Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojans: .fake-alert, .agent, .vundo, .bho, and .downloader; spyware.banker, adware.popcap and rogue.agent/gen-nullo[dll],


  • This topic is locked This topic is locked
27 replies to this topic

#1 Llyn

Llyn

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 24 August 2010 - 06:09 PM

I want to start by saying this is my third time here and you guys have been absolutely FABULOUS the other two times. (I say that not by way of pressure! but appreciation for all you all do!).

I have run McAfee, Adaware, Malwarebytes, and superantispyware, and got the above items quarantined, but am still having non-stop popups, and I can type in a URL but if I click a link who knows where I'll end up. Looks like most of the required stats are in the dds file, so here it is. If you need anything else, just let me know.

Oh, and I'm attaching my attach.txt but can't attach the ark file, as gmer gives me a BSOD every time I try to run it. No error codes, just "your computer has encountered blah blah and has to shut down." If you need the precise text of that I'll recreate it for you.

Also, the date on these files is 7/31, but they should still be current since the PC's been sitting turned off and disconnected from the internet since then, but if I should run updated files, again, just let me know.

Thanks in advance!

Lynn



DDS (Ver_10-03-17.01) - NTFSx86
Run by Lynn Springle at 15:56:45.03 on Sat 07/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1007 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Pure Networks\Network Magic\nmapp .exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft IntelliType Pro\itype .exe
C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext .exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Application Data\ogRlGTXd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lynn Springle\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: @c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm .exe"
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe AcStd7_1_0 -reboot 1
uRun: [kfyllitg] c:\documents and settings\lynn springle\local settings\application data\efkaecvyh\dwwwfgutssd.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [<NO NAME>]
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ZoomMonitor.exe] c:\program files\zoom\zoom phone adaptor\ZoomMonitor.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1363.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [kfyllitg] c:\documents and settings\lynn springle\local settings\application data\efkaecvyh\dwwwfgutssd.exe
mRun: [xsylevfm] c:\documents and settings\networkservice\local settings\application data\licgtknop\uknxvvltssd.exe
dRun: [xsylevfm] c:\documents and settings\networkservice\local settings\application data\licgtknop\uknxvvltssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\DELLNE~1.LNK -
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5498/mcfscan.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lynnsp~1\applic~1\mozilla\firefox\profiles\pf70b7rz.default\
FF - prefs.js: browser.search.selectedEngine - qrobe.it
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\program files\msn toolbar\platform\5.0.1363.0\firefox\components\DomBridge.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\lynn springle\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1363.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R0 TLRecAgent;TLRecAgent;c:\windows\system32\drivers\TLRecAgent.sys [2009-4-11 36976]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-14 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-12-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-14 144704]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2010-2-22 45312]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-28 24652]
R2 VService;VService;c:\program files\zoom\zoom phone adaptor\VServ.exe [2008-1-17 104976]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-14 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-14 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-14 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-28 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-14 34248]
S3 scusbvip;VL1800 USB Driver;c:\windows\system32\drivers\scusbvip.sys [2009-4-11 609936]
S3 SLVAD_simple;Zoom Virtual Audio Device;c:\windows\system32\drivers\slvad.sys [2009-4-11 84912]
S3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2008-4-26 15232]

=============== Created Last 30 ================

2010-07-31 19:55:19 0 ----a-w- c:\documents and settings\lynn springle\defogger_reenable
2010-07-31 18:03:37 71170 ----a-w- c:\docume~1\alluse~1\applic~1\ogRlGTXd.exe
2010-07-30 17:00:40 112 ----a-w- c:\docume~1\alluse~1\applic~1\4QPHvs4.dat
2010-07-23 23:05:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-18 22:39:49 0 d-----w- c:\program files\ETS
2010-07-15 12:04:00 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 11:59:36 0 d-----w- c:\docume~1\alluse~1\applic~1\NTIReg
2010-07-14 11:43:21 14464 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-07-14 11:43:19 13440 ----a-w- c:\windows\system32\drivers\UBHelper.sys
2010-07-14 11:42:46 0 d-----w- c:\windows\system32\drivers\nti
2010-07-14 11:42:46 0 d-----w- c:\program files\NewTech Infosystems
2010-07-14 11:41:49 0 d-----w- c:\windows\Downloaded Installations
2010-07-09 04:13:06 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
2010-07-09 04:12:57 0 d-----w- c:\program files\Transparent
2010-07-09 04:12:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Transparent

==================== Find3M ====================

2010-07-30 16:58:19 36864 ----a-w- c:\windows\fonts\33F63.com
2010-07-15 19:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-05 09:00:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-01-30 01:29:53 6963 --sha-w- c:\windows\system32\bakegeke.dll
2009-01-11 01:26:51 6942 --sha-w- c:\windows\system32\bayopebe.dll
2009-01-02 15:33:48 6984 --sha-w- c:\windows\system32\begafayu.dll
2009-01-08 00:52:56 7024 --sha-w- c:\windows\system32\bejowigo.dll
2009-01-17 01:59:39 7030 --sha-w- c:\windows\system32\bovutuna.dll
2009-01-27 12:07:43 7003 --sha-w- c:\windows\system32\budasazo.dll
2009-01-05 12:52:28 6962 --sha-w- c:\windows\system32\bupinumo.dll
2009-01-05 12:52:28 6982 --sha-w- c:\windows\system32\buwomiji.dll
2009-01-26 23:23:29 6928 --sha-w- c:\windows\system32\buyinuni.dll
2009-01-31 14:31:01 7090 --sha-w- c:\windows\system32\deborose.dll
2009-01-27 12:07:41 6889 --sha-w- c:\windows\system32\dehageja.dll
2009-01-06 12:52:34 6832 --sha-w- c:\windows\system32\denozoto.dll
2009-01-27 12:07:43 6980 --sha-w- c:\windows\system32\dilizope.dll
2009-01-17 01:59:39 6924 --sha-w- c:\windows\system32\dineweso.dll
2009-01-07 12:52:40 6839 --sha-w- c:\windows\system32\domilepo.dll
2009-01-02 15:33:48 6884 --sha-w- c:\windows\system32\domunazi.dll
2009-01-02 03:33:39 7001 --sha-w- c:\windows\system32\dukebese.dll
2009-01-09 00:53:27 6933 --sha-w- c:\windows\system32\fabipibu.dll
2009-01-17 01:59:39 6994 --sha-w- c:\windows\system32\fayuwula.dll
2009-01-01 15:33:33 6904 --sha-w- c:\windows\system32\femabare.dll
2009-01-04 03:34:48 6843 --sha-w- c:\windows\system32\fetohuti.dll
2009-01-22 02:24:57 6994 --sha-w- c:\windows\system32\figemami.dll
2009-01-09 13:26:04 7007 --sha-w- c:\windows\system32\fodoyaru.dll
2009-01-24 01:43:01 6870 --sha-w- c:\windows\system32\gahikilu.dll
2009-01-30 01:29:53 6963 --sha-w- c:\windows\system32\gigahone.dll
2009-01-12 03:31:30 6881 --sha-w- c:\windows\system32\gizolama.dll
2009-01-30 14:30:29 6928 --sha-w- c:\windows\system32\govezamu.dll
2009-01-16 12:58:31 6904 --sha-w- c:\windows\system32\gupabufo.dll
2009-01-06 00:52:33 7028 --sha-w- c:\windows\system32\gutesoza.dll
2009-01-12 22:08:35 6960 --sha-w- c:\windows\system32\guzadiya.dll
2009-01-29 01:29:22 6892 --sha-w- c:\windows\system32\hofubayi.dll
2009-01-31 14:31:01 6984 --sha-w- c:\windows\system32\hunazazi.dll
2009-01-28 02:23:53 6975 --sha-w- c:\windows\system32\janaluko.dll
2009-01-24 13:43:25 6858 --sha-w- c:\windows\system32\juhalobo.dll
2009-01-02 03:33:39 7028 --sha-w- c:\windows\system32\kamesovu.dll
2009-01-13 12:08:03 7108 --sha-w- c:\windows\system32\kebisoti.dll
2009-01-26 23:23:29 6929 --sha-w- c:\windows\system32\kelesopu.dll
2009-01-29 01:29:23 6891 --sha-w- c:\windows\system32\ketosegi.dll
2009-01-12 22:08:33 7055 --sha-w- c:\windows\system32\kinotava.dll
2009-01-31 02:30:53 6879 --sha-w- c:\windows\system32\koleyihi.dll
2009-01-28 02:23:38 7018 --sha-w- c:\windows\system32\laboyaze.dll
2009-01-04 03:34:48 7077 --sha-w- c:\windows\system32\laliwumo.dll
2009-01-29 13:29:32 6998 --sha-w- c:\windows\system32\lenuhuse.dll
2009-01-11 01:26:51 7064 --sha-w- c:\windows\system32\lidakubi.dll
2009-01-09 00:53:27 6982 --sha-w- c:\windows\system32\lojefuwi.dll
2009-01-29 13:29:32 7125 --sha-w- c:\windows\system32\lopisedu.dll
2009-01-10 13:26:34 7040 --sha-w- c:\windows\system32\lufositi.dll
2008-12-31 22:20:50 6886 --sha-w- c:\windows\system32\luniyepi.dll
2009-01-10 01:26:18 6895 --sha-w- c:\windows\system32\lupufove.dll
2009-01-03 15:34:25 6900 --sha-w- c:\windows\system32\mabafaye.dll
2009-01-11 14:31:20 6914 --sha-w- c:\windows\system32\mayihuyo.dll
2009-01-04 20:01:53 6959 --sha-w- c:\windows\system32\minozuva.dll
2009-01-06 12:52:34 6884 --sha-w- c:\windows\system32\misesopo.dll
2009-01-29 13:29:32 6883 --sha-w- c:\windows\system32\mizonuzi.dll
2009-01-03 03:34:01 7003 --sha-w- c:\windows\system32\nafuposo.dll
2009-01-05 12:52:28 6895 --sha-w- c:\windows\system32\naketoji.dll
2009-01-23 01:42:45 7037 --sha-w- c:\windows\system32\natojuza.dll
2009-01-08 12:53:05 7110 --sha-w- c:\windows\system32\nazesuna.dll
2009-01-25 01:43:39 6987 --sha-w- c:\windows\system32\nazoluha.dll
2009-01-04 20:01:52 6992 --sha-w- c:\windows\system32\nebuyuru.dll
2009-01-11 14:31:20 6904 --sha-w- c:\windows\system32\niwakamu.dll
2009-01-12 22:08:35 7004 --sha-w- c:\windows\system32\notosujo.dll
2009-01-17 01:59:35 6971 --sha-w- c:\windows\system32\nozimoga.dll
2009-01-02 15:33:48 6845 --sha-w- c:\windows\system32\nubipuri.dll
2009-01-24 01:43:01 6969 --sha-w- c:\windows\system32\nunahiha.dll
2009-01-29 01:29:23 6977 --sha-w- c:\windows\system32\pafewamu.dll
2009-01-30 14:30:29 6956 --sha-w- c:\windows\system32\pahiboji.dll
2008-12-31 10:20:25 6997 --sha-w- c:\windows\system32\pejutise.dll
2009-01-01 15:33:34 6877 --sha-w- c:\windows\system32\pemoduza.dll
2009-01-06 00:52:32 6990 --sha-w- c:\windows\system32\pewitefa.dll
2009-01-22 02:24:49 7010 --sha-w- c:\windows\system32\peyofosa.dll
2009-01-28 02:23:53 6947 --sha-w- c:\windows\system32\pimasebi.dll
2009-01-10 13:26:34 7007 --sha-w- c:\windows\system32\polimesa.dll
2009-01-29 13:29:32 6944 --sha-w- c:\windows\system32\poyekeku.dll
2009-01-26 23:23:26 7045 --sha-w- c:\windows\system32\radasufu.dll
2009-01-03 15:34:25 6923 --sha-w- c:\windows\system32\raguduju.dll
2009-01-09 13:26:04 7012 --sha-w- c:\windows\system32\rijehera.dll
2009-01-06 00:52:32 7004 --sha-w- c:\windows\system32\rirezake.dll
2009-01-01 15:33:33 6990 --sha-w- c:\windows\system32\rokeveze.dll
2009-01-24 01:43:01 6992 --sha-w- c:\windows\system32\royabido.dll
2009-01-25 01:43:39 6970 --sha-w- c:\windows\system32\ruhufuga.dll
2009-01-28 02:23:53 6845 --sha-w- c:\windows\system32\sadujoka.dll
2009-01-14 01:39:18 6973 --sha-w- c:\windows\system32\saguyezo.dll
2009-01-24 13:43:25 6958 --sha-w- c:\windows\system32\sahahura.dll
2008-12-31 22:20:50 6982 --sha-w- c:\windows\system32\sopijawe.dll
2009-01-10 13:26:34 6996 --sha-w- c:\windows\system32\sugohoru.dll
2009-01-08 12:53:05 7023 --sha-w- c:\windows\system32\tagilahe.dll
2009-01-30 01:29:53 7000 --sha-w- c:\windows\system32\tedutoki.dll
2009-01-08 00:53:05 6865 --sha-w- c:\windows\system32\tenudova.dll
2009-01-10 01:26:18 6922 --sha-w- c:\windows\system32\tijajahi.dll
2008-12-31 10:20:26 6859 --sha-w- c:\windows\system32\tulayeba.dll
2009-01-30 01:29:52 7052 --sha-w- c:\windows\system32\vadopopa.dll
2009-01-16 12:58:28 6855 --sha-w- c:\windows\system32\vawuvate.dll
2009-01-04 03:34:48 6884 --sha-w- c:\windows\system32\venojiho.dll
2009-01-10 01:26:18 7069 --sha-w- c:\windows\system32\viboluku.dll
2009-01-11 01:26:51 6965 --sha-w- c:\windows\system32\vofobuyi.dll
2009-01-24 13:43:25 7012 --sha-w- c:\windows\system32\vororeni.dll
2009-01-03 03:34:02 7058 --sha-w- c:\windows\system32\vosefeve.dll
2008-12-31 10:20:25 6993 --sha-w- c:\windows\system32\wedewawa.dll
2009-01-22 02:24:49 7092 --sha-w- c:\windows\system32\wiromega.dll
2009-01-31 02:30:53 7065 --sha-w- c:\windows\system32\wojifizi.dll
2009-01-13 12:08:01 6986 --sha-w- c:\windows\system32\wufajojo.dll
2009-01-13 12:08:03 6918 --sha-w- c:\windows\system32\wujuleza.dll
2009-01-31 14:31:01 6927 --sha-w- c:\windows\system32\wukanipo.dll
2008-12-31 22:20:50 7077 --sha-w- c:\windows\system32\wunesivo.dll
2009-01-23 13:42:46 6942 --sha-w- c:\windows\system32\yegitubu.dll
2009-01-06 12:52:34 6870 --sha-w- c:\windows\system32\yelewaba.dll
2009-01-03 15:34:25 7043 --sha-w- c:\windows\system32\yihovepe.dll
2009-01-14 01:39:51 7032 --sha-w- c:\windows\system32\yiwoyula.dll
2009-01-11 14:31:20 6888 --sha-w- c:\windows\system32\yojategu.dll
2009-01-29 01:29:22 6974 --sha-w- c:\windows\system32\yokumawe.dll
2009-01-25 15:33:58 7057 --sha-w- c:\windows\system32\yoranata.dll
2009-01-14 01:39:18 6874 --sha-w- c:\windows\system32\yotegoba.dll
2009-01-14 01:39:51 7021 --sha-w- c:\windows\system32\yoyesogu.dll
2009-01-25 15:33:58 7108 --sha-w- c:\windows\system32\yubejedo.dll
2009-01-23 01:42:45 6991 --sha-w- c:\windows\system32\yuzubayi.dll
2009-01-02 03:33:39 7062 --sha-w- c:\windows\system32\zagujiyi.dll
2009-01-31 02:30:53 7043 --sha-w- c:\windows\system32\zakubigu.dll
2009-01-04 20:01:52 6987 --sha-w- c:\windows\system32\zijimuze.dll
2009-01-23 01:42:45 7055 --sha-w- c:\windows\system32\zofufelo.dll
2009-01-23 13:42:46 7031 --sha-w- c:\windows\system32\zohoketi.dll
2009-01-16 12:58:28 7061 --sha-w- c:\windows\system32\zopiyinu.dll
2009-01-03 03:34:01 6889 --sha-w- c:\windows\system32\zoyojaku.dll
2009-01-07 12:52:40 7058 --sha-w- c:\windows\system32\zugeyale.dll
2009-01-25 15:33:58 6971 --sha-w- c:\windows\system32\zurilule.dll
2009-05-14 07:00:52 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-09-09 21:30:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat

============= FINISH: 15:58:39.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:51 PM

Posted 30 August 2010 - 10:22 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 31 August 2010 - 05:42 PM

Hi Elise,

Thanks so much for responding! OK, here's OTL.txt:

OTL logfile created on: 8/31/2010 6:13:49 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Lynn Springle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 106.79 Gb Free Space | 45.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.86 Gb Total Space | 1.07 Gb Free Space | 57.67% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LULUPC
Current User Name: Lynn Springle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/31 18:12:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Springle\Desktop\OTL.exe
PRC - [2010/07/31 20:38:41 | 000,071,170 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ogRlGTXd.exe
PRC - [2010/07/19 13:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/01 23:30:19 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 07:54:44 | 001,497,704 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcshell.exe
PRC - [2009/10/29 07:54:44 | 000,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/15 19:02:20 | 000,157,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
PRC - [2008/01/17 10:02:38 | 000,104,976 | ---- | M] () -- C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe
PRC - [2007/05/25 11:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/08/31 18:12:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Springle\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NVSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/01 23:30:19 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/17 10:02:38 | 000,104,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe -- (VService)
SRV - [2007/10/11 09:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 11:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\neokdss.sys -- (neokdss)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/22 22:30:19 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/13 19:11:00 | 000,036,976 | R--- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TLRecAgent.sys -- (TLRecAgent)
DRV - [2008/03/13 19:10:00 | 000,084,912 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slvad.sys -- (SLVAD_simple)
DRV - [2008/03/13 19:01:00 | 000,609,936 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scusbvip.sys -- (scusbvip)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/23 18:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/07/22 20:36:42 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/07/22 15:27:12 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/20 18:45:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/02/24 14:35:06 | 000,015,232 | R--- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uac4pdt.sys -- (uac4pdt)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "qrobe.it"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.2
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: springshine@yogurttree.com:0.2.2
FF - prefs.js..extensions.enabledItems: {9f94fab0-58a2-11dd-ae16-0800200c9a66}:3.0.26
FF - prefs.js..extensions.enabledItems: {1bb9ca60-cdad-11dd-ad8b-0800200c9a66}:2.0.9
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/01 23:10:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\Firefox [2010/02/21 20:18:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/14 18:20:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/13 15:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 12:54:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 12:54:15 | 000,000,000 | ---D | M]

[2009/01/18 18:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Extensions
[2010/07/31 12:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions
[2010/07/28 21:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/07/24 13:04:26 | 000,000,000 | ---D | M] (AvantGarde Mist) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{1bb9ca60-cdad-11dd-ad8b-0800200c9a66}
[2010/07/24 13:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/24 13:08:19 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/07/24 13:08:18 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/07/24 13:08:15 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/07/24 13:04:04 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2010/07/24 13:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\springshine@yogurttree.com
[2010/07/24 13:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{1bb9ca60-cdad-11dd-ad8b-0800200c9a66}\mozapps\extensions
[2010/07/24 13:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}\mozapps\extensions
[2010/07/31 12:49:05 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\bing.xml
[2010/07/31 12:49:38 | 000,004,855 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\google-images.xml
[2010/07/31 12:49:33 | 000,005,551 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\google-maps.xml
[2010/07/31 12:49:11 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\imdb.xml
[2010/07/31 12:49:46 | 000,002,612 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\kickasstorrents.xml
[2010/07/31 12:49:23 | 000,002,152 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\qrobeit.xml
[2010/07/31 12:49:42 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\thepiratebayorg.xml
[2010/07/31 12:49:27 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\webster.xml
[2010/07/31 12:48:46 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Mozilla\Firefox\Profiles\pf70b7rz.default\searchplugins\youtube.xml
[2009/01/18 18:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found
O4 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006..\Run: [H/PC Connection Agent] C:\PROGRA~1\MI3AA1~1\wcescomm.exe File not found
O4 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2016312202-3049273616-3556453358-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://download-games.pogo.com/online2/pog...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...498/mcfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/31 18:13:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lynn Springle\Desktop\OTL.exe
[2010/07/31 20:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Springle\Application Data\SUPERAntiSpyware.com
[2010/07/31 20:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/31 20:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/31 20:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Springle\Application Data\EurekaLog
[2010/07/31 16:10:48 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/31 00:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/31 00:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/29 06:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/07/26 01:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\licgtknop
[2010/07/24 13:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Springle\My Documents\Downloads
[2010/07/24 11:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\efkaecvyh
[2010/07/23 23:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/23 23:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/23 18:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/23 18:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/18 18:39:56 | 001,048,576 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2010/07/18 18:39:56 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\INETWH32.DLL
[2010/07/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\ETS
[2010/07/14 07:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NTIReg
[2010/07/14 07:43:21 | 000,014,464 | ---- | C] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2010/07/14 07:43:19 | 000,013,440 | ---- | C] (NewTech Infosystems Corporation) -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2010/07/14 07:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Xp_x86
[2010/07/14 07:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\w2k_x86
[2010/07/14 07:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_x86
[2010/07/14 07:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_ia64
[2010/07/14 07:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_amd64
[2010/07/14 07:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_x86
[2010/07/14 07:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_ia64
[2010/07/14 07:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_amd64
[2010/07/14 07:42:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti
[2010/07/14 07:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2010/07/14 07:41:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/07/09 00:13:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2010/07/09 00:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Transparent
[2010/07/09 00:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/06/28 18:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/06/28 18:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\Temp
[2010/06/28 18:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/06/23 19:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/16 07:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Springle\WINDOWS
[2009/04/11 21:28:32 | 000,084,912 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slvad.sys
[2009/04/11 21:28:25 | 000,609,936 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\scusbvip.sys
[2009/04/11 21:28:25 | 000,036,976 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\TLRecAgent.sys
[2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/31 18:12:40 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Desktop\RKUnhookerLE.EXE
[2010/08/31 18:12:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Springle\Desktop\OTL.exe
[2010/08/31 18:09:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/08/31 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/08/31 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/08/31 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/08/31 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/08/31 17:46:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE344FB8-D7C2-4D79-A3CA-7366DFB1544C}.job
[2010/08/31 17:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/08/31 17:29:14 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/31 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/08/31 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/08/31 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/08/31 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/08/31 16:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/08/31 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/08/31 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/08/31 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/08/31 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/08/31 15:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/08/31 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/08/31 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/08/31 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/08/31 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/08/31 14:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/08/31 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/08/31 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/08/31 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/08/31 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/08/31 13:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/08/31 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/08/31 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/08/31 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/08/31 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/08/31 12:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/08/31 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/08/31 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/08/31 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/08/31 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/08/31 11:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/08/31 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/08/31 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/08/31 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/08/31 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/08/31 10:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/08/31 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/08/31 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/08/31 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/08/31 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/08/31 09:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/08/31 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/08/31 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/08/31 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/08/31 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/08/31 08:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/08/31 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/08/31 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/08/31 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/08/31 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/08/31 07:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/08/31 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/08/31 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/08/31 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/08/31 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/08/31 06:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/08/31 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/08/31 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/08/31 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/08/31 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/08/31 05:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/08/31 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/08/31 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/08/31 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/08/31 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/08/31 04:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/08/31 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/08/31 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/08/31 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/08/31 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/08/31 03:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/08/31 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/08/31 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/08/31 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/08/31 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/08/31 02:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/08/31 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/08/31 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/08/31 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/08/31 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/08/31 01:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/31 01:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/08/31 01:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/08/31 01:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/08/31 01:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/08/31 00:59:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/08/31 00:57:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/08/31 00:57:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/08/31 00:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/31 00:20:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/08/30 23:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/08/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/08/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/08/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/08/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/08/30 22:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/08/30 22:30:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/08/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/08/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/08/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/08/30 21:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/08/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/08/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/08/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/08/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/08/30 20:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/08/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/08/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/08/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/08/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/08/30 19:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/08/30 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/08/30 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/08/30 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/08/30 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/08/30 18:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/08/30 18:29:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/29 07:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/08/25 18:52:25 | 000,026,087 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/25 13:38:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/24 19:09:47 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2016312202-3049273616-3556453358-1006.job
[2010/08/24 19:09:46 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2016312202-3049273616-3556453358-1006.job
[2010/08/24 18:22:22 | 000,250,701 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/24 18:22:18 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/24 18:22:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/08/24 18:21:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 18:21:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 17:54:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/01 12:22:42 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\ntuser.dat
[2010/08/01 12:22:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lynn Springle\ntuser.ini
[2010/08/01 07:16:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/31 20:38:58 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4QPHvs4.dat
[2010/07/31 20:38:41 | 000,071,170 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ogRlGTXd.exe
[2010/07/31 20:37:16 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/31 20:09:13 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/31 15:55:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\defogger_reenable
[2010/07/31 14:16:03 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Backup Now EZ.lnk
[2010/07/29 07:42:23 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\My Documents\My Current Wallet.wlt
[2010/07/29 07:13:41 | 001,115,816 | -H-- | M] () -- C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\IconCache.db
[2010/07/26 23:22:00 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 08:45:11 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/07/25 10:58:28 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/07/24 14:15:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Desktop\HijackThis.lnk
[2010/07/24 12:54:18 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/24 12:53:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\My Documents\IQ Population.xls
[2010/07/18 18:39:57 | 000,000,058 | ---- | M] () -- C:\WINDOWS\OSA.INI
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 01:43:33 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/14 22:26:21 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2010/07/09 00:43:43 | 000,074,872 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/09 00:13:03 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Byki 4 Express.lnk
[2010/07/08 22:36:20 | 001,646,657 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\My Documents\Westinghoue TV 184_User_Manual[1].pdf
[2010/07/05 22:24:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\My Documents\Current DVR.xls
[2010/07/05 16:14:11 | 000,762,457 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\My Documents\SOCRRA 2008-2009CollectionGuide.pdf
[2010/06/28 18:59:54 | 000,002,150 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create a Pattern Tool.lnk
[2010/06/26 19:20:01 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\My Documents\Note to Johnny 7-1-10.doc
[2010/06/25 18:53:58 | 000,537,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 18:53:58 | 000,466,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 18:53:58 | 000,079,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/14 20:47:04 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Lynn Springle\Application Data\Microsoft\Internet Explorer\Quick Launch\The Sims™ 3 Ambitions.lnk
[2010/06/13 15:41:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 18:13:03 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Desktop\RKUnhookerLE.EXE
[2010/08/01 07:03:22 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/08/01 07:03:22 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/07/31 20:39:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/07/31 20:37:16 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/07/31 16:10:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/07/31 15:55:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\defogger_reenable
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/07/31 14:06:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/07/31 14:03:37 | 000,071,170 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ogRlGTXd.exe
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/07/31 14:03:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/07/30 13:00:40 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4QPHvs4.dat
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/07/30 12:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/07/24 14:15:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Desktop\HijackThis.lnk
[2010/07/24 12:54:18 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/24 12:53:37 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\My Documents\IQ Population.xls
[2010/07/23 19:05:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/18 18:39:57 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2010/07/18 18:39:56 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System\STORAGE.DLL
[2010/07/18 18:39:56 | 000,027,026 | ---- | C] () -- C:\WINDOWS\System\OLE2.REG
[2010/07/18 18:39:56 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System\INETWH16.DLL
[2010/07/14 07:43:03 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Backup Now EZ.lnk
[2010/07/09 00:13:03 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Byki 4 Express.lnk
[2010/07/09 00:06:56 | 000,003,110 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\BykiDownloader.log
[2010/07/08 22:36:20 | 001,646,657 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\My Documents\Westinghoue TV 184_User_Manual[1].pdf
[2010/07/05 22:24:37 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\My Documents\Current DVR.xls
[2010/07/05 16:14:11 | 000,762,457 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\My Documents\SOCRRA 2008-2009CollectionGuide.pdf
[2010/07/01 03:25:09 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\ntuser.dat
[2010/06/28 18:59:54 | 000,002,150 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Create a Pattern Tool.lnk
[2010/06/28 18:24:57 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 18:24:56 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/26 19:20:01 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\My Documents\Note to Johnny 7-1-10.doc
[2010/06/15 18:07:53 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Application Data\Microsoft\Internet Explorer\Quick Launch\The Sims™ 3 Ambitions.lnk
[2010/06/06 15:18:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/05/13 22:05:09 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/04/11 21:28:32 | 000,244,240 | R--- | C] () -- C:\WINDOWS\System32\slvipgx.dll
[2009/04/11 21:28:32 | 000,150,032 | R--- | C] () -- C:\WINDOWS\System32\slvipco.dll
[2009/04/11 21:27:34 | 000,000,070 | ---- | C] () -- C:\WINDOWS\slsetup.ini
[2009/02/15 15:32:34 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 11:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 13:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 13:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 13:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 13:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 12:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 07:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/07/18 22:33:24 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Application Data\mcs.rma
[2008/07/18 22:33:24 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Application Data\D19692
[2008/04/26 11:56:23 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Local Settings\Application Data\fusioncache.dat
[2008/04/23 20:35:14 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/23 19:27:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Lynn Springle\Application Data\$_hpcst$.hpc
[2008/04/19 10:50:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/19 10:46:31 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/19 10:46:31 | 000,000,313 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/19 10:26:04 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/06 14:17:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/02 19:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007/08/02 19:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007/07/27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/12/05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/09/15 18:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004/10/03 13:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/02/09 20:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/04/26 12:25:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/18 19:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/07/22 00:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2008/10/31 23:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/11/18 02:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2010/01/23 18:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/26 17:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ilium Software
[2008/05/11 22:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/07/14 07:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTIReg
[2008/11/30 15:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/05 22:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/05/02 12:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2008/04/19 10:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2008/05/11 21:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/07/18 20:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2008/07/18 12:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/02 19:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/09 00:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2008/12/13 11:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/21 12:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2008/10/31 23:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2010/02/22 00:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/09 00:13:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2009/01/21 23:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/01/24 14:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/14 23:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/08/03 15:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Amazon
[2010/07/14 23:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Azureus
[2010/04/24 13:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/31 20:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\EurekaLog
[2008/12/26 15:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\ICAClient
[2008/04/24 22:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Ilium Software
[2008/07/24 18:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\LEGO Company
[2010/04/24 12:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\LivingEarthDesktop
[2009/05/15 23:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\OverDrive
[2008/11/30 15:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\PlayFirst
[2008/05/11 17:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Pogo Games
[2008/05/29 18:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\RecoveryFIX for Outlook (Evaluation version - 4.05.01)
[2008/12/19 22:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\SecondLife
[2010/03/21 12:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\SoundSpectrum
[2008/05/28 00:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Viewpoint
[2010/07/27 16:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Vista Start Menu
[2010/01/24 14:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\ViStart
[2008/04/23 20:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\WeatherBug
[2009/06/14 13:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\WeatherDesktop
[2008/08/03 22:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Windows Desktop Search
[2008/08/28 18:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Windows Search
[2008/10/31 23:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Springle\Application Data\Zeon
[2010/08/30 22:30:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/31 00:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/31 09:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/08/31 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/08/31 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/08/31 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/08/31 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/08/31 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/08/31 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/08/31 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/08/31 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/08/31 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/08/31 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/08/31 10:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/08/31 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/08/31 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/08/31 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/08/31 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/08/31 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/08/31 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/08/30 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/08/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/08/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/08/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/08/31 11:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/08/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/08/31 12:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/08/31 13:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/08/31 14:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/08/31 15:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/08/31 16:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/08/31 17:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/08/30 18:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/08/31 01:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/08/30 19:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/08/30 20:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/08/30 21:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/08/30 22:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/08/30 23:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/08/31 00:57:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/08/31 01:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/08/31 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/08/31 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/08/31 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/08/31 02:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/08/31 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/08/31 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/08/31 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/08/31 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/08/31 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/08/31 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/08/31 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/08/31 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/08/31 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/08/31 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/08/31 03:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/08/31 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/08/31 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/08/31 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/08/31 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/08/30 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/08/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/08/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/08/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/08/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/08/31 00:59:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/08/31 04:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/08/31 01:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/08/31 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/08/31 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/08/31 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/08/31 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/08/31 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/08/31 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/08/31 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/08/31 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/08/31 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/08/31 05:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/08/31 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/08/31 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/08/31 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/08/31 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/08/31 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/08/31 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/08/31 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/08/31 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/08/30 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/08/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/08/31 06:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/08/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/08/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/08/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/08/31 00:57:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/08/31 01:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/08/31 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/08/31 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/08/31 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/08/31 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/08/31 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/08/31 07:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/08/31 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/08/31 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/08/31 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/08/31 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/08/31 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/08/31 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/08/31 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/08/31 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/08/31 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/08/31 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/08/31 08:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/08/31 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/08/31 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/08/30 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/08/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/08/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/08/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/08/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/08/31 00:20:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/08/31 01:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/08/31 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
[2010/07/15 01:43:33 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/06/01 01:00:42 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/08/31 17:46:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FE344FB8-D7C2-4D79-A3CA-7366DFB1544C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1880ACB
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBFC5C5E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8DACDD8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0DB1AD1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:321B811D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:061FEEDF
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07FFC655
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A95EB028
< End of report >


And here's Extra.txt.

OTL Extras logfile created on: 8/31/2010 6:13:49 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Lynn Springle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 106.79 Gb Free Space | 45.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.86 Gb Total Space | 1.07 Gb Free Space | 57.67% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LULUPC
Current User Name: Lynn Springle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Trend Micro\Internet Security\TMAS_OL\TMAS_OL.exe" = C:\Program Files\Trend Micro\Internet Security\TMAS_OL\TMAS_OL.exe:*:Enabled:TMAS_OL -- File not found
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe:*:Enabled:AcroRd32 -- (Adobe Systems Incorporated)
"C:\Program Files\Dell Network Assistant\hnm_svc.exe" = C:\Program Files\Dell Network Assistant\hnm_svc.exe:*:Enabled:hnm_svc -- (SingleClick Systems)
"C:\Program Files\Dell Support Center\bin\sprtsvc.exe" = C:\Program Files\Dell Support Center\bin\sprtsvc.exe:*:Enabled:sprtsvc -- (SupportSoft, Inc.)
"C:\Program Files\Viewpoint\Common\ViewpointService.exe" = C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService -- (Viewpoint Corporation)
"C:\Program Files\Trend Micro\Internet Security\TmPfw.exe" = C:\Program Files\Trend Micro\Internet Security\TmPfw.exe:*:Enabled:TmPfw -- File not found
"C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe" = C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe:*:Enabled:TSCFCommander -- (Trend Micro Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A7AB28D-E7DE-458A-9243-663DADDEE290}" = Zoom Phone Adaptor
"{0A7AB28D-E7DE-458A-9243-663DADDEE290}SL" = Zoom Phone Adaptor
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27EAB907-988C-4DD2-9813-CD421F2B383D}" = HotDocs 2008 PDF Advantage Professional Edition
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30070FE3-B2FA-4C75-ADB3-79116EEA2347}" = A2J Author
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D6EED8-7650-4E1C-BC26-F5B2DDE185C6}" = OverDrive Media Console
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{39907825-B101-41CC-A9D7-3B86B1864582}" = Zoom Skype Adaptor
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{453EE94F-FC9F-4BFB-A6C7-42969C7423A5}" = HotDocs 2008 Professional Edition
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{60A523CC-DD44-4EEA-AD5F-0F57B2D17D22}" = XP Vista Pack
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{656BD496-2C81-4456-B524-71268114771C}" = Bing Bar Platform
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Create a World Tool - Beta
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67350CC8-FAA8-4EEE-B7E5-CF87F94A6F0F}" = Picture Man Stitch Creator 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA34578D-F50D-43DF-9464-6A78FACE7E80}_is1" = Weather Desktop 7.2.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FDEDD6DB-3747-45DF-B231-6F3030CF64A0}_is1" = Living Earth Desktop 7.2.2
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Standard - V" = Adobe Acrobat 7.1.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AudibleManager" = AudibleManager
"AVS Audio Editor_is1" = AVS Audio Editor version 5.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BBC Clock" = BBC Clock Screen Saver
"BBC Globe" = BBC Globe Screen Saver
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Comcast Rhapsody" = Comcast Rhapsody
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Digital Editions" = Adobe Digital Editions
"EA Download Manager" = EA Download Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EsetOnlineScanner" = ESET Online Scanner
"Graboid Video" = Graboid Video 1.71
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Ilium Software eWallet_is1" = eWallet 7.0
"Ilium Software ListPro_is1" = ListPro 5.0 for Windows PCs
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LHTTSENG" = L&H TTS3000 British English
"Loki ActiveX Control" = Loki ActiveX Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Q-Xpress Installer" = Q-Xpress Installer 1.1.9
"RealPlayer 12.0" = RealPlayer
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"SearchAssist" = SearchAssist
"SecondLife" = SecondLife (remove only)
"Side_by_Side_0.9" = OmMaNiPadMeHum 1.0
"SimPE_is1" = SimPE 0.72 (alpha)
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"ST6UNST #1" = Sims 2 Categorizer
"SystemRequirementsLab" = System Requirements Lab
"Transform XP to Vista_is1" = Transform XP to Vista 3.1
"TrendSecure Remote File Lock" = Trend Micro Remote File Lock
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vista Start Menu_is1" = Vista Start Menu 3.54
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WhiteCap" = WhiteCap
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMA MP3 Converter" = WMA MP3 Converter 3.4 build 998
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2016312202-3049273616-3556453358-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2010 1:36:03 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 2:29:14 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 2:36:03 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 3:29:14 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 3:36:03 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 4:29:14 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 4:36:03 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 5:29:14 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 5:36:03 PM | Computer Name = LULUPC | Source = Google Update | ID = 20
Description =

Error - 8/31/2010 6:09:00 PM | Computer Name = LULUPC | Source = MsiInstaller | ID = 11706
Description = Product: Dell Support Center (Support Software) -- Error 1706.No valid
source could be found for product Dell Support Center (Support Software). The
Windows Installer cannot continue.

[ OSession Events ]
Error - 6/7/2008 7:47:24 AM | Computer Name = LULU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 49703
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 12/26/2008 4:58:32 PM | Computer Name = LULU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1355
seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/8/2010 9:07:49 AM | Computer Name = LULUPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35946
seconds with 120 seconds of active time. This session ended with a crash.

Error - 4/14/2010 7:36:25 AM | Computer Name = LULUPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44182
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/30/2010 9:23:44 AM | Computer Name = LULUPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34552
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/3/2010 8:02:53 AM | Computer Name = LULUPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47909
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/31/2010 8:46:00 AM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At9.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 9:46:00 AM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At10.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 10:46:00 AM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 11:46:00 AM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At12.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 12:46:00 PM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At13.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 1:46:00 PM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 2:46:00 PM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 3:46:00 PM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 4:46:00 PM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 8/31/2010 5:46:00 PM | Computer Name = LULUPC | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402


< End of report >


And finally, here's report.txt.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6DB7000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 7659520 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 191.07 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 5902336 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 191.07 )
0xB3A48000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4575232 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7E6A000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB7D6B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAF296000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xB37F4000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6C6D000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB3970000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB1EC1000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB08B9000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB0B98000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB37C1000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB2058000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D3E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAF451000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB3864000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6D16000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB38D3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB3949000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB38FB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB20AD000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB3A24000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6D3E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6CF3000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB38B1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB388F000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7E4A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D24000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB22B6000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xB2289000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB7E0B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6CDC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB22A0000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xB7E22000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB195C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6DA3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB39C9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB7DF8000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB0A46000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB7E38000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6CCB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB764F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8248000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB82E8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB80F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB8258000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB1C41000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB0A88000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAF624000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB0B58000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB8178000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xB768F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8238000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB0AE8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB82C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB82A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAFC49000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8228000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB8318000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB20D1000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xB8298000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8138000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB133A000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8108000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB8308000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8388000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xB8478000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8338000 TLRecAgent.sys 32768 bytes ( , Recorder agent driver)
0xB83E8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8408000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB2C80000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xB2C78000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xB8410000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB8458000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB360E000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB2C38000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xB2506000 C:\WINDOWS\system32\drivers\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB2C60000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB8450000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xB8418000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8438000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8440000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8488000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB8400000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB8460000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB30E4000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0xB8470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB2C50000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0xB8428000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB2C48000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0xB35CE000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8420000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8480000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAFB05000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB8548000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB227D000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB3A10000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB1140000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB7CF0000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB3931000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7509000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7CE4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB860A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85DE000 C:\WINDOWS\system32\DRIVERS\datunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xB85FC000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xB85B6000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0xB8608000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB860C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB860E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85FE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8602000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8780000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8723000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xB86F7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB875E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89F41AEA ?_empty_? 1302 bytes
0x89F41EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x89F2BBC0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB7F31000 WARNING: suspicious driver modification [atapi.sys::0x89F41AEA]
0xB860E000 WARNING: Virus alike driver modification [RDPCDD.sys], 8192 bytes


If you need anything else, just let me know! Thanks again,

Lynn

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:51 PM

Posted 01 September 2010 - 04:31 AM

There's quite some active malware here. Before continuing, please read the following:

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 01 September 2010 - 11:06 PM

Wow, I knew it wasn't good, but had no idea it was this bad -- I would've posted here a lot sooner (and will if/when anything like this recurs). It has at least been unplugged from the internet for quite a while now, and no nefarious activity in my accounts yet(!). I have changed my info with the major financial sites I deal with and will do some secondary ones tomorrow (in fact, all I can think of -- people with this sort of intent can parlay any bit of info into a second bit, and before you know it have enough to get hold of your life).

I'm leaning toward reformatting, especially since this is one of two machines I use and not the whole ball of wax, but I haven't even looked at the instructions for doing that. I know it won't be fun, but am not sure how big a drag it's going to be. Still, I can't imagine just cleaning it and connecting it back up to the web if I can't be sure of it. It's late, so I'll leave the decision for now. In the meantime, a few questions -- what's your opinion on copying any data off the infected machine? I'm guessing it's a bad idea, and if so I can live with that (as I said, I have a second machine and it's got the most important stuff on it too), but it'd be nice to know if I could copy anything off onto DVD or thumb drive before I wipe it (assuming that's the way I go). Also, what about the backup files I've made? Should they be destroyed/abandoned? They're on an external hard drive I want to continue to use.

What's the name of the backdoor trojan(s) involved? And maybe this is a silly question, but any idea where I could have picked this junk up? Recommendations on better antivirus protection I could use?

Thanks so much for your help!

Lynn

#6 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 01 September 2010 - 11:32 PM

And should I be concerned about my laptop on the same home network? It's behaving fine, but it's been connected to the infected PC at least part of this time.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:51 PM

Posted 02 September 2010 - 12:26 PM

Hi, lets take things one at a time:

First of all, since you seem to use this computer for financial transactions, a reformat may be indeed the best solution. However since you have backed up data, I think it would be good to make sure everything is clean first. Then you can proceed to copy data and ultimately reformat.

I would not trust your existing backup and if you have the possibility, I'd say, make sure the computer is clean and re-backup your data to be sure.

This infection is the TDL3 rootkit, a very common but also very sophisticated rootkit that infectes a random file in your Drivers folder, loads this on boot up and so basically controls your computer. Its easily to clean, but can have compromised your data. This malware usually does not spread to other systems, but it might have invited other malware that does (I see no evidence of that however).

Please let me know how you want to continue.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 02 September 2010 - 01:58 PM

Hi Elise,

Yes, sounds like cleaning, then doing a backup, then wiping/reinstalling makes the most sense. I'm at work now but will start following the instructions you gave and try to get the combofix log posted tonight.

Thanks,

Lynn

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:51 PM

Posted 02 September 2010 - 02:04 PM

Okay Lynn, I'll wait for your log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 02 September 2010 - 06:27 PM

Well, I started combofix and it needed to download the recovery console, so I let it. It rebooted, and when I ran combofix, it bsod'd. Said Bad_pooler_call. Addresses given were these: 0x000000C2 (0x00000007, 0x00000CD4, 0x15FFF44D, 0x80535819). Happened twice, same error.

Anything else to do about this, or proceed to the reformat?

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:51 PM

Posted 03 September 2010 - 03:12 AM

Try to run Combofix from safe mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 04 September 2010 - 11:10 AM

Ok, here's the combofix log -- thanks!!

ComboFix 10-09-01.04 - Administrator 09/04/2010 11:24:41.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1620 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ogRlGTXd.exe
c:\documents and settings\Lynn Springle\Application Data\EurekaLog
c:\documents and settings\Lynn Springle\GoToAssistDownloadHelper.exe
c:\progra~1\COMMON~1\{525D3~1
c:\progra~1\COMMON~1\{525D3~1\slscp.log
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\autorun.inf
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\Ivr.scp
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\readme.txt
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\scusbvip.cat
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\scusbvip.inf
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\scusbvip.sys
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\Setup.exe
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\Setup.MSI
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\Setup.scp
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\SLExtBU\ivr.scp
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\SLExtBU\Setup.scp
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\slvad.cat
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\slvad.inf
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\slvad.sys
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\slvipco.dll
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\slvipgx.dll
c:\progra~1\COMMON~1\{525D3~1\SLZOOM\TLRecAgent.sys
c:\program files\Common
c:\program files\Common\_helper.sig
c:\program files\Common\_helper.sig.old
c:\windows\Downloaded Program Files\PDFDriver8.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\mscomct2.dat
c:\windows\system32\msrfcint.dat
c:\windows\system32\ntrdectr.dat
c:\windows\system32\Thumbs.db

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_uac4pdt
-------\Service_uac4pdt


((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-04 15:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 22:55 . 2008-04-23 21:16 71696 ----a-w- c:\documents and settings\Lynn Springle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-24 22:21 . 2008-04-23 23:26 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-01 11:16 . 2010-07-23 23:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-01 02:12 . 2008-04-23 21:41 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-08-01 02:09 . 2010-02-22 04:16 -------- d-----w- c:\program files\QuickTime
2010-08-01 02:09 . 2010-02-22 04:17 -------- d-----w- c:\program files\iTunes
2010-08-01 02:09 . 2010-01-24 18:10 -------- d-----w- c:\program files\Vista Start Menu
2010-08-01 02:09 . 2008-04-23 21:40 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-08-01 00:38 . 2010-07-30 17:00 112 ----a-w- c:\documents and settings\All Users\Application Data\4QPHvs4.dat
2010-08-01 00:38 . 2010-08-01 00:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-01 00:37 . 2010-08-01 00:37 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\SUPERAntiSpyware.com
2010-08-01 00:37 . 2010-08-01 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-31 17:58 . 2009-12-15 03:24 -------- d-----w- c:\program files\McAfee
2010-07-27 20:05 . 2010-01-24 18:06 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\Vista Start Menu
2010-07-27 19:59 . 2010-02-23 02:00 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\vlc
2010-07-24 18:28 . 2009-01-17 06:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-24 18:25 . 2009-01-17 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-24 16:43 . 2008-04-27 14:41 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\Move Networks
2010-07-18 22:39 . 2010-07-18 22:39 -------- d-----w- c:\program files\ETS
2010-07-15 22:12 . 2008-04-23 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-15 19:18 . 2009-12-15 03:25 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-15 03:00 . 2010-02-10 00:25 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\Azureus
2010-07-14 11:59 . 2010-07-14 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NTIReg
2010-07-14 11:43 . 2008-04-19 14:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 11:42 . 2010-07-14 11:42 -------- d-----w- c:\program files\NewTech Infosystems
2010-07-09 04:13 . 2010-07-09 04:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
2010-07-09 04:12 . 2010-07-09 04:12 -------- d-----w- c:\program files\Transparent
2010-07-09 04:12 . 2010-07-09 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Transparent
2010-06-14 14:31 . 2004-08-10 17:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.
CODE
<pre>
c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
c:\program files\Comcast\Desktop Doctor\bin\sprtcmd .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Lavasoft\Ad-Aware\AAWTray .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\Microsoft ActiveSync\Wcescomm      .exe
c:\program files\Microsoft IntelliPoint\ipoint .exe
c:\program files\Microsoft IntelliType Pro\itype .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext .exe
c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray .exe
c:\program files\Pure Networks\Network Magic\nmapp .exe
c:\program files\QuickTime\qttask                    .exe
c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain .exe
c:\program files\Vista Start Menu\VistaStartMenu .exe
c:\program files\Zoom\Zoom Phone Adaptor\ZoomMonitor .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [N/A]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-22 231888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2010-3-26 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled
backup=c:\windows\pss\ListProAlarms.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
backup=c:\windows\pss\Windows Search.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-22 19:27 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 13:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\program files\Dell Support Center\bin\sprtcmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 07:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-27 23:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-22 19:27 16132608 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-11 13:15 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide
"VistaStartMenu"=c:\program files\Vista Start Menu\VistaStartMenu.exe
"TrendSecure Remote File Lock"=c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm .exe"
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcStd7_1_0 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask .exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ZoomMonitor.exe"=c:\program files\Zoom\Zoom Phone Adaptor\ZoomMonitor.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\searchprotocolhost.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Dell Network Assistant\\hnm_svc.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCommander.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 11:30 PM 64160]
R0 TLRecAgent;TLRecAgent;c:\windows\system32\drivers\TLRecAgent.sys [4/11/2009 9:28 PM 36976]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/14/2009 11:27 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/28/2008 12:56 AM 24652]
R2 VService;VService;c:\program files\Zoom\Zoom Phone Adaptor\VServ.exe [1/17/2008 10:02 AM 104976]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2010 6:24 PM 136176]
S3 scusbvip;VL1800 USB Driver;c:\windows\system32\drivers\scusbvip.sys [4/11/2009 9:28 PM 609936]
S3 SLVAD_simple;Zoom Virtual Audio Device;c:\windows\system32\drivers\slvad.sys [4/11/2009 9:28 PM 84912]
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:30]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:24]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:24]

2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-15 17:22]

2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-15 17:22]

2010-09-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2016312202-3049273616-3556453358-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2016312202-3049273616-3556453358-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{FE344FB8-D7C2-4D79-A3CA-7366DFB1544C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 11:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A03BEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7f37852
\Driver\iaStor -> iaStor.sys @ 0xb7ea4918
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel® 82562V-2 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb7d53bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d42a0d
SendHandler -> NDIS.sys @ 0xb7d56b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvc]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,bd,9d,c4,8b,77,d1,47,bb,45,71,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,bd,9d,c4,8b,77,d1,47,bb,45,71,\

[HKEY_USERS\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\SecuROM\License information*]
"datasecu"=hex:02,84,79,37,cb,45,1b,0c,10,cf,52,66,7f,2d,fc,6e,81,39,62,11,b8,
bf,7c,b0,08,6b,8a,dd,2a,32,fd,a3,96,92,b7,fa,4c,98,4a,dc,9e,59,9e,f2,c2,04,\
"rkeysecu"=hex:79,2e,b6,5a,2a,32,a1,f1,9b,7d,28,60,7c,8c,26,29

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FileLock.dll
c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FileLockUI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\VIRUSS~1\mcods.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
.
**************************************************************************
.
Completion time: 2010-09-04 12:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-04 16:04

Pre-Run: 116,006,268,928 bytes free
Post-Run: 116,144,771,072 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1E55808817F726FC8ACA4AA97F64CF05


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:51 PM

Posted 04 September 2010 - 11:43 AM

Hi, that took out some stuff, but still quite some Vundo and a possible MBR infection to take care of.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
RenV::
c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
c:\program files\Comcast\Desktop Doctor\bin\sprtcmd .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Lavasoft\Ad-Aware\AAWTray .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\Microsoft ActiveSync\Wcescomm      .exe
c:\program files\Microsoft IntelliPoint\ipoint .exe
c:\program files\Microsoft IntelliType Pro\itype .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext .exe
c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray .exe
c:\program files\Pure Networks\Network Magic\nmapp .exe
c:\program files\QuickTime\qttask                    .exe
c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain .exe
c:\program files\Vista Start Menu\VistaStartMenu .exe
c:\program files\Zoom\Zoom Phone Adaptor\ZoomMonitor .exe

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Llyn

Llyn
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 04 September 2010 - 10:22 PM

OK, here's the new combofix log:

ComboFix 10-09-01.04 - Administrator 09/04/2010 22:52:16.5.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1736 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-04 15:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 03:04 . 2010-02-22 04:17 -------- d-----w- c:\program files\iTunes
2010-09-05 03:04 . 2010-02-22 04:16 -------- d-----w- c:\program files\QuickTime
2010-09-05 03:04 . 2010-01-24 18:10 -------- d-----w- c:\program files\Vista Start Menu
2010-09-05 03:04 . 2008-04-23 23:26 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-05 03:04 . 2008-04-23 21:41 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-09-05 03:04 . 2008-04-23 21:40 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-09-02 22:55 . 2008-04-23 21:16 71696 ----a-w- c:\documents and settings\Lynn Springle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-01 11:16 . 2010-07-23 23:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-01 00:38 . 2010-07-30 17:00 112 ----a-w- c:\documents and settings\All Users\Application Data\4QPHvs4.dat
2010-08-01 00:38 . 2010-08-01 00:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-01 00:37 . 2010-08-01 00:37 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\SUPERAntiSpyware.com
2010-08-01 00:37 . 2010-08-01 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-31 17:58 . 2009-12-15 03:24 -------- d-----w- c:\program files\McAfee
2010-07-27 20:05 . 2010-01-24 18:06 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\Vista Start Menu
2010-07-27 19:59 . 2010-02-23 02:00 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\vlc
2010-07-24 18:28 . 2009-01-17 06:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-24 18:25 . 2009-01-17 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-24 16:43 . 2008-04-27 14:41 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\Move Networks
2010-07-18 22:39 . 2010-07-18 22:39 -------- d-----w- c:\program files\ETS
2010-07-15 22:12 . 2008-04-23 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-15 19:18 . 2009-12-15 03:25 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-15 03:00 . 2010-02-10 00:25 -------- d-----w- c:\documents and settings\Lynn Springle\Application Data\Azureus
2010-07-14 11:59 . 2010-07-14 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NTIReg
2010-07-14 11:43 . 2008-04-19 14:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 11:42 . 2010-07-14 11:42 -------- d-----w- c:\program files\NewTech Infosystems
2010-07-09 04:13 . 2010-07-09 04:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
2010-07-09 04:12 . 2010-07-09 04:12 -------- d-----w- c:\program files\Transparent
2010-07-09 04:12 . 2010-07-09 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Transparent
2010-06-14 14:31 . 2004-08-10 17:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.
CODE
<pre>
c:\program files\McAfee.com\Agent\mcagent .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [N/A]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-22 231888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2010-3-26 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ListProAlarms.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ListProAlarms.lnk.disabled
backup=c:\windows\pss\ListProAlarms.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
backup=c:\windows\pss\Windows Search.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-22 19:27 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 13:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\program files\Dell Support Center\bin\sprtcmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 07:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-27 23:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-22 19:27 16132608 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-11 13:15 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide
"VistaStartMenu"=c:\program files\Vista Start Menu\VistaStartMenu.exe
"TrendSecure Remote File Lock"=c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm .exe"
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcStd7_1_0 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask .exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ZoomMonitor.exe"=c:\program files\Zoom\Zoom Phone Adaptor\ZoomMonitor.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\searchprotocolhost.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Dell Network Assistant\\hnm_svc.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCommander.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 11:30 PM 64160]
R0 TLRecAgent;TLRecAgent;c:\windows\system32\drivers\TLRecAgent.sys [4/11/2009 9:28 PM 36976]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/14/2009 11:27 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/28/2008 12:56 AM 24652]
R2 VService;VService;c:\program files\Zoom\Zoom Phone Adaptor\VServ.exe [1/17/2008 10:02 AM 104976]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2010 6:24 PM 136176]
S3 scusbvip;VL1800 USB Driver;c:\windows\system32\drivers\scusbvip.sys [4/11/2009 9:28 PM 609936]
S3 SLVAD_simple;Zoom Virtual Audio Device;c:\windows\system32\drivers\slvad.sys [4/11/2009 9:28 PM 84912]
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:30]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:24]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:24]

2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-15 17:22]

2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-15 17:22]

2010-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2016312202-3049273616-3556453358-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2016312202-3049273616-3556453358-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{FE344FB8-D7C2-4D79-A3CA-7366DFB1544C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080419
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 23:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A077EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7f37852
\Driver\iaStor -> iaStor.sys @ 0xb7ea4918
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel® 82562V-2 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb7d53bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d42a0d
SendHandler -> NDIS.sys @ 0xb7d56b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvc]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,bd,9d,c4,8b,77,d1,47,bb,45,71,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,bd,9d,c4,8b,77,d1,47,bb,45,71,\

[HKEY_USERS\S-1-5-21-2016312202-3049273616-3556453358-1006\Software\SecuROM\License information*]
"datasecu"=hex:02,84,79,37,cb,45,1b,0c,10,cf,52,66,7f,2d,fc,6e,81,39,62,11,b8,
bf,7c,b0,08,6b,8a,dd,2a,32,fd,a3,96,92,b7,fa,4c,98,4a,dc,9e,59,9e,f2,c2,04,\
"rkeysecu"=hex:79,2e,b6,5a,2a,32,a1,f1,9b,7d,28,60,7c,8c,26,29

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1324)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FileLock.dll
c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FileLockUI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-04 23:16:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-05 03:16

Pre-Run: 116,127,838,208 bytes free
Post-Run: 116,109,918,208 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 16DEA7C4428881205B2D164DE7918943


And here's the MBR log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB7E6A000 iaStor.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7E4A000 fltmgr.sys
0xB7E38000 sr.sys
0xB80F8000 Lbd.sys
0xB7E22000 DRVMCDB.SYS
0xB8108000 PxHelp20.sys
0xB7E0B000 KSecDD.sys
0xB7DF8000 WudfPf.sys
0xB7D6B000 Ntfs.sys
0xB7D3E000 NDIS.sys
0xB8118000 Combo-Fix.sys
0xB8338000 TLRecAgent.sys
0xB7D24000 Mup.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6FE0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6FCC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6F8B000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xB8348000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6F67000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8378000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6F3F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8380000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85D8000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB8208000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8218000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6F1C000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8388000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8781000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB859C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6F05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8248000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8390000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6EF4000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8258000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8398000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6E96000 \SystemRoot\system32\DRIVERS\update.sys
0xB7D00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8288000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8298000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB48C9000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB48A5000 \SystemRoot\system32\drivers\portcls.sys
0xB82A8000 \SystemRoot\system32\drivers\drmk.sys
0xB858C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB83B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB85E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8746000 \SystemRoot\System32\Drivers\Null.SYS
0xB85E2000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83C8000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xB83D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83D8000 \SystemRoot\System32\drivers\vga.sys
0xB85E4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6E92000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB484A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB47F1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB47A2000 \SystemRoot\System32\Drivers\Mpfp.sys
0xB477C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4D4A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB82F8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB4754000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4732000 \SystemRoot\System32\drivers\afd.sys
0xB8308000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4710000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB83F8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB46E5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4675000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB4642000 \SystemRoot\system32\drivers\mfehidk.sys
0xB77BE000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4D2A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8400000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB779E000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB459F000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB4D26000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8408000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB778E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4889000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8418000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86DD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8148000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB879B000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB41A7000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB8458000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB8602000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB8460000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xB8468000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB4141000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB412A000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB41C3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\purendis.sys
0xB3E7D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB864A000 \SystemRoot\system32\DRIVERS\datunidr.sys
0xB3CE6000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2E5B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3606000 \SystemRoot\system32\drivers\sysaudio.sys
0xB204F000 \SystemRoot\System32\Drivers\HTTP.sys
0xB84B0000 \SystemRoot\system32\drivers\mfebopk.sys
0xB177B000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB163F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB3348000 \??\C:\DOCUME~1\LYNNSP~1\LOCALS~1\Temp\mbr.sys
0xB14AC000 \SystemRoot\system32\drivers\kmixer.sys
0xB8410000 \??\C:\ComboFix\catchme.sys
0xB349E000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB4157000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
616 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
760 C:\WINDOWS\system32\services.exe
772 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\svchost.exe
1036 svchost.exe
1080 C:\WINDOWS\system32\svchost.exe
1132 C:\WINDOWS\system32\svchost.exe
1260 svchost.exe
1416 svchost.exe
1456 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1524 C:\WINDOWS\system32\spoolsv.exe
1620 svchost.exe
1656 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1672 C:\Program Files\Bonjour\mDNSResponder.exe
1760 C:\Program Files\Dell Network Assistant\hnm_svc.exe
1808 C:\Program Files\Google\Update\GoogleUpdate.exe
1820 C:\Program Files\Java\jre6\bin\jqs.exe
1872 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1964 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
212 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
300 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
484 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
568 C:\Program Files\McAfee\MPF\MpfSrv.exe
832 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1224 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
1248 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1364 C:\WINDOWS\system32\svchost.exe
1972 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2128 C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe
2164 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2204 C:\WINDOWS\system32\searchindexer.exe
2416 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2524 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3244 unsecapp.exe
3296 C:\Program Files\McAfee.com\Agent\mcagent.exe
3584 wmiprvse.exe
3636 C:\WINDOWS\system32\rundll32.exe
4008 alg.exe
3496 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
2816 C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
1888 C:\WINDOWS\system32\rundll32.exe
2880 C:\WINDOWS\system32\ctfmon.exe
2996 C:\WINDOWS\system32\wscntfy.exe
2808 C:\WINDOWS\system32\wuauclt.exe
1324 C:\WINDOWS\explorer.exe
3284 wmiprvse.exe
2008 C:\WINDOWS\explorer.exe
1976 C:\WINDOWS\system32\searchprotocolhost.exe
1208 searchfilterhost.exe
2440 C:\Documents and Settings\Lynn Springle\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:51 PM

Posted 05 September 2010 - 02:59 AM

Hi, still some left.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
RenV::
c:\program files\McAfee.com\Agent\mcagent .exe

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users