Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity


  • This topic is locked This topic is locked
17 replies to this topic

#1 Twi

Twi

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 06 March 2010 - 08:30 PM

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.

This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.

Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.

I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).

As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.

Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.

And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these messages doesn't leave me convinced.

The messages are as follows:
"An intrusion attempt by 112.121.181.26 was blocked. Application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE"
"An intrusion attempt by 213.163.89.105 was blocked. Application path \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE"
"An intrusion attempt by 83.133.124.240 was blocked. Application path \DEVICE|HARDDISKVOLUME2\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\ACRORD32.EXE"
"An intrusion attempt by 93.186.127.201 was blocked. Application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE"
"An intrusion attempt by 213.163.91.205 was blocked. Application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE"

One thing I did notice was that the intrusion attempts seemed to change names every time I load up my computer. Some of them were from websites with random numbers and letters in the names.

I've already run Norton, SUPERAntiSpyware, Spybot, and Malwarebytes in Safe Mode in which a few things were removed, one of which (found by Spybot) was Brave Sentry.

Also, I greatly apologize for the inconvenience, but gmer seems to crash my computer repeatedly, so it may take a little while for me to get a log from it.
Edit: After starting gmer and leaving the room for a bit, I came back to a completely black screen. I'm not sure if my computer restarted itself or not, because I've noticed that this has recently started happening. I'm also getting a few redirects to "You're the 1,000,000th visitor" and etc sites.
If it helps at all, I noticed that my situation is very similar to this one resolved a few days ago.


I don't do any banking or anything online. I just browse forums and there are a few sites I go to, but otherwise I don't think there's any real problematic information that can be lost. The only thing I really use this computer for is goofing off online and some school work.

I appreciate any help. smile.gif


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kelley at 19:35:16.92 on Sat 03/06/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1046 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\DOCUME~1\Kelley\LOCALS~1\Temp\clclean.0001
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Kelley\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=16313
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Software - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1D7854CA-EA07-45BE-ACBD-7F6D63A7547F} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {BCA2A29C-1E02-41E9-A999-E34F3B6F7530} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [Aim6]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [HPWUTOOLBOX] c:\program files\hewlett-packard\hp officejet pro k550 series\toolbox\HPWUTBX.exe "-i"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167014141328
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: mlJYstUl - mlJYstUl.dll
Notify: wvUljIaY - wvUljIaY.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll bselhu.dll yjfnwt.dll c:\windows\system32\napigowu.dll ,bapugoki.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {4e9bf06f-dcee-4b61-8074-5008cf25aa09}: tokatiluy
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRJBSJd
LSA: Notification Packages = scecli nigavimi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelley\applic~1\mozilla\firefox\profiles\da8peuuq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-4 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100224.002\IDSXpx86.sys [2010-3-3 329592]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-4 117640]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-8-20 90352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-7-11 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-3 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100306.004\NAVENG.SYS [2010-3-6 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100306.004\NAVEX15.SYS [2010-3-6 1324720]
S0 nagvalk;nagvalk;c:\windows\system32\drivers\gbqocjer.sys --> c:\windows\system32\drivers\gbqocjer.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-27 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-27 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-27 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-27 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]

=============== Created Last 30 ================

2010-03-04 20:43:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-03-04 02:43:06 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-04 02:42:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-04 02:42:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-04 02:42:40 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-04 02:42:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-04 02:42:40 0 d-----w- c:\program files\Symantec
2010-03-04 02:41:26 0 d-----w- c:\windows\system32\drivers\N360
2010-03-04 02:41:23 0 d-----w- c:\program files\Norton Security Suite
2010-03-04 02:41:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-03-04 02:34:43 0 d-----w- c:\program files\NortonInstaller
2010-03-04 02:34:43 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-03-03 03:16:16 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-03-05 03:53:49 40500 ----a-w- c:\docume~1\kelley\applic~1\wklnhst.dat
2010-03-04 02:42:21 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-04 02:42:07 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-04 02:10:47 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-04 02:10:47 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-02-18 19:52:45 147501 ----a-w- c:\windows\hpoins21.dat
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 00:27:42 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2007-12-11 21:27:10 9463004 ----a-w- c:\program files\R114582.zip
2007-06-12 22:02:20 38012480 ----a-w- c:\program files\iTunesSetup.exe
2007-03-17 06:00:52 35979 ----a-w- c:\program files\Photoshop CS3 Read Me.html
2008-09-25 20:15:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092520080926\index.dat

============= FINISH: 19:37:12.53 ===============

Edited by Twi, 06 March 2010 - 10:42 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:05 AM

Posted 09 March 2010 - 06:58 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Twi

Twi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 09 March 2010 - 08:09 PM

I got them both here, and thank you for replying. smile.gif

Here is the OTL Log:

OTL logfile created on: 3/9/2010 07:54:34 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Kelley\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.61 Gb Total Space | 19.26 Gb Free Space | 28.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KELLSDELL
Current User Name: Kelley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/09 19:52:54 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelley\My Documents\Downloads\OTL.exe
PRC - [2010/03/09 19:47:26 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Kelley\Local Settings\Temp\clclean.0001
PRC - [2010/03/03 21:42:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/26 13:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/07 09:42:06 | 002,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/15 09:12:04 | 000,784,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/11/15 09:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2007/11/15 09:08:26 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/05/24 16:28:20 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/02 17:16:54 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/24 23:01:24 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/03/11 21:32:42 | 000,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/04 13:37:42 | 000,785,920 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/12/04 13:37:42 | 000,236,544 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006/12/04 13:24:07 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/05/01 10:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 10:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 10:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/05/01 10:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/05/01 10:20:52 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/05/01 10:20:26 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/03/25 00:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/16 13:47:04 | 000,061,440 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
PRC - [2006/02/16 10:20:20 | 001,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/11/22 14:49:24 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/11/22 14:48:32 | 000,348,160 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/09 19:52:54 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelley\My Documents\Downloads\OTL.exe
MOD - [2010/03/03 21:41:56 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/07/25 10:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 10:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2007/11/15 09:10:38 | 000,062,480 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/08/03 19:52:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/03 21:42:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/07/11 16:29:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/26 13:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/11/15 09:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/06/04 22:14:16 | 000,602,112 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/04 13:37:42 | 000,086,528 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2006/12/04 13:24:07 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/05/01 10:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/05/01 10:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/05/01 10:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2002/11/22 14:49:22 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2010/03/03 21:42:40 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/03 21:42:23 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/03 21:42:23 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/03/03 21:42:23 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/03/03 21:42:23 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/03/03 21:42:23 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/03/03 21:42:22 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/03 21:42:22 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/03 21:42:22 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/03 21:42:22 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/03 21:42:21 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/03 21:42:21 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/03 11:35:42 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100308.057\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/03 11:35:42 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/03 11:35:42 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/03 11:35:42 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100308.057\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/28 17:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100305.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/12/22 11:06:02 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/22 11:06:00 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/22 11:05:58 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/21 02:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 02:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/12/18 17:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/12/04 13:31:10 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/25 08:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/05/01 10:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 00:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/25 00:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 19:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/11/03 14:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/11/03 14:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/10/14 16:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 16:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 16:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/25 10:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 11:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 11:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/12/06 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 02:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/22 14:49:22 | 000,050,896 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/11/22 14:49:22 | 000,018,928 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/11/22 14:49:22 | 000,016,112 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\..\URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/09 19:48:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 22:55:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 22:55:16 | 000,000,000 | ---D | M]

[2009/02/21 15:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelley\Application Data\Mozilla\Extensions
[2010/03/08 23:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelley\Application Data\Mozilla\Firefox\Profiles\da8peuuq.default\extensions
[2009/07/12 15:02:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kelley\Application Data\Mozilla\Firefox\Profiles\da8peuuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/08 22:30:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kelley\Application Data\Mozilla\Firefox\Profiles\da8peuuq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/09 19:50:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/01/30 17:55:12 | 000,288,469 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 9942 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1D7854CA-EA07-45BE-ACBD-7F6D63A7547F} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (no name) - {BCA2A29C-1E02-41E9-A999-E34F3B6F7530} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - Software - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWUTOOLBOX] C:\Program Files\Hewlett-Packard\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-207785900-3419304785-3316634881-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1167014141328 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL bselhu.dll yjfnwt.dll c:\windows\system32\napigowu.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (bapugoki.dll) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\mlJYstUl: DllName - mlJYstUl.dll - File not found
O20 - Winlogon\Notify\wvUljIaY: DllName - wvUljIaY.dll - File not found
O22 - SharedTaskScheduler: {4e9bf06f-dcee-4b61-8074-5008cf25aa09} - tokatiluy - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Kelley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kelley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRJBSJd) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{8f7179ae-8f14-11dc-bf93-0016419519aa}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe - ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/06 08:19:33 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/05 14:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelley\Local Settings\Application Data\Symantec
[2010/03/04 19:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/04 19:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/04 19:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/04 15:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/03/04 14:38:27 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symtdi.sys
[2010/03/04 14:38:27 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symfw.sys
[2010/03/04 14:38:27 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndisv.sys
[2010/03/04 14:38:27 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndis.sys
[2010/03/04 14:38:27 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symids.sys
[2010/03/04 14:38:26 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\cchpx86.sys
[2010/03/04 14:38:26 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.sys
[2010/03/04 14:38:26 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.sys
[2010/03/04 14:38:26 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.sys
[2010/03/04 14:38:26 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.sys
[2010/03/04 14:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0308000.029
[2010/03/03 21:43:06 | 000,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/03/03 21:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/03 21:42:41 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/03/03 21:42:40 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/03/03 21:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/03/03 21:41:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/03/03 21:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/03/03 21:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/03/03 21:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/03/03 21:39:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/03 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/03 21:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/03/03 21:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelley\My Documents\Symantec
[2010/03/02 22:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/03/02 22:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/02 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 21:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/01 22:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/27 19:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelley\Desktop\Pics
[2009/09/15 05:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/06/24 18:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/05/04 17:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2008/10/21 13:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/09/15 16:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/06/12 17:01:52 | 038,012,480 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2006/12/24 19:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2005/08/16 05:30:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/09 19:49:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 19:46:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/09 19:46:57 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\xgdoqzqo.job
[2010/03/09 19:46:57 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\bzlnxbvp.job
[2010/03/09 19:46:57 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\quqibcoz.job
[2010/03/09 19:46:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 19:46:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 19:46:22 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/09 19:31:56 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/09 11:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/09 11:18:14 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Kelley\Desktop\Microsoft Word.lnk
[2010/03/09 00:13:45 | 009,191,424 | ---- | M] () -- C:\Documents and Settings\Kelley\ntuser.dat
[2010/03/09 00:13:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kelley\ntuser.ini
[2010/03/09 00:13:07 | 001,580,180 | -H-- | M] () -- C:\Documents and Settings\Kelley\Local Settings\Application Data\IconCache.db
[2010/03/08 23:08:11 | 004,888,453 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Far Away.mp3
[2010/03/08 23:03:59 | 005,004,990 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Realm Overworld.mp3
[2010/03/08 23:00:10 | 002,845,204 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Darkmoon Caverns.mp3
[2010/03/08 22:59:47 | 001,493,678 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Sealed Hyrule Castle.mp3
[2010/03/08 22:59:18 | 003,192,614 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Space Port Alpha.mp3
[2010/03/08 22:59:00 | 004,209,822 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Star City.mp3
[2010/03/08 22:52:05 | 003,761,554 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Hero's Theme.mp3
[2010/03/08 22:51:48 | 003,287,676 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Two Worlds.mp3
[2010/03/08 22:51:39 | 003,138,272 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Elemental Warriors.mp3
[2010/03/08 22:51:34 | 001,337,368 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Team Fortress 2.mp3
[2010/03/08 22:51:29 | 001,715,621 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Faster Than a Speeding Bullet.mp3
[2010/03/08 22:51:19 | 002,031,738 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Right Behind You.mp3
[2010/03/08 22:51:15 | 001,952,290 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Shadow Realm.mp3
[2010/03/08 22:51:09 | 002,667,036 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Legend Unfolds.mp3
[2010/03/08 22:43:39 | 003,583,876 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Land of a Thousand Dances.mp3
[2010/03/08 22:43:28 | 004,391,615 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Teeth.mp3
[2010/03/08 22:43:03 | 005,037,367 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Photograph.mp3
[2010/03/08 22:42:46 | 003,552,568 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Build Me Up Buttercup.mp3
[2010/03/08 22:42:29 | 003,267,252 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Build Me Up Buttercup (Cover).mp3
[2010/03/08 22:42:15 | 004,728,070 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\This Guy's in Love with You.mp3
[2010/03/08 22:42:06 | 005,774,540 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\This Girl's in Love With You.mp3
[2010/03/08 22:41:47 | 004,061,915 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\TiK ToK.mp3
[2010/03/08 22:41:14 | 002,262,104 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Intruder Alert.mp3
[2010/03/08 22:40:54 | 003,774,105 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Danger in the Sky.mp3
[2010/03/08 22:40:36 | 004,503,967 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\The Badlands.mp3
[2010/03/08 22:40:24 | 003,803,275 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Enchanted Kingdom.mp3
[2010/03/08 22:39:48 | 002,073,500 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Petite Chou-Fleur.mp3
[2010/03/08 22:39:14 | 005,146,579 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Ortho's Theme.mp3
[2010/03/08 22:38:58 | 004,908,831 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Playing with Danger.mp3
[2010/03/08 22:38:15 | 004,179,457 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Goodbyes.mp3
[2010/03/08 22:36:14 | 004,522,224 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Taylor_Swift__White_Horse__Studio_Version_HQ____Lyrics_.mp3
[2010/03/08 22:25:22 | 004,867,070 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Mr.mp3
[2010/03/08 22:25:17 | 002,805,990 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Banjo-Kazooie_Remix__Isle_o__Hags_Hip_Hop_mix..mp3
[2010/03/08 22:24:18 | 005,157,547 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\LOGBOX720.mp3
[2010/03/08 22:20:57 | 005,586,477 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Nutty Acres.mp3
[2010/03/08 22:20:36 | 002,485,201 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Fyer and Falbi.mp3
[2010/03/07 21:41:30 | 000,040,702 | ---- | M] () -- C:\Documents and Settings\Kelley\Application Data\wklnhst.dat
[2010/03/06 20:02:17 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Kelley\Desktop\gmer.exe
[2010/03/04 16:59:16 | 000,662,830 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/03/04 16:58:34 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/03/04 14:37:12 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/03/03 21:42:40 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/03/03 21:42:40 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/03/03 21:42:40 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/03/03 21:42:40 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/03/03 21:42:23 | 000,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symtdi.sys
[2010/03/03 21:42:23 | 000,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndisv.sys
[2010/03/03 21:42:23 | 000,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/03/03 21:42:23 | 000,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndis.sys
[2010/03/03 21:42:23 | 000,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symids.sys
[2010/03/03 21:42:22 | 000,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.sys
[2010/03/03 21:42:22 | 000,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.sys
[2010/03/03 21:42:22 | 000,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symfw.sys
[2010/03/03 21:42:22 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.sys
[2010/03/03 21:42:21 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\cchpx86.sys
[2010/03/03 21:42:21 | 000,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.sys
[2010/03/03 21:42:07 | 000,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/03/03 21:41:50 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/03/03 21:41:50 | 000,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/03/03 21:41:50 | 000,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/03/03 21:41:50 | 000,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.inf
[2010/03/03 21:41:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.inf
[2010/03/03 21:41:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.inf
[2010/03/03 21:41:49 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/03/03 21:41:27 | 000,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\symnetv.cat
[2010/03/03 21:41:27 | 000,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.cat
[2010/03/03 21:41:27 | 000,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/03/03 21:41:27 | 000,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.cat
[2010/03/03 21:41:27 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.cat
[2010/03/03 21:41:26 | 000,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/03/03 21:41:26 | 000,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/03/03 21:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/02 22:55:25 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/02 22:06:58 | 000,012,720 | -HS- | M] () -- C:\Documents and Settings\Kelley\Local Settings\Application Data\U4E5P2rdp
[2010/02/27 23:27:29 | 006,257,785 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Glitter in the Air (Live).mp3
[2010/02/27 22:25:50 | 004,553,034 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Glitter in the Air.mp3
[2010/02/27 22:18:53 | 005,854,997 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\I Want to Spend My Lifetime Loving You.mp3
[2010/02/18 14:52:45 | 000,147,501 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2010/02/18 14:27:52 | 000,000,646 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/16 21:30:22 | 005,193,057 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\A Dream Worth Keeping.mp3
[2010/02/16 21:29:46 | 004,423,957 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Fireflies.mp3
[2010/02/16 21:29:36 | 004,879,559 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Two Is Better Than One.mp3
[2010/02/16 21:29:19 | 004,184,680 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\I Am.mp3
[2010/02/16 21:29:07 | 004,374,846 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Evacuate the Dancefloor.mp3
[2010/02/16 19:57:33 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\Kelley\Desktop\Paint.lnk
[2010/02/16 13:55:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/15 12:50:22 | 003,867,049 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Gold Battle.mp3
[2010/02/14 00:31:15 | 003,533,186 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\Jellyfish Sea.mp3
[2010/02/14 00:30:16 | 002,692,636 | ---- | M] () -- C:\Documents and Settings\Kelley\My Documents\A Lament for Solon.mp3
[2010/02/10 23:51:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 20:59:53 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Kelley\Application Data\setup_ldm.iss
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\yenirigo
[2010/03/09 19:46:22 | 2137,456,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/08 22:57:54 | 003,192,614 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Space Port Alpha.mp3
[2010/03/08 22:57:47 | 002,845,204 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Darkmoon Caverns.mp3
[2010/03/08 22:57:36 | 004,209,822 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Star City.mp3
[2010/03/08 22:57:32 | 001,493,678 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Sealed Hyrule Castle.mp3
[2010/03/04 16:58:49 | 000,662,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/03/04 14:38:27 | 000,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\symnetv.cat
[2010/03/04 14:38:27 | 000,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.cat
[2010/03/04 14:38:27 | 000,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/03/04 14:38:27 | 000,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.inf
[2010/03/04 14:38:26 | 000,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/03/04 14:38:26 | 000,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.cat
[2010/03/04 14:38:26 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.cat
[2010/03/04 14:38:26 | 000,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/03/04 14:38:26 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/03/04 14:38:26 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/03/04 14:38:26 | 000,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/03/04 14:38:26 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.inf
[2010/03/04 14:38:26 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.inf
[2010/03/04 14:38:26 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/03/04 14:37:12 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/03/03 21:42:40 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/03/03 21:42:40 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/03/03 21:42:24 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/03/02 21:41:18 | 000,012,720 | -HS- | C] () -- C:\Documents and Settings\Kelley\Local Settings\Application Data\U4E5P2rdp
[2010/03/02 21:35:35 | 000,011,308 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\U4E5P2rdp
[2010/03/01 22:34:41 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/01 22:34:40 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/27 23:25:57 | 006,257,785 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Glitter in the Air (Live).mp3
[2010/02/27 22:15:31 | 003,267,252 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Build Me Up Buttercup (Cover).mp3
[2010/02/27 22:15:12 | 004,553,034 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Glitter in the Air.mp3
[2010/02/27 22:14:51 | 005,037,367 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Photograph.mp3
[2010/02/27 22:14:31 | 004,888,453 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Far Away.mp3
[2010/02/27 22:14:17 | 003,552,568 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Build Me Up Buttercup.mp3
[2010/02/27 22:13:50 | 005,774,540 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\This Girl's in Love With You.mp3
[2010/02/27 22:13:27 | 004,728,070 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\This Guy's in Love with You.mp3
[2010/02/27 22:13:01 | 005,854,997 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\I Want to Spend My Lifetime Loving You.mp3
[2010/02/27 20:29:15 | 009,191,424 | ---- | C] () -- C:\Documents and Settings\Kelley\ntuser.dat
[2010/02/16 13:56:43 | 003,583,876 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Land of a Thousand Dances.mp3
[2010/02/16 13:56:25 | 005,193,057 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\A Dream Worth Keeping.mp3
[2010/02/16 13:56:11 | 004,423,957 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Fireflies.mp3
[2010/02/16 13:55:58 | 004,879,559 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Two Is Better Than One.mp3
[2010/02/16 13:55:42 | 004,184,680 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\I Am.mp3
[2010/02/16 13:55:26 | 004,374,846 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Evacuate the Dancefloor.mp3
[2010/02/14 00:08:38 | 002,262,104 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Intruder Alert.mp3
[2010/02/14 00:08:31 | 002,031,738 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Right Behind You.mp3
[2010/02/14 00:08:23 | 002,073,500 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Petite Chou-Fleur.mp3
[2010/02/14 00:08:05 | 004,908,831 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Playing with Danger.mp3
[2010/02/14 00:07:52 | 003,533,186 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Jellyfish Sea.mp3
[2010/02/14 00:07:42 | 003,803,275 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Enchanted Kingdom.mp3
[2010/02/14 00:07:30 | 004,503,967 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\The Badlands.mp3
[2010/02/14 00:07:23 | 002,692,636 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\A Lament for Solon.mp3
[2010/02/14 00:07:08 | 005,146,579 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Ortho's Theme.mp3
[2010/02/14 00:06:57 | 003,774,105 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Danger in the Sky.mp3
[2010/02/14 00:06:37 | 002,667,036 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Legend Unfolds.mp3
[2010/02/11 23:19:10 | 001,715,621 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Faster Than a Speeding Bullet.mp3
[2010/02/11 23:19:05 | 001,337,368 | ---- | C] () -- C:\Documents and Settings\Kelley\My Documents\Team Fortress 2.mp3
[2010/02/08 20:59:53 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Kelley\Application Data\setup_ldm.iss
[2009/10/24 20:39:39 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/11 16:22:30 | 000,035,979 | ---- | C] () -- C:\Program Files\Photoshop CS3 Read Me.html
[2007/12/11 16:27:06 | 009,463,004 | ---- | C] () -- C:\Program Files\R114582.zip
[2007/10/15 09:21:29 | 000,019,967 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/06/13 11:13:22 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/12 18:25:51 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Kelley\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/02/01 01:03:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpgt2300.dll
[2007/01/28 21:55:12 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/12/29 21:10:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/25 14:57:05 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Kelley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/25 14:53:39 | 000,002,984 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 14:53:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D5393B1004.sys
[2006/12/24 21:29:14 | 000,040,702 | ---- | C] () -- C:\Documents and Settings\Kelley\Application Data\wklnhst.dat
[2006/12/24 19:24:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Kelley\Local Settings\Application Data\fusioncache.dat
[2006/12/04 13:45:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/04 13:33:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/04 13:31:29 | 000,000,369 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/04 13:24:33 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/12/04 13:24:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/12/04 13:23:50 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/12/04 12:53:56 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/12/04 12:53:24 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/04 12:53:00 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/12 16:53:10 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/22 14:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2010/01/05 05:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/24 14:43:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/24 14:43:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/24 14:43:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/24 14:43:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/03/03 21:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/03 21:10:47 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >


And the Extras:

OTL Extras logfile created on: 3/9/2010 07:54:34 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Kelley\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.61 Gb Total Space | 19.26 Gb Free Space | 28.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KELLSDELL
Current User Name: Kelley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-207785900-3419304785-3316634881-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 2.0 - Photosmart Printer Series
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96C267DA-0926-4C11-B4E7-4D3EF85130D0}" = Paint.NET v3.22
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC60C8C1-855E-45AB-8D95-1D16F8A38E78}" = UGuide
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B10949AD-0C3C-47e8-ADF7-441C1BB9F621}" = C4380
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA7A3288-228D-4031-A93A-B5F6B3415E15}" = Misc
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BDA128C9-66F5-46c9-A503-AA7098AF384F}" = C4380_Help
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3308F5E-FAA9-4fc5-8975-800C36ECCEAC}" = C4380_doccd
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1CD25A0-5401-40B2-BAA9-E267408B16DF}" = Toolbox
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM MusicLink 2.0.0.1" = AIM MusicLink 2.0.0.1
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Ask Toolbar_is1" = Ask Toolbar
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Creative Audio Pack" = Creative Audio Pack
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Officejet Pro K550 Series" = HP Officejet Pro K550 Series
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"SearchAssist" = SearchAssist
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFF_is1" = WinFF 0.45
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2010 12:20:24 AM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 12:20:48 AM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 12:23:01 AM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 12:23:13 AM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 12:23:17 AM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 12:23:47 AM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 12:23:56 AM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 12:23:58 AM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2010 03:50:35 PM | Computer Name = KELLSDELL | Source = Application Error | ID = 1000
Description = Faulting application ccsvchst.exe, version 108.1.1.10, faulting module
wtsapi32.dll, version 5.1.2600.5512, fault address 0x00001529.

Error - 3/6/2010 10:41:18 PM | Computer Name = KELLSDELL | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/9/2010 03:55:56 PM | Computer Name = KELLSDELL | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 3/9/2010 03:55:56 PM | Computer Name = KELLSDELL | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 3/9/2010 03:55:56 PM | Computer Name = KELLSDELL | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 3/9/2010 03:55:56 PM | Computer Name = KELLSDELL | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 3/9/2010 03:55:56 PM | Computer Name = KELLSDELL | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/9/2010 03:55:56 PM | Computer Name = KELLSDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd
Rdbss
SASDIFSV
SASKUTIL
SRTSP
SRTSPX
SYMTDI
Tcpip

Error - 3/9/2010 08:36:37 PM | Computer Name = KELLSDELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/9/2010 08:46:43 PM | Computer Name = KELLSDELL | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/9/2010 08:46:43 PM | Computer Name = KELLSDELL | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/9/2010 08:59:46 PM | Computer Name = KELLSDELL | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
OLIVAHOMELAPTOP that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{C7CD432A-EC9. The master browser is stopping or an election is being
forced.


< End of report >


Thanks again!

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:05 AM

Posted 09 March 2010 - 08:14 PM

Hi,

please try running gmer in safe mode. If that doesn't work, please uncheck the devices option and run a scan. Let me know if that works.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Twi

Twi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 12 March 2010 - 07:05 PM

I tried running gmer in Safe Mode but for some reason I can't access either the copy or save options. I've tried changing the size of the window as well to no avail.

I've also tried running gmer normally, but it either crashes or goes through the scan only to Blue Screen my computer. The Blue Screen has appeared twice already.

The Blue Screen says that the problem file is kwliypob.sys

STOP: 0x000000050 (0x95B14B30, 0x00000001, 0x94F1DFA6, 0x00000000)

Technical Information:
kwliypob.sys
Address 94F1DFA6 base at 94F12000, Datestamp 46274f8d


If I absolutely need a gmer log, than I'll keep trying, but are there any alternatives you would recommend?

Thanks!

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:05 AM

Posted 13 March 2010 - 06:07 AM

Hi,

there is an alternative, although I prefer gmer. Since gmer doesn't want to run correctly let's use the alternatives:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

Please also run a scan with MBR:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Twi

Twi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 13 March 2010 - 09:07 PM

While I wait on RootRepeal, I figured I'd post the mbr log.


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A71FCA1]<<
kernel: MBR read successfully
user & kernel MBR OK


Also, I loaded up my computer today to find Norton had caught Backdoor.Tidserv!inf and was unable to remove it.

I'll edit this post later when RootRepeal is finished.

Edit: Here is the RootRepeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/13 20:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x98DB7000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xB9E9C000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_c7c.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\kelley\application data\mozilla\firefox\profiles\da8peuuq.default\places.sqlite
Status: Size mismatch (API: 2420736, Raw: 2412544)

Path: C:\Documents and Settings\Kelley\Application Data\Mozilla\Firefox\Profiles\da8peuuq.default\E76B2D70d01
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Kelley\Local Settings\Apps\2.0\CHNYZAXZ.TBN\XYXCOE0J.6RM\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Kelley\Local Settings\Apps\2.0\CHNYZAXZ.TBN\XYXCOE0J.6RM\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89785738

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x89724c18

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a3fde00

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x89714dd0

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a2ef680

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0x9acb9130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x89eaddc0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x896bb6d8

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a2da3b0

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x89718dd0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0x9acb93b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0x9acb9910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8a479490

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x897857b8

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x896aad80

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a307ba8

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8a2f2008

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x896e7228

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a559250

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x896941e0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a33ace0

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8a580e10

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x89569460

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x896a6dc0

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a30b0e0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8973f2b8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a307c28

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8a57eda8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0x9acb9b60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x89760d80

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x897131d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a44de50

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89556058

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a2f4e50

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x89713210

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8a2f6cd0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x896aecd0

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x8a578cd0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x896f0cd0

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x897113b8

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x89711538

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8a33caa8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8a2f66b8

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x897475d8

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x897392b8

==EOF==

Edited by Twi, 13 March 2010 - 09:18 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:05 AM

Posted 14 March 2010 - 06:37 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Twi

Twi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 15 March 2010 - 09:59 PM

God I think I gave myself a hernia using this program. I'm still shaking. O.o

But here is the log.

ComboFix 10-03-14.03 - Kelley 03/15/2010 22:29:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1517 [GMT -4:00]
Running from: c:\documents and settings\Kelley\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\bzlnxbvp.job
c:\windows\Tasks\quqibcoz.job
c:\windows\Tasks\xgdoqzqo.job
c:\windows\wiaserviv.log

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 02:41 . 2010-02-12 22:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-03-16 02:41 . 2010-02-02 00:20 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-03-15 23:45 . 2010-03-03 16:35 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100315.022\NAVENG.SYS
2010-03-15 23:45 . 2010-03-03 16:35 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100315.022\EECTRL.SYS
2010-03-15 23:45 . 2010-03-03 16:35 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100315.022\CCERASER.DLL
2010-03-15 23:45 . 2010-03-03 16:35 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100315.022\ECMSVR32.DLL
2010-03-15 23:45 . 2010-03-03 16:35 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100315.022\NAVENG32.DLL
2010-03-15 23:45 . 2010-03-03 16:35 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100315.022\NAVEX32A.DLL
2010-03-15 23:45 . 2010-03-03 16:35 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100315.022\NAVEX15.SYS
2010-03-15 23:45 . 2010-03-03 16:35 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100315.022\ERASER.SYS
2010-03-14 22:28 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll
2010-03-14 22:28 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys
2010-03-14 22:28 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys
2010-03-14 22:28 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll
2010-03-14 22:28 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys
2010-03-14 01:47 . 2010-03-14 01:47 77312 ----a-w- C:\mbr.exe
2010-03-12 01:47 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-11 01:46 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\Scxpx86.dll
2010-03-11 01:46 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys
2010-03-11 01:46 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSvix86.sys
2010-03-11 01:46 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSxpx86.dll
2010-03-11 01:46 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSviA64.sys
2010-03-09 00:39 . 2009-12-15 11:14 95568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\RunOnce.exe
2010-03-09 00:39 . 2009-12-14 21:00 106496 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\sb_Almaak.dll
2010-03-09 00:39 . 2009-12-16 12:07 136528 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\Vercopy.exe
2010-03-09 00:39 . 2009-12-16 12:07 136528 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\AOLSetup.exe
2010-03-09 00:39 . 2009-12-17 05:09 49241 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\sb_BunkerHill.dll
2010-03-09 00:39 . 2009-12-15 11:33 120144 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\SBFix.exe
2010-03-09 00:39 . 2009-12-15 09:35 106496 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\sb_Raga_Refresh.dll
2010-03-09 00:39 . 2009-12-14 19:06 106496 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\sb_Thailand.dll
2010-03-09 00:39 . 2009-12-14 19:03 106496 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4482.14.4\sb_Strauss.dll
2010-03-05 19:53 . 2010-03-05 19:53 -------- d-----w- c:\documents and settings\Kelley\Local Settings\Application Data\Symantec
2010-03-04 20:43 . 2010-03-04 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-04 02:43 . 2010-03-04 02:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-04 02:42 . 2010-03-04 02:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-04 02:42 . 2010-03-04 02:42 -------- d-----w- c:\program files\Symantec
2010-03-04 02:42 . 2010-03-04 02:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-04 02:42 . 2010-03-04 02:42 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-03-04 02:42 . 2010-03-04 02:42 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-03-04 02:42 . 2010-03-04 02:42 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-03-04 02:41 . 2010-03-04 22:07 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-04 02:41 . 2010-03-04 02:41 -------- d-----w- c:\program files\Norton Security Suite
2010-03-04 02:41 . 2010-03-04 02:41 -------- d-----w- c:\program files\Windows Sidebar
2010-03-04 02:41 . 2010-03-04 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-04 02:34 . 2010-03-04 02:34 -------- d-----w- c:\program files\NortonInstaller
2010-03-04 02:34 . 2010-03-04 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-03 03:50 . 2010-03-03 03:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-03-03 03:16 . 2010-03-03 03:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-03 02:31 . 2010-03-03 02:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-16 01:42 . 2009-12-17 05:09 49241 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_BunkerHill.dll
2010-02-16 01:42 . 2009-12-15 11:14 95568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
2010-02-16 01:42 . 2009-12-15 09:35 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Raga_Refresh.dll
2010-02-16 01:42 . 2009-12-14 21:00 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Almaak.dll
2010-02-16 01:42 . 2009-12-14 19:06 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Thailand.dll
2010-02-16 01:42 . 2009-12-14 19:03 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Strauss.dll
2010-02-16 01:42 . 2009-12-16 12:07 136528 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
2010-02-16 01:42 . 2009-12-15 11:33 120144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
2010-02-14 05:06 . 2010-02-14 05:06 2900 ----a-w- c:\documents and settings\Kelley\Application Data\WinFF\ff100214000636.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 23:34 . 2009-08-20 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-03-15 03:50 . 2006-12-25 02:29 41682 ----a-w- c:\documents and settings\Kelley\Application Data\wklnhst.dat
2010-03-13 02:50 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-10 00:31 . 2008-03-26 03:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-09 03:58 . 2009-02-21 21:20 -------- d-----w- c:\documents and settings\Kelley\Application Data\WinFF
2010-03-04 03:14 . 2008-10-21 18:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-04 03:13 . 2006-12-04 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-04 03:11 . 2006-12-04 18:37 -------- d-----w- c:\program files\McAfee
2010-03-04 02:42 . 2010-03-04 02:42 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-04 02:42 . 2010-03-04 02:42 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-04 02:42 . 2008-01-29 16:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-04 02:42 . 2008-01-29 16:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-04 02:41 . 2009-01-30 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-02 03:34 . 2006-12-04 18:37 -------- d-----w- c:\program files\Google
2010-02-20 00:10 . 2006-12-25 19:52 -------- d-----w- c:\documents and settings\Kelley\Application Data\Corel
2010-02-18 19:52 . 2008-02-16 23:03 147501 ----a-w- c:\windows\hpoins21.dat
2010-02-16 01:42 . 2006-12-30 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-01-28 01:41 . 2010-01-28 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 01:41 . 2010-01-28 01:41 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-28 01:38 . 2010-01-28 01:38 -------- d-----w- c:\documents and settings\Kelley\Application Data\Malwarebytes
2010-01-28 01:38 . 2010-01-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-28 00:31 . 2010-01-28 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-28 00:31 . 2008-12-02 01:27 -------- d-----w- c:\program files\Alwil Software
2010-01-27 02:36 . 2009-03-31 18:49 117760 ----a-w- c:\documents and settings\Kelley\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-20 17:25 . 2008-03-22 02:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-07 21:07 . 2010-01-28 01:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-01-28 01:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 00:27 . 2006-12-25 19:53 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-06 00:25 . 2006-12-25 19:53 88 --sh--r- c:\windows\system32\D5393B1004.sys
2010-01-05 10:00 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2005-08-16 10:18 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 18:04 . 2009-12-29 18:04 1084 ----a-w- c:\documents and settings\Kelley\Application Data\WinFF\ff091229130455.bat
2009-12-16 18:43 . 2005-08-16 10:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2007-12-11 21:27 . 2007-12-11 21:27 9463004 ----a-w- c:\program files\R114582.zip
2007-06-12 22:02 . 2007-06-12 22:01 38012480 ----a-w- c:\program files\iTunesSetup.exe
2007-03-17 06:00 . 2009-07-11 21:22 35979 ----a-w- c:\program files\Photoshop CS3 Read Me.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-04 236544]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-08-04 1032192]
"HPWUTOOLBOX"="c:\program files\Hewlett-Packard\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 352256]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-4 24576]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-25 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-2 784912]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 14:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/4/2010 03:38 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/4/2010 03:38 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/4/2010 03:38 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [3/14/2010 06:28 PM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 12:06 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 55024]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/4/2010 03:37 PM 117640]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/20/2009 11:33 AM 90352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/11/2007 10:16 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/3/2010 12:35 PM 102448]
S0 nagvalk;nagvalk;c:\windows\system32\drivers\gbqocjer.sys --> c:\windows\system32\drivers\gbqocjer.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=16313
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kelley\Application Data\Mozilla\Firefox\Profiles\da8peuuq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{1D7854CA-EA07-45BE-ACBD-7F6D63A7547F} - (no file)
BHO-{BCA2A29C-1E02-41E9-A999-E34F3B6F7530} - (no file)
HKCU-Run-Aim6 - (no file)
SharedTaskScheduler-{4e9bf06f-dcee-4b61-8074-5008cf25aa09} - (no file)
Notify-mlJYstUl - mlJYstUl.dll
Notify-wvUljIaY - wvUljIaY.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 22:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\Č* 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\Č* Ć]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\Č* 7*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\docume~1\Kelley\LOCALS~1\Temp\clclean.0001
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-03-15 22:52:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 02:51

Pre-Run: 20,379,815,936 bytes free
Post-Run: 20,898,222,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 3ACCA4A222CB68045300C472C4C5DEC3


Also, Norton didn't load after the whole thing was complete. But then again, I haven't had any attacks.

Edit: Rebooted my comp to make sure Norton was still alive. Nothing funny yet. But I'll wait for the final call before I start bouncing off the walls.

Edited by Twi, 15 March 2010 - 10:11 PM.


#10 Twi

Twi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 16 March 2010 - 10:26 PM

Sorry to double post, but while Norton hasn't reported any HTTP Tidserv Request and etc, it did pick up again on Backdoor.Tidserv!inf, but claims to have removed it...

Any ideas?

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:05 AM

Posted 17 March 2010 - 07:32 AM

Hi,

could you please check where Norton is finding the file? There are a couple of backups that are still present, but the infection should be disabled.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Twi

Twi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 17 March 2010 - 07:03 PM

Norton is finding this in c:\qoobox\quarantine\c\windows\system32\drivers\atapi.sys.vir

I'm assuming the quarantine means that it's been dealt with, but I could be wrong. :/

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:05 AM

Posted 19 March 2010 - 03:07 PM

Hi,

this is indeed taken care of. It was quarantined by ComboFix.

Please run a scan with Eset to check for left overs:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Twi

Twi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 24 March 2010 - 10:48 PM

Sorry it took so long, school and work have been getting in the way, and I haven't had the time to really work with my computer for a good number of hours.

I did get the LOG though.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined


And, that's all it had.

Edited by Twi, 24 March 2010 - 10:48 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:05 AM

Posted 26 March 2010 - 01:03 PM

Hi,

that is good. It only found files in the quarantine of spybot. smile.gif How is your PC doing currently?

Before getting to the final step I'd like you to update your software:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users