  Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
Hidden Process
N/A

==================================

Edited by Orange Blossom, 09 September 2009 - 08:30 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 10 September 2009 - 12:41 PM

Please save this file to your Desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Ray Grimm

Ray Grimm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 10 September 2009 - 03:40 PM

Log file is located at: C:\Documents and Settings\Barbara\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-04 07:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 10 September 2009 - 03:42 PM

Make sure you save Win32kDiag on your Desktop BEFORE doing below fix..

Go to Start >> Run >> copy/paste below >> Enter. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Ray Grimm

Ray Grimm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 10 September 2009 - 09:07 PM

Log file is located at: C:\Documents and Settings\Barbara\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-04 07:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\ch3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\ch3

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\ch4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\ch4

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch5\ch5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch5\ch5

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch6\ch6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch6\ch6

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\instch_gdql_d_cache\instch_gdql_d_cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\instch_gdql_d_cache\instch_gdql_d_cache

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1726679162-1508510332-2989019714-1003\S-1-5-21-1726679162-1508510332-2989019714-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1726679162-1508510332-2989019714-1003\S-1-5-21-1726679162-1508510332-2989019714-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Bluetooth Software\sync\sync

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Bluetooth Software\sync\sync

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\206175f6a4b3\206175f6a4b3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\206175f6a4b3\206175f6a4b3

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\MediaDirect\IEPG\IEPG

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\MediaDirect\IEPG\IEPG

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1726679162-1508510332-2989019714-1003\S-1-5-21-1726679162-1508510332-2989019714-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1726679162-1508510332-2989019714-1003\S-1-5-21-1726679162-1508510332-2989019714-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\Bluetooth Exchange Folder\Bluetooth Exchange Folder

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\Bluetooth Exchange Folder\Bluetooth Exchange Folder

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-04 07:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)

[1] 2004-08-04 07:00:00 10752 C:\i386\dumprep.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 07:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 07:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\Temp\BTN%Copy%1\BTN%Copy%2\BTN%Copy%2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\BTN%Copy%1\BTN%Copy%2\BTN%Copy%2

Found mount point : C:\WINDOWS\Temp\dellsupportcenter_13087\dellsupportcenter_13087

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\dellsupportcenter_13087\dellsupportcenter_13087

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Found mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Found mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Found mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Found mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Found mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Found mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Found mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Found mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Found mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Found mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Found mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Found mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Found mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Found mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Found mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Found mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Found mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Found mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Found mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Found mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Found mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Found mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Found mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Found mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Found mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Found mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Found mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Found mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Found mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Found mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Found mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Found mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Found mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Found mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Found mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Found mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Found mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f

Found mount point : C:\WINDOWS\Temp\MCE00030\MCE00030

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00030\MCE00030

Found mount point : C:\WINDOWS\Temp\MCE00031\MCE00031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00031\MCE00031

Found mount point : C:\WINDOWS\Temp\MCE00032\MCE00032

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00032\MCE00032

Found mount point : C:\WINDOWS\Temp\MCE00033\MCE00033

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00033\MCE00033

Found mount point : C:\WINDOWS\Temp\MCE00034\MCE00034

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00034\MCE00034

Found mount point : C:\WINDOWS\Temp\MCE00035\MCE00035

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00035\MCE00035

Found mount point : C:\WINDOWS\Temp\MCE00036\MCE00036

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00036\MCE00036

Found mount point : C:\WINDOWS\Temp\MCE00037\MCE00037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00037\MCE00037

Found mount point : C:\WINDOWS\Temp\MCE00038\MCE00038

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00038\MCE00038

Found mount point : C:\WINDOWS\Temp\MCE00039\MCE00039

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00039\MCE00039

Found mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a

Found mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b

Found mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c

Found mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d

Found mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e

Found mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f

Found mount point : C:\WINDOWS\Temp\MCE00040\MCE00040

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00040\MCE00040

Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 10 September 2009 - 11:58 PM

Run Win32kDiag once again (just double-click it) and then post the log here :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Ray Grimm

Ray Grimm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 11 September 2009 - 07:44 AM

Log file is located at: C:\Documents and Settings\Barbara\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-04 07:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 07:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 07:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)





Finished!

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 11 September 2009 - 08:16 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Ray Grimm

Ray Grimm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 11 September 2009 - 03:13 PM

Log of ComboFix follows. Please note that Protection Control Center had been disabled AND "completely" uninstalled, but Windows Security was still reporting that it was active. Also, McAfee had been installed earlier (never to be installed again, thank-you-very-much). Do you have a recommendation for anti-virus, anti-spyware, anti-malware protection that I can use from now on, since McAfee failed to protect me?

Current system behavior appears to have improved - IE is no longer hijacked, and Firefox started but reported crash (instead of just doing nothing).

Any other steps that I need to take at this time?

YOU GUYS ROCK!!!!

ComboFix 09-09-10.03 - Barbara 09/11/2009 15:21.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1545 [GMT -4:00]
Running from: c:\documents and settings\Barbara\Desktop\Combo-Fix.exe
AV: Protection Control Center *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Protection Control Center *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\7f25f.msi
c:\windows\Installer\b1d8a7f.msp

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-04 18:42 . 2009-09-04 18:42 -------- d-----w- c:\program files\McAfee.com
2009-09-04 18:42 . 2009-09-04 18:42 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-04 18:42 . 2009-09-04 18:42 -------- d-----w- c:\program files\McAfee
2009-09-04 18:42 . 2009-09-04 18:42 -------- d-----w- c:\program files\EarthLink
2009-09-04 14:45 . 2009-09-04 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-03 11:27 . 2009-09-03 11:27 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2009-09-03 00:01 . 2009-09-03 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EarthLink Setup Files
2009-09-03 00:01 . 2009-09-11 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\EarthLink
2009-08-13 13:36 . 2009-08-13 13:36 -------- d-sh--w- c:\documents and settings\Barbara\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 21:32 . 2007-03-22 17:36 141054 ----a-w- c:\windows\system32\nvModes.dat
2009-09-04 18:43 . 2009-09-03 11:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Gtek
2009-09-04 14:23 . 2007-03-22 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-19 12:18 . 2008-10-09 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-05 09:01 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 21:38 . 2007-03-22 17:48 -------- d-----w- c:\program files\Java
2009-08-03 21:01 . 2009-02-05 17:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 09:23 . 2009-01-15 18:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 18:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-10 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 18:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2008-09-03 20:07 . 2007-04-04 15:05 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-26 14:48 . 2007-03-27 18:19 168 --sh--r- c:\windows\system32\EC2CE0306C.sys
2009-02-26 14:48 . 2007-03-27 18:19 5798 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-03 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-03-21 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-22 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-20 805392]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-11-24 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=
"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S2 gupdate1c9f262ec9a71d2;Google Update Service (gupdate1c9f262ec9a71d2);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2009 7:25 AM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/10/2004 2:51 PM 14336]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/22/2007 2:03 PM 29744]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [10/10/2008 6:07 PM 19018]
S3 MGFInterlayer;MAPILab Groupware Server Interlayer;c:\program files\MAPILab Ltd\MAPILab Groupware Server\MGFInterlayer.exe [1/19/2009 4:42 PM 392464]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-27 11:22]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 11:24]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 11:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=105-79&installtype=force&dtag=h0y6qc1&langid=1&systempopup=true
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Barbara\Application Data\Mozilla\Firefox\Profiles\nq5qawaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\Barbara\Application Data\Mozilla\Firefox\Profiles\nq5qawaw.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\Bluetooth\LBTServ.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-09-11 16:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 20:01

Pre-Run: 74,452,443,136 bytes free
Post-Run: 74,496,884,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

224 --- E O F --- 2009-08-29 13:06

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 11 September 2009 - 03:15 PM

Reboot your computer and then do below..

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Ray Grimm

Ray Grimm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 11 September 2009 - 05:49 PM

mbam log follows ...

IE working fine still. Refreshed the Firefox install, and it looks stable now. New install of Earthlink Protection Control Center was successful and critical areas scan was clean. System appears stable, but not as robust with the Earthlink PCC suite (Kaspersky engine) ... hoping for your thoughts and recommendations for real-time scanning and firewall protection. Thanks again for the wonderful and prompt attention!

Malwarebytes' Anti-Malware 1.41
Database version: 2782
Windows 5.1.2600 Service Pack 3

9/11/2009 5:21:40 PM
mbam-log-2009-09-11 (17-21-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 184118
Time elapsed: 45 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 11 September 2009 - 09:58 PM

Ok, first, I'm still waiting for ESET result.. Second, anything with Kaspersky Engine, just go for it :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Ray Grimm

Ray Grimm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 12 September 2009 - 09:12 AM

DOH!! I completely missed the ESET scan instructions. Sorry. Here is the log ...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=d66c23ef5ed22645874cccf5810d65ab
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-12 02:08:55
# local_time=2009-09-12 10:08:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1283 61 100 99 201077094218750
# compatibility_mode=5121 62 0 88 141543474218750
# scanned=81016
# found=0
# cleaned=0
# scan_time=7292

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 September 2009 - 10:56 AM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :(



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Ray Grimm

Ray Grimm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 12 September 2009 - 03:43 PM

Cleanup complete, and system is behaving normally. Thanks for the great articles and web links - I will study them carefully after this experience.

I can't wait to tell everybody I know about the great service you guys have - I might even be able to send a few advertisers your way.

Keep up the good work!

:(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users