Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vistanumbers internet links redirect


  • This topic is locked This topic is locked
16 replies to this topic

#1 needinghelp123

needinghelp123

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 11 July 2010 - 05:07 AM

I have the following problems:

My Norton Anti-virus software seems to be shut down and I get the following message when I try to activate it:

Unkonwn software exception 0xc6d007e occurred in the application at 0x7c812afb

I receive the same message or simply can't run the following programs:
Stopzilla
RegCure
RegSERVO (Can't access their servers with the activation key)

My Internet links are also being redirected to various shopping sites and quite often to:
hxxp://vistanumbers.com/x2s/click?ou=http%3A%2F%2F85.17.76.175%2Fppc%2Fclick.php%3Ft%3D1278849390_25%26cid%3D2%26a%3D3025%26q%3Dvistanumbers

I've pasted my DDS Log and attached my Attach.txt file & GMER file
Thanks in advance for your help!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Nathaniel Higgins at 22:16:27.76 on Sat 07/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.550 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdfserv.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
{0a778f14-07a0-405e-b79c-c1dd9de0e0d2}
BHO: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - Lexmark Toolbar
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\comcast\comcas~1\data\xtras\mssysmgr.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [lxdfmon.exe] "c:\program files\lexmark 6500 series\lxdfmon.exe"
mRun: [lxdfamon] "c:\program files\lexmark 6500 series\lxdfamon.exe"
mRun: [Lexmark 6500 Series Fax Server] "c:\program files\lexmark 6500 series\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Trusted Zone: fidelity.com\workplaceservices100
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
Trusted Zone: washingtonpost.com\www
Trusted Zone: washingtonpost.com
Trusted Zone: westlaw.com
Trusted Zone: westlaw.com\print
Trusted Zone: westlaw.com\web2
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: devlib.dll advspl.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-1 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-1 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-1 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-1 116784]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [2007-5-29 99248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100707.001\IDSXpx86.sys [2010-7-7 331640]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-6-1 126392]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100707.048\NAVENG.SYS [2010-7-8 85552]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100707.048\NAVEX15.SYS [2010-7-8 1347504]

=============== Created Last 30 ================

2010-07-11 00:30:41 0 d-----w- c:\docume~1\alluse~1\applic~1\RegSERVO
2010-07-11 00:30:31 0 d-----w- c:\program files\RegSERVO
2010-07-10 20:17:44 0 d-----w- c:\docume~1\nathan~1\applic~1\Tific
2010-07-09 16:03:44 1409 ----a-w- c:\windows\system32\tmp92574.FOT
2010-07-09 16:03:44 1409 ----a-w- c:\windows\system32\tmp4F574.FOT
2010-07-09 16:03:43 1409 ----a-w- c:\windows\system32\tmpD7474.FOT
2010-07-09 16:03:43 1409 ----a-w- c:\windows\system32\tmp7D274.FOT
2010-07-09 16:03:43 1409 ----a-w- c:\windows\system32\tmp1C374.FOT
2010-07-06 13:22:59 0 d-----w- C:\N360_BACKUP
2010-07-05 03:59:23 437760 --sh--w- c:\windows\system32\devlib.dll
2010-07-05 03:59:18 21504 --sh--w- c:\windows\system32\advspl.dll
2010-06-20 12:44:57 0 d-----w- c:\program files\iPod
2010-06-20 12:34:52 0 d-----w- c:\program files\Bonjour
2010-06-11 10:56:31 1409 ----a-w- c:\windows\system32\tmp1A384.FOT
2010-06-11 10:56:31 1409 ----a-w- c:\windows\system32\tmp0E384.FOT
2010-06-11 10:56:30 1409 ----a-w- c:\windows\system32\tmp6E284.FOT
2010-06-11 10:56:30 1409 ----a-w- c:\windows\system32\tmp43384.FOT
2010-06-11 10:56:30 1409 ----a-w- c:\windows\system32\tmp36384.FOT

==================== Find3M ====================

2010-05-25 02:13:53 64000 ----a-w- c:\windows\system32\dllcache\wmplayer.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-20 00:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2006-11-27 21:41:02 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-01-22 01:26:37 152 --sh--r- c:\windows\system32\11A8C37CDF.sys
2008-01-08 02:12:17 88 --sh--r- c:\windows\system32\DF7CC3A811.sys
2008-01-22 01:28:21 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-17 16:31:40 203776 --sh--w- c:\windows\system32\unrar.exe
2009-10-15 10:54:54 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-05 19:24:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 22:17:06.87 ===============

Attached Files


Edited by Orange Blossom, 11 July 2010 - 10:25 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:37 PM

Posted 14 July 2010 - 06:58 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 needinghelp123

needinghelp123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 15 July 2010 - 06:51 AM

thumbup.gif

Hi Mole,

Its 8am ET and I'm heading to work. I'll be back this evening by 6pm and ready to run your instructions.

Thanks so much for your help!
ASH

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:37 PM

Posted 15 July 2010 - 07:14 PM

There's nothing obvious in the logs so please run OTL - a more detailed scanner
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 needinghelp123

needinghelp123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 15 July 2010 - 10:18 PM

HERE YOU GO.

OTL Extras logfile created on: 7/15/2010 11:00:46 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\All Users\Documents\Downloads\Computer problem 7-10-2010
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 3.10 Gb Free Space | 5.88% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 17.07 Gb Free Space | 91.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NATHANIEL
Current User Name: Nathaniel Higgins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- File not found
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\WINDOWS\system32\lxdfcoms.exe" = C:\WINDOWS\system32\lxdfcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 6500 Series\lxdfamon.exe" = C:\Program Files\Lexmark 6500 Series\lxdfamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 6500 Series\FRun.exe" = C:\Program Files\Lexmark 6500 Series\FRun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Hasbro Interactive\Classic Games\ClassicBoard.exe" = C:\Program Files\Hasbro Interactive\Classic Games\ClassicBoard.exe:*:Disabled:ClassicBoard -- ()
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Lexmark 6500 Series\lxdfmon.exe" = C:\Program Files\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 6500 Series\LXDFFax.exe" = C:\Program Files\Lexmark 6500 Series\LXDFFax.exe:*:Enabled:Fax Solutions Software -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595ED82D-446E-4C0B-B327-216AE31E9471}" = TurboTax 2008 wmdiper
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9FCCD9B3-4FC4-4F23-8054-ABCB0FB9FC4E}" = Learn to Speak Spanish 9.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E2F6F3BF-0E50-4EC9-BDE3-4C296129C5F6}" = Perfect Typing Pro English
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{f2f41802-17fe-4ae1-adf2-7ffeb049839d}.sdb" = PABC.exe custom database
"3DGroove" = OTOY
"6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
"78880388-579B-4C7D-8654-00183F5C8017" = Lexibox Deluxe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bricks Of Atlantis" = Bricks Of Atlantis
"Bricks Of Camelot" = Bricks Of Camelot
"Bricks Of Egypt" = Bricks Of Egypt
"ClassicBoard" = Milton Bradley Classic Board Games
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Comcast PhotoShow Deluxe 4" = Comcast PhotoShow Deluxe 4
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Desktop Players_is1" = Desktop Players
"Disney Toontown Online" = Disney Toontown Online
"FamilyRC" = Fisher-Price® Ready for School Family Resource Center
"Feeding Frenzy 2" = Feeding Frenzy 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Insaniquarium" = Insaniquarium
"JSLG_PH" = JumpStart Learning Games Phonics
"LEGO Bricktopia" = LEGO Bricktopia (remove only)
"Lexmark 6500 Series" = Lexmark 6500 Series
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.0
"Musicnotes Player" = Musicnotes Player
"N360" = Norton Security Suite
"New LEGO Digital Designer" = LEGO Digital Designer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Otto's Magic Blocks" = Otto's Magic Blocks
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quicken 2001 Deluxe" = Quicken 2001 Deluxe
"RegCure" = RegCure 1.5.0.1
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"RegSERVO" = RegSERVO
"Security Task Manager" = Security Task Manager 1.7f
"Toddler" = Fisher-Price® - Toddler
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"U.B. Funkeys" = U.B. Funkeys
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"WildTangent dell Master Uninstall" = Dell Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"New LEGO Digital Designer" = LEGO Digital Designer

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >




OTL logfile created on: 7/15/2010 11:00:46 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\All Users\Documents\Downloads\Computer problem 7-10-2010
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 3.10 Gb Free Space | 5.88% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 17.07 Gb Free Space | 91.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NATHANIEL
Current User Name: Nathaniel Higgins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\All Users\Documents\Downloads\Computer problem 7-10-2010\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
PRC - C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
PRC - C:\WINDOWS\system32\lxdfcoms.exe ( )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\All Users\Documents\Downloads\Computer problem 7-10-2010\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (lxdf_device) -- C:\WINDOWS\System32\lxdfcoms.exe ( )
SRV - (lxdfCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100707.001\IDSXpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100707.048\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100707.048\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 14 8F 77 0A A0 07 5E 40 B7 9C C1 DD 9D E0 E0 D2 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 03:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/08 08:08:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/27 18:43:18 | 000,000,000 | ---D | M]

[2010/01/17 11:31:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/17 11:31:25 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0A778F14-07A0-405E-B79C-C1DD9DE0E0D2} - No CLSID value found.
O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Program Files\Lexmark 6500 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fidelity.com ([workplaceservices100] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: washingtonpost.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: washingtonpost.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: westlaw.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: westlaw.com ([print] https in Trusted sites)
O15 - HKCU\..Trusted Domains: westlaw.com ([web2] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (devlib.dll) - C:\WINDOWS\System32\devlib.dll (Mozilla Foundation)
O20 - AppInit_DLLs: (advspl.dll) - C:\WINDOWS\System32\advspl.dll (Mozilla Foundation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\f4818b54729: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nathaniel Higgins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nathaniel Higgins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010/07/14 06:13:44 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/10 20:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegSERVO
[2010/07/10 20:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\RegSERVO
[2010/07/10 16:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/10 16:22:20 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/07/10 16:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Tific
[2010/07/06 10:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/06 09:22:59 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2010/07/04 23:59:23 | 000,437,760 | -HS- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\devlib.dll
[2010/07/04 23:59:18 | 000,021,504 | -HS- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\advspl.dll
[2010/07/02 23:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Unused Desktop Shortcuts
[2010/06/20 08:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 08:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/09 18:31:44 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/02 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Typing Invaders
[2010/05/18 16:35:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/05/18 16:35:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/03/07 14:36:38 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll
[2007/05/17 22:08:58 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll
[2007/05/17 22:06:39 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll
[2007/05/17 22:00:32 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll
[2007/05/17 22:00:32 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll
[2007/05/17 22:00:32 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll
[2007/05/17 21:59:33 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll
[2007/05/17 21:57:52 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll
[2007/05/17 21:56:55 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll
[2007/05/17 21:52:56 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll
[2007/05/17 21:51:29 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nathaniel Higgins\*.tmp files -> C:\Documents and Settings\Nathaniel Higgins\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2010/07/15 07:46:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/15 07:44:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/15 07:42:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/15 07:42:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/15 07:41:46 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/14 19:49:43 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Nathaniel Higgins\NTUSER.DAT
[2010/07/14 19:49:30 | 000,702,778 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/14 19:43:52 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/14 19:43:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Nathaniel Higgins\ntuser.ini
[2010/07/14 19:41:04 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Norton Installation Files.lnk
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp8D83A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp6293A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp5593A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp3893A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp2B93A.FOT
[2010/07/10 22:27:37 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\dds.scr
[2010/07/10 22:24:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\defogger_reenable
[2010/07/10 20:30:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegSERVO.job
[2010/07/10 20:30:33 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\RegSERVO.lnk
[2010/07/10 17:21:22 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/10 17:05:58 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/10 17:05:53 | 000,522,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/10 17:05:53 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/10 17:05:53 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/10 16:46:32 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2010/07/10 16:46:31 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/07/10 16:40:57 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\My Documents\Shared Documents.lnk
[2010/07/10 16:36:47 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/10 16:36:47 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/10 15:08:05 | 000,001,375 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/09 12:03:44 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp92574.FOT
[2010/07/09 12:03:44 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp4F574.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD7474.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp7D274.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp1C374.FOT
[2010/07/09 05:45:02 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Shared Documents.lnk
[2010/07/06 07:46:47 | 000,036,847 | ---- | M] () -- C:\Documents and Settings\All Users\lxdf
[2010/07/04 23:59:21 | 000,437,760 | -HS- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\devlib.dll
[2010/07/04 23:59:16 | 000,021,504 | -HS- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\advspl.dll
[2010/06/21 23:20:18 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\To Do Tracking List.xls
[2010/06/20 21:39:06 | 000,054,557 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\week1AResults.htm
[2010/06/20 08:31:27 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/19 00:25:50 | 002,117,144 | -H-- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Local Settings\Application Data\IconCache.db
[2010/06/14 10:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/13 14:21:58 | 000,000,108 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/06/11 17:54:23 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Shortcut to iTunes.exe.lnk
[2010/06/11 06:56:31 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp1A384.FOT
[2010/06/11 06:56:31 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp0E384.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp6E284.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp43384.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp36384.FOT
[2010/06/10 01:09:20 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/02 19:40:08 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Typing Invaders.lnk
[2010/06/01 19:41:35 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Presidents Nathan.doc
[2010/05/24 22:14:29 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 22:13:53 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/05/24 22:07:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/20 17:08:16 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB8C60.FOT
[2010/05/20 17:08:16 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp94A60.FOT
[2010/05/20 17:08:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpFF360.FOT
[2010/05/20 17:08:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB1550.FOT
[2010/05/20 17:08:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp79050.FOT
[2010/05/18 16:35:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/05/18 16:35:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nathaniel Higgins\*.tmp files -> C:\Documents and Settings\Nathaniel Higgins\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp8D83A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp6293A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp5593A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp3893A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp2B93A.FOT
[2010/07/10 22:27:37 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\dds.scr
[2010/07/10 22:24:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\defogger_reenable
[2010/07/10 20:30:41 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegSERVO.job
[2010/07/10 20:30:33 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\RegSERVO.lnk
[2010/07/10 16:36:47 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/10 16:36:47 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/10 16:36:40 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2010/07/10 16:36:40 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/07/10 14:52:46 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Norton Installation Files.lnk
[2010/07/09 12:03:44 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp92574.FOT
[2010/07/09 12:03:44 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp4F574.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD7474.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp7D274.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp1C374.FOT
[2010/06/20 21:39:06 | 000,054,557 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\week1AResults.htm
[2010/06/20 08:46:35 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/11 17:54:35 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Shortcut to iTunes.exe.lnk
[2010/06/11 06:56:31 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp1A384.FOT
[2010/06/11 06:56:31 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp0E384.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp6E284.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp43384.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp36384.FOT
[2010/06/02 19:40:08 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Typing Invaders.lnk
[2010/05/20 17:08:16 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB8C60.FOT
[2010/05/20 17:08:16 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp94A60.FOT
[2010/05/20 17:08:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpFF360.FOT
[2010/05/20 17:08:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB1550.FOT
[2010/05/20 17:08:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp79050.FOT
[2010/03/07 14:39:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL
[2010/03/07 14:39:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL
[2010/03/07 14:39:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll
[2010/03/07 14:36:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini
[2010/03/07 14:36:39 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll
[2010/03/07 14:34:52 | 000,348,160 | R--- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll
[2010/01/21 22:13:47 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010/01/17 12:39:34 | 000,005,720 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/06/20 10:10:17 | 000,000,276 | ---- | C] () -- C:\WINDOWS\winscope.ini
[2008/06/24 11:26:18 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2008/02/15 13:43:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/07/23 08:40:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/07/23 08:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/07/23 08:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/07/23 08:02:37 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/07/23 08:01:59 | 000,001,375 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/05/28 06:02:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll
[2007/05/25 00:24:25 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll
[2007/05/22 18:09:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll
[2007/04/17 18:17:05 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll
[2006/12/25 12:14:08 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DF7CC3A811.sys
[2006/10/17 11:04:31 | 000,000,327 | ---- | C] () -- C:\WINDOWS\Chores.INI
[2006/08/01 09:53:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll
[2006/07/13 23:39:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/08 09:48:28 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/04/07 07:58:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/07 00:40:13 | 000,000,170 | ---- | C] () -- C:\WINDOWS\comptons.ini
[2006/04/07 00:24:52 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/07 00:24:52 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\11A8C37CDF.sys
[2006/04/07 00:19:00 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/04/07 00:18:55 | 000,000,232 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/04/03 19:18:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/03 19:11:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/03 19:04:41 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/03 18:36:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/04/03 18:36:20 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/03/07 14:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6500 Series
[2009/07/25 19:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fisher-Price®
[2006/12/08 12:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2006/10/21 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/10/05 18:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2009/08/15 21:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2006/12/28 18:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/06/03 20:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2010/07/10 20:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegSERVO
[2010/07/10 16:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/07/23 23:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/06/25 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2008/07/31 17:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/10/16 11:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/03 09:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 22:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/07 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\6500 Series
[2010/07/12 06:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Comcast
[2007/11/14 16:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\eLanguage
[2006/12/08 12:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\gamelab
[2006/08/04 07:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Hulabee
[2008/02/15 15:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\ICAClient
[2006/10/21 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\iWin
[2006/04/08 21:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Leadertech
[2007/05/16 17:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\LEGO Company
[2010/03/13 11:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Lexmark Productivity Studio
[2006/08/23 17:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Mind Control Software
[2007/07/24 12:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\PlayFirst
[2006/07/13 16:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Sauce
[2006/04/07 07:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\School Zone Preferences
[2010/02/02 13:25:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\SystemProc
[2010/07/10 16:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Tific
[2007/12/21 14:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Uniblue
[2008/02/24 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\WildTangent
[2009/11/01 03:25:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job
[2010/07/10 16:36:47 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/07/10 16:36:47 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/07/10 20:30:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\RegSERVO.job
[2010/03/27 19:10:27 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{009FB6DB-4FBA-4503-8FEA-59943A941B07}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\TASKMAN.EXE:SummaryInformation
< End of report >
PRC - C:\Documents and Settings\All Users\Documents\Downloads\Computer problem 7-10-2010\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
PRC - C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
PRC - C:\WINDOWS\system32\lxdfcoms.exe ( )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\All Users\Documents\Downloads\Computer problem 7-10-2010\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (lxdf_device) -- C:\WINDOWS\System32\lxdfcoms.exe ( )
SRV - (lxdfCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100707.001\IDSXpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100707.048\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100707.048\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 14 8F 77 0A A0 07 5E 40 B7 9C C1 DD 9D E0 E0 D2 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 03:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/08 08:08:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/27 18:43:18 | 000,000,000 | ---D | M]

[2010/01/17 11:31:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/17 11:31:25 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0A778F14-07A0-405E-B79C-C1DD9DE0E0D2} - No CLSID value found.
O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Program Files\Lexmark 6500 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fidelity.com ([workplaceservices100] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: washingtonpost.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: washingtonpost.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: westlaw.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: westlaw.com ([print] https in Trusted sites)
O15 - HKCU\..Trusted Domains: westlaw.com ([web2] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (devlib.dll) - C:\WINDOWS\System32\devlib.dll (Mozilla Foundation)
O20 - AppInit_DLLs: (advspl.dll) - C:\WINDOWS\System32\advspl.dll (Mozilla Foundation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\f4818b54729: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nathaniel Higgins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nathaniel Higgins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010/07/14 06:13:44 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/10 20:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegSERVO
[2010/07/10 20:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\RegSERVO
[2010/07/10 16:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/10 16:22:20 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/07/10 16:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Tific
[2010/07/06 10:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/06 09:22:59 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2010/07/04 23:59:23 | 000,437,760 | -HS- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\devlib.dll
[2010/07/04 23:59:18 | 000,021,504 | -HS- | C] (Mozilla Foundation) -- C:\WINDOWS\System32\advspl.dll
[2010/07/02 23:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Unused Desktop Shortcuts
[2010/06/20 08:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 08:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/09 18:31:44 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/02 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Typing Invaders
[2010/05/18 16:35:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/05/18 16:35:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010/03/07 14:36:38 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll
[2007/05/17 22:08:58 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll
[2007/05/17 22:06:39 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll
[2007/05/17 22:00:32 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll
[2007/05/17 22:00:32 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll
[2007/05/17 22:00:32 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll
[2007/05/17 21:59:33 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll
[2007/05/17 21:57:52 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll
[2007/05/17 21:56:55 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll
[2007/05/17 21:52:56 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll
[2007/05/17 21:51:29 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nathaniel Higgins\*.tmp files -> C:\Documents and Settings\Nathaniel Higgins\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2010/07/15 07:46:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/15 07:44:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/15 07:42:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/15 07:42:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/15 07:41:46 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/14 19:49:43 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Nathaniel Higgins\NTUSER.DAT
[2010/07/14 19:49:30 | 000,702,778 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/14 19:43:52 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/14 19:43:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Nathaniel Higgins\ntuser.ini
[2010/07/14 19:41:04 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Norton Installation Files.lnk
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp8D83A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp6293A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp5593A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp3893A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp2B93A.FOT
[2010/07/10 22:27:37 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\dds.scr
[2010/07/10 22:24:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\defogger_reenable
[2010/07/10 20:30:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegSERVO.job
[2010/07/10 20:30:33 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\RegSERVO.lnk
[2010/07/10 17:21:22 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/10 17:05:58 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/10 17:05:53 | 000,522,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/10 17:05:53 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/10 17:05:53 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/10 16:46:32 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2010/07/10 16:46:31 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/07/10 16:40:57 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\My Documents\Shared Documents.lnk
[2010/07/10 16:36:47 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/10 16:36:47 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/10 15:08:05 | 000,001,375 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/09 12:03:44 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp92574.FOT
[2010/07/09 12:03:44 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp4F574.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD7474.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp7D274.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp1C374.FOT
[2010/07/09 05:45:02 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Shared Documents.lnk
[2010/07/06 07:46:47 | 000,036,847 | ---- | M] () -- C:\Documents and Settings\All Users\lxdf
[2010/07/04 23:59:21 | 000,437,760 | -HS- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\devlib.dll
[2010/07/04 23:59:16 | 000,021,504 | -HS- | M] (Mozilla Foundation) -- C:\WINDOWS\System32\advspl.dll
[2010/06/21 23:20:18 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\To Do Tracking List.xls
[2010/06/20 21:39:06 | 000,054,557 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\week1AResults.htm
[2010/06/20 08:31:27 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/19 00:25:50 | 002,117,144 | -H-- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Local Settings\Application Data\IconCache.db
[2010/06/14 10:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/13 14:21:58 | 000,000,108 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/06/11 17:54:23 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Shortcut to iTunes.exe.lnk
[2010/06/11 06:56:31 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp1A384.FOT
[2010/06/11 06:56:31 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp0E384.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp6E284.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp43384.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp36384.FOT
[2010/06/10 01:09:20 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/02 19:40:08 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Typing Invaders.lnk
[2010/06/01 19:41:35 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Presidents Nathan.doc
[2010/05/24 22:14:29 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 22:13:53 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/05/24 22:07:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/20 17:08:16 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB8C60.FOT
[2010/05/20 17:08:16 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp94A60.FOT
[2010/05/20 17:08:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpFF360.FOT
[2010/05/20 17:08:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB1550.FOT
[2010/05/20 17:08:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp79050.FOT
[2010/05/18 16:35:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/05/18 16:35:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nathaniel Higgins\*.tmp files -> C:\Documents and Settings\Nathaniel Higgins\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp8D83A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp6293A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp5593A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp3893A.FOT
[2010/07/12 06:24:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp2B93A.FOT
[2010/07/10 22:27:37 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\dds.scr
[2010/07/10 22:24:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\defogger_reenable
[2010/07/10 20:30:41 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegSERVO.job
[2010/07/10 20:30:33 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\RegSERVO.lnk
[2010/07/10 16:36:47 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/10 16:36:47 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/10 16:36:40 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2010/07/10 16:36:40 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/07/10 14:52:46 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Norton Installation Files.lnk
[2010/07/09 12:03:44 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp92574.FOT
[2010/07/09 12:03:44 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp4F574.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD7474.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp7D274.FOT
[2010/07/09 12:03:43 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp1C374.FOT
[2010/06/20 21:39:06 | 000,054,557 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\week1AResults.htm
[2010/06/20 08:46:35 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/11 17:54:35 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Shortcut to iTunes.exe.lnk
[2010/06/11 06:56:31 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp1A384.FOT
[2010/06/11 06:56:31 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp0E384.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp6E284.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp43384.FOT
[2010/06/11 06:56:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp36384.FOT
[2010/06/02 19:40:08 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Nathaniel Higgins\Desktop\Typing Invaders.lnk
[2010/05/20 17:08:16 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB8C60.FOT
[2010/05/20 17:08:16 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp94A60.FOT
[2010/05/20 17:08:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpFF360.FOT
[2010/05/20 17:08:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB1550.FOT
[2010/05/20 17:08:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp79050.FOT
[2010/03/07 14:39:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL
[2010/03/07 14:39:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL
[2010/03/07 14:39:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll
[2010/03/07 14:36:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini
[2010/03/07 14:36:39 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll
[2010/03/07 14:34:52 | 000,348,160 | R--- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll
[2010/01/21 22:13:47 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010/01/17 12:39:34 | 000,005,720 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/06/20 10:10:17 | 000,000,276 | ---- | C] () -- C:\WINDOWS\winscope.ini
[2008/06/24 11:26:18 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2008/02/15 13:43:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/07/23 08:40:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/07/23 08:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/07/23 08:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/07/23 08:02:37 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/07/23 08:01:59 | 000,001,375 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/05/28 06:02:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll
[2007/05/25 00:24:25 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll
[2007/05/22 18:09:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll
[2007/04/17 18:17:05 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll
[2006/12/25 12:14:08 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DF7CC3A811.sys
[2006/10/17 11:04:31 | 000,000,327 | ---- | C] () -- C:\WINDOWS\Chores.INI
[2006/08/01 09:53:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll
[2006/07/13 23:39:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/08 09:48:28 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/04/07 07:58:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/07 00:40:13 | 000,000,170 | ---- | C] () -- C:\WINDOWS\comptons.ini
[2006/04/07 00:24:52 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/07 00:24:52 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\11A8C37CDF.sys
[2006/04/07 00:19:00 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/04/07 00:18:55 | 000,000,232 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/04/03 19:18:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/03 19:11:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/03 19:04:41 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/03 18:36:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/04/03 18:36:20 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/03/07 14:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6500 Series
[2009/07/25 19:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fisher-Price®
[2006/12/08 12:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2006/10/21 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/10/05 18:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2009/08/15 21:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2006/12/28 18:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/06/03 20:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2010/07/10 20:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegSERVO
[2010/07/10 16:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/07/23 23:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/06/25 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2008/07/31 17:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/10/16 11:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/03 09:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 22:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/07 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\6500 Series
[2010/07/12 06:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Comcast
[2007/11/14 16:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\eLanguage
[2006/12/08 12:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\gamelab
[2006/08/04 07:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Hulabee
[2008/02/15 15:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\ICAClient
[2006/10/21 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\iWin
[2006/04/08 21:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Leadertech
[2007/05/16 17:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\LEGO Company
[2010/03/13 11:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Lexmark Productivity Studio
[2006/08/23 17:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Mind Control Software
[2007/07/24 12:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\PlayFirst
[2006/07/13 16:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Sauce
[2006/04/07 07:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\School Zone Preferences
[2010/02/02 13:25:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\SystemProc
[2010/07/10 16:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Tific
[2007/12/21 14:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\Uniblue
[2008/02/24 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathaniel Higgins\Application Data\WildTangent
[2009/11/01 03:25:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job
[2010/07/10 16:36:47 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/07/10 16:36:47 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/07/10 20:30:42 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\RegSERVO.job
[2010/03/27 19:10:27 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{009FB6DB-4FBA-4503-8FEA-59943A941B07}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\TASKMAN.EXE:SummaryInformation

< End of report >


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:37 PM

Posted 16 July 2010 - 07:35 PM

I see you are using Reg Cure.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
Now run OTL as below

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O2 - BHO: (no name) - {0A778F14-07A0-405E-B79C-C1DD9DE0E0D2} - No CLSID value found.
O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:commands
[EmptyTemp]
[Reboot]


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Now please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 needinghelp123

needinghelp123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 July 2010 - 07:58 PM

Here's the next log. Seems like we are making progress.

Should I uninstall Reg Cure?

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A778F14-07A0-405E-B79C-C1DD9DE0E0D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A778F14-07A0-405E-B79C-C1DD9DE0E0D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2548383 bytes
->Flash cache emptied: 1521 bytes

User: Nathaniel Higgins
->Temp folder emptied: 32596483 bytes
->Temporary Internet Files folder emptied: 29694325 bytes
->Java cache emptied: 15851541 bytes
->Apple Safari cache emptied: 3742920 bytes
->Flash cache emptied: 1132106 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5690385 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9059710 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39165626 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 133.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07162010_204456

OTL by OldTimer - Version 3.2.9.0 log created on 07162010_204456

OTL by OldTimer - Version 3.2.9.0 log created on 07162010_204456

Files\Folders moved on Reboot...
C:\Documents and Settings\Nathaniel Higgins\Local Settings\Temporary Internet Files\Content.IE5\BXJJ2UPS\topic330676[1].htm moved successfully.
C:\Documents and Settings\Nathaniel Higgins\Local Settings\Temporary Internet Files\Content.IE5\2ZF3Z7PB\iframe[1].htm moved successfully.
C:\Documents and Settings\Nathaniel Higgins\Local Settings\Temporary Internet Files\Content.IE5\0AYYV9H0\iframe[1].htm moved successfully.
C:\Documents and Settings\Nathaniel Higgins\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...




#8 needinghelp123

needinghelp123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 July 2010 - 09:16 PM

Here's the Combo Fix

ComboFix 10-07-15.05 - Nathaniel Higgins 07/16/2010 21:38:46.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.933 [GMT -4:00]
Running from: c:\documents and settings\All Users\Documents\Downloads\Computer problem 7-10-2010\comfix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nathaniel Higgins\Application Data\020000007174d56d729C.manifest
c:\documents and settings\Nathaniel Higgins\Application Data\020000007174d56d729O.manifest
c:\documents and settings\Nathaniel Higgins\Application Data\020000007174d56d729P.manifest
c:\documents and settings\Nathaniel Higgins\Application Data\020000007174d56d729S.manifest
c:\documents and settings\Nathaniel Higgins\Application Data\SystemProc
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\GnuHashes.ini
c:\windows\system32\1186196531
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u786157838v0
c:\windows\system32\SysWoW32\@u786157838v1
c:\windows\system32\SysWoW32\@u786157838v2
c:\windows\system32\SysWoW32\@u786157838v3
c:\windows\system32\SysWoW32\@u786157838v4
c:\windows\system32\SysWoW32\@u786157838v5
c:\windows\system32\SysWoW32\@u786157838v6
c:\windows\system32\SysWoW32\@u786157838v7
c:\windows\system32\SysWoW32\_u786157838v0
c:\windows\system32\SysWoW32\_u786157838v1
c:\windows\system32\SysWoW32\_u786157838v2
c:\windows\system32\SysWoW32\_u786157838v3
c:\windows\system32\SysWoW32\_u786157838v4
c:\windows\system32\SysWoW32\_u786157838v5
c:\windows\system32\SysWoW32\_u786157838v6
c:\windows\system32\SysWoW32\_u786157838v7
c:\windows\system32\SysWoW32\mu786157838v4
c:\windows\system32\SysWoW32\mu786157838v4.kwd
c:\windows\system32\SysWoW32\mu786157838v5
c:\windows\system32\SysWoW32\mu786157838v5.kwd
c:\windows\system32\SysWoW32\mu786157838v6
c:\windows\system32\SysWoW32\mu786157838v6.kwd
c:\windows\system32\SysWoW32\mu786157838v7
c:\windows\system32\SysWoW32\mu786157838v7.kwd
c:\windows\system32\SysWoW32\wu786157838v0
c:\windows\system32\SysWoW32\wu786157838v0.kwd
c:\windows\system32\SysWoW32\wu786157838v1
c:\windows\system32\SysWoW32\wu786157838v1.kwd
c:\windows\system32\SysWoW32\wu786157838v2
c:\windows\system32\SysWoW32\wu786157838v2.kwd
c:\windows\system32\SysWoW32\wu786157838v3
c:\windows\system32\SysWoW32\wu786157838v3.kwd
c:\windows\system32\unrar.exe
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-17 00:44 . 2010-07-17 00:44 -------- d-----w- C:\_OTL
2010-07-14 10:13 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 00:30 . 2010-07-11 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO
2010-07-11 00:30 . 2010-07-11 00:30 -------- d-----w- c:\program files\RegSERVO
2010-07-10 22:25 . 2010-07-10 22:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-10 20:36 . 2010-07-10 20:36 -------- d-----w- c:\program files\RegCure
2010-07-10 20:17 . 2010-07-10 20:17 -------- d-----w- c:\documents and settings\Nathaniel Higgins\Application Data\Tific
2010-07-06 14:11 . 2010-07-06 14:11 -------- d-----w- c:\program files\NOS
2010-07-06 13:22 . 2010-07-06 13:23 -------- d-----w- C:\N360_BACKUP
2010-07-05 03:59 . 2010-07-05 03:59 437760 --sh--w- c:\windows\system32\devlib.dll
2010-07-05 03:59 . 2010-07-05 03:59 21504 --sh--w- c:\windows\system32\advspl.dll
2010-06-20 12:44 . 2010-06-20 12:44 -------- d-----w- c:\program files\iPod
2010-06-20 12:34 . 2010-06-20 12:34 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 01:04 . 2009-07-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-17 01:00 . 2009-07-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-12 10:24 . 2008-01-20 02:39 -------- d-----w- c:\documents and settings\Nathaniel Higgins\Application Data\Comcast
2010-07-11 01:51 . 2006-04-09 04:11 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-11 01:33 . 2006-04-03 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-10 20:53 . 2008-07-10 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-07-10 20:52 . 2010-07-10 20:52 44 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_03643A832AAEB210DA6B000000000000.dll
2010-07-10 20:52 . 2010-07-10 20:52 4181 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_05F579832AAEB210DA4B000000000000.dll
2010-07-10 20:52 . 2010-07-10 20:52 3568 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
2010-07-10 20:52 . 2010-07-10 20:52 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2010-07-10 20:52 . 2010-07-10 20:52 1077 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_18555481990E8AB4CBB63FB4F26006C0.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DE049932AAEB210DA1F000000000000.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D18A5C32AAEB210EAF9000000000000.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_08BD18832AAEB210DAEA000000000000.dll
2010-06-20 15:05 . 2010-06-20 15:05 10692652 ----a-w- c:\documents and settings\All Users\SPLB8.tmp
2010-06-20 12:46 . 2010-05-08 06:02 -------- d-----w- c:\program files\iTunes
2010-06-20 12:44 . 2009-11-03 02:40 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 12:32 . 2010-06-20 12:32 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-20 12:31 . 2010-02-07 17:17 -------- d-----w- c:\program files\Safari
2010-06-20 12:27 . 2010-06-20 12:27 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 18:21 . 2006-06-09 18:25 108 ----a-w- c:\windows\popcinfo.dat
2010-06-05 13:04 . 2010-06-02 23:40 -------- d-----w- c:\program files\Typing Invaders
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 17:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 00:47 . 2009-11-03 02:42 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2009-11-03 02:42 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-11-27 21:41 . 2006-11-27 21:41 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-01-22 01:26 . 2006-04-07 04:24 152 --sh--r- c:\windows\system32\11A8C37CDF.sys
2008-01-08 02:12 . 2006-12-25 16:14 88 --sh--r- c:\windows\system32\DF7CC3A811.sys
2008-01-22 01:28 . 2006-04-07 04:24 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2007-06-12 308144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfwbgw.exe"=
"c:\\WINDOWS\\system32\\lxdfcoms.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\lxdfamon.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\FRun.exe"=
"c:\\Program Files\\Hasbro Interactive\\Classic Games\\ClassicBoard.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\lxdfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdftime.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\LXDFFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfjswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [5/29/2007 2:06 PM 99248]
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-01 c:\windows\Tasks\jucheck.job
- c:\program files\Java\jre1.6.0_01\bin\jucheck.exe [2007-06-09 07:43]

2010-07-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2010-07-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2010-07-11 c:\windows\Tasks\RegSERVO.job
- c:\program files\RegSERVO\RegSERVO.exe [2011-06-30 17:14]

2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{009FB6DB-4FBA-4503-8FEA-59943A941B07}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: fidelity.com\workplaceservices100
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
Trusted Zone: washingtonpost.com\www
Trusted Zone: washingtonpost.com
Trusted Zone: westlaw.com
Trusted Zone: westlaw.com\print
Trusted Zone: westlaw.com\web2
.
- - - - ORPHANS REMOVED - - - -

Notify-f4818b54729 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 21:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\lxdfcoms.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-16 21:57:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-17 01:57
ComboFix2.txt 2008-07-29 17:49

Pre-Run: 4,163,260,416 bytes free
Post-Run: 4,060,667,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F08F5F90A27093EE7173EE8FD57E9146


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:37 PM

Posted 17 July 2010 - 05:02 PM

Please rerun Combofix as below

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

QUOTE
FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | c:\windows\System32\eventlog.dll

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Then please run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#10 needinghelp123

needinghelp123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 July 2010 - 08:44 PM

Thanks for all your hard work. I really appreciate it. Here is the ComboFix log based on the CFScript.txt I'll take the other steps now.


ComboFix 10-07-16.01 - Nathaniel Higgins 07/17/2010 21:33:49.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.825 [GMT -4:00]
Running from: c:\documents and settings\All Users\Documents\Downloads\Computer problem 7-10-2010\comfix.exe
Command switches used :: c:\documents and settings\All Users\Documents\Downloads\Computer problem 7-10-2010\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\System32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-18 01:33 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2010-07-18 01:33 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2010-07-17 00:44 . 2010-07-17 00:44 -------- d-----w- C:\_OTL
2010-07-14 10:13 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 00:30 . 2010-07-11 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO
2010-07-10 22:25 . 2010-07-10 22:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-10 20:52 . 2010-07-10 20:52 44 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_03643A832AAEB210DA6B000000000000.dll
2010-07-10 20:52 . 2010-07-10 20:52 4181 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_05F579832AAEB210DA4B000000000000.dll
2010-07-10 20:52 . 2010-07-10 20:52 3568 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
2010-07-10 20:52 . 2010-07-10 20:52 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2010-07-10 20:52 . 2010-07-10 20:52 1077 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_18555481990E8AB4CBB63FB4F26006C0.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DE049932AAEB210DA1F000000000000.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D18A5C32AAEB210EAF9000000000000.dll
2010-07-10 20:52 . 2010-07-10 20:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_08BD18832AAEB210DAEA000000000000.dll
2010-07-10 20:17 . 2010-07-10 20:17 -------- d-----w- c:\documents and settings\Nathaniel Higgins\Application Data\Tific
2010-07-06 14:11 . 2010-07-06 14:11 -------- d-----w- c:\program files\NOS
2010-07-06 13:22 . 2010-07-06 13:23 -------- d-----w- C:\N360_BACKUP
2010-07-05 03:59 . 2010-07-05 03:59 21504 --sh--w- c:\windows\system32\advspl.dll
2010-06-20 12:44 . 2010-06-20 12:44 -------- d-----w- c:\program files\iPod
2010-06-20 12:34 . 2010-06-20 12:34 -------- d-----w- c:\program files\Bonjour
2010-06-20 12:32 . 2010-06-20 12:32 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-20 12:27 . 2010-06-20 12:27 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 22:44 . 2009-07-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-17 02:42 . 2008-07-10 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-07-17 01:00 . 2009-07-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-12 10:24 . 2008-01-20 02:39 -------- d-----w- c:\documents and settings\Nathaniel Higgins\Application Data\Comcast
2010-07-11 01:51 . 2006-04-09 04:11 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-11 01:33 . 2006-04-03 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-20 15:05 . 2010-06-20 15:05 10692652 ----a-w- c:\documents and settings\All Users\SPLB8.tmp
2010-06-20 12:46 . 2010-05-08 06:02 -------- d-----w- c:\program files\iTunes
2010-06-20 12:44 . 2009-11-03 02:40 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 12:31 . 2010-02-07 17:17 -------- d-----w- c:\program files\Safari
2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 18:21 . 2006-06-09 18:25 108 ----a-w- c:\windows\popcinfo.dat
2010-06-05 13:04 . 2010-06-02 23:40 -------- d-----w- c:\program files\Typing Invaders
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 17:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 00:47 . 2009-11-03 02:42 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2009-11-03 02:42 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-11-27 21:41 . 2006-11-27 21:41 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-01-22 01:26 . 2006-04-07 04:24 152 --sh--r- c:\windows\system32\11A8C37CDF.sys
2008-01-08 02:12 . 2006-12-25 16:14 88 --sh--r- c:\windows\system32\DF7CC3A811.sys
2008-01-22 01:28 . 2006-04-07 04:24 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2007-06-12 308144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfwbgw.exe"=
"c:\\WINDOWS\\system32\\lxdfcoms.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\lxdfamon.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\FRun.exe"=
"c:\\Program Files\\Hasbro Interactive\\Classic Games\\ClassicBoard.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\lxdfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdftime.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\LXDFFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfjswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [5/29/2007 2:06 PM 99248]
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-01 c:\windows\Tasks\jucheck.job
- c:\program files\Java\jre1.6.0_01\bin\jucheck.exe [2007-06-09 07:43]

2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{009FB6DB-4FBA-4503-8FEA-59943A941B07}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: fidelity.com\workplaceservices100
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
Trusted Zone: washingtonpost.com\www
Trusted Zone: washingtonpost.com
Trusted Zone: westlaw.com
Trusted Zone: westlaw.com\print
Trusted Zone: westlaw.com\web2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 21:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1796)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2010-07-17 21:41:34
ComboFix-quarantined-files.txt 2010-07-18 01:41
ComboFix2.txt 2010-07-17 23:39
ComboFix3.txt 2010-07-17 01:57
ComboFix4.txt 2008-07-29 17:49

Pre-Run: 3,946,422,272 bytes free
Post-Run: 3,928,846,336 bytes free

- - End Of File - - CFBFC7B8209690DD7F39C5409D538858




#11 needinghelp123

needinghelp123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 July 2010 - 11:06 PM

Here's my ESET OnlineScan

C:\Documents and Settings\All Users\Documents\Downloads\Security_Task_Manager_v1.7\Security_Task_Manager_v1.7.zip Win32/Hoax.Agent.BD application deleted - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\SysWoW32\@u786157838v3.vir a variant of Win32/Kryptik.DEC trojan deleted - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\SysWoW32\wu786157838v1.vir a variant of Win32/Kryptik.EHK trojan deleted - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\SysWoW32\wu786157838v2.vir a variant of Win32/Kryptik.EHK trojan deleted - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\SysWoW32\wu786157838v3.vir a variant of Win32/Kryptik.EHK trojan deleted - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\SysWoW32\_u786157838v3.vir a variant of Win32/Kryptik.DEC trojan deleted - quarantined
C:\WINDOWS\system32\advspl.dll a variant of Win32/Kryptik.EYX trojan cleaned by deleting - quarantined


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:37 PM

Posted 18 July 2010 - 05:02 AM

The top and bottom files are essentially the infection core (the trojan) and are what entered the PC initially. These are usually the last to be removed,

How is the PC running now?
Posted Image
m0le is a proud member of UNITE

#13 needinghelp123

needinghelp123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 July 2010 - 08:55 AM

Mole,

It seems to be working very well. The only think outstanding is that I'm having an odd experience with my mouse. It started around the same time as this problem. When I open Internet Explore or other programs, two or three versions of the application open up.

Something I might be able to live with unless you have some ideas.

Thanks so much!

thumbup.gif

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:37 PM

Posted 18 July 2010 - 03:18 PM

Could be the mouse.

Can you swap it with a spare to test it?

If there was a disk that came with the mouse then you may want to reinstall the mouse using it.


Posted Image
m0le is a proud member of UNITE

#15 needinghelp123

needinghelp123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 July 2010 - 06:46 PM

Thanks. It's working fine now. Looks like everything is resolved.

Thanks so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users