Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Zlob, I think [RESOLVED]


  • This topic is locked This topic is locked

#1
haasd01

haasd01

    Member

  • Member
  • PipPip
  • 12 posts
Hello and Thank you,

I've ran a lot of virus removal programs, but none of them have been able to help me with my restart problem. When either shutting down, hibernating, or putting it in sleep mode, it reboots immediately, and the welcome box comes up, which didn't happen before the virus. Here is the hijackthis post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:33 PM, on 8/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10556 bytes
  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Sorry for the big delay.

Please post me a fresh Hijack This log.

Also,

Please download OTViewIt by OldTimer.
Double click on OTViewIt.exe and select Scan in the upper right corner.
In a few minutes a notepad file will appear, please post the contents of that here in your next post.
  • 0

#3
haasd01

haasd01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Mike,

Hello and Thank you for the help. Here is the new Hijack This report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:33 PM, on 8/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10556 bytes


And here is the Otviewit scan:

OTViewIt logfile created on: 8/22/2008 9:32:31 PM
OTViewIt by OldTimer - Version 1.0.0.5 Folder = C:\Users\Damian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRBRQQEP
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.88% Memory free
4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.19% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 56.09 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.80 Gb Free Space | 57.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIMMY
Current User Name: Damian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[12/12/2007 01:02 AM | 0,002,4064 | ---- | M] () - C:\Windows\System32\WLTRYSVC.EXE
[12/12/2007 01:01 AM | 0,250,6752 | ---- | M] (Dell Inc.) - C:\Windows\System32\BCMWLTRY.EXE
[01/25/2008 08:47 PM | 0,014,9864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[10/25/2007 01:31 PM | 0,016,7936 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\Apoint.exe
[08/28/2007 12:51 AM | 0,003,6864 | ---- | M] (Creative Technology Ltd.) - C:\Windows\OEM02Mon.exe
[12/14/2007 10:53 PM | 0,015,4136 | ---- | M] (Intel Corporation) - C:\Windows\System32\hkcmd.exe
[12/14/2007 10:53 PM | 0,013,3656 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxpers.exe
[07/27/2007 05:43 PM | 0,011,8784 | ---- | M] (Creative Technology Ltd.) - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
[03/21/2007 02:00 PM | 0,017,4872 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[12/12/2007 01:02 AM | 0,344,4736 | ---- | M] (Dell Inc.) - C:\Windows\System32\WLTRAY.EXE
[08/01/2008 10:40 PM | 0,002,9744 | ---- | M] (Google) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[12/21/2007 11:58 AM | 0,018,4320 | ---- | M] (CyberLink Corp.) - C:\Program Files\Dell\MediaDirect\PCMService.exe
[10/09/2007 07:56 PM | 0,020,2544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[11/12/2007 06:07 AM | 0,040,5504 | ---- | M] (IDT, Inc.) - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
[12/14/2007 10:54 PM | 0,025,2440 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxsrvc.exe
[07/30/2008 10:47 AM | 0,028,9064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[11/03/2006 07:02 PM | 0,005,0688 | ---- | M] (Avanquest Software ) - C:\Program Files\Digital Line Detect\DLG.exe
[09/07/2007 05:27 PM | 0,118,0952 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\QuickSet\quickset.exe
[01/25/2008 08:47 PM | 0,014,9864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[11/12/2007 06:07 AM | 0,007,3728 | ---- | M] (Andrea Electronics Corporation) - C:\Windows\System32\AEstSrv.exe
[07/22/2008 08:42 PM | 0,011,6040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[03/21/2007 02:00 PM | 0,035,5096 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[11/05/2006 12:13 PM | 0,015,9744 | ---- | M] (Sonic Solutions) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
[10/09/2007 07:56 PM | 0,020,2544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[11/12/2007 06:07 AM | 0,010,2400 | ---- | M] (IDT, Inc.) - C:\Windows\System32\stacsv.exe
[08/01/2008 10:40 PM | 0,002,9744 | ---- | M] (Google) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[08/04/2006 07:39 PM | 0,038,6560 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\XAudio.exe
[07/30/2008 10:47 AM | 0,053,2264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[09/07/2007 01:49 AM | 0,005,0736 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\ApMsgFwd.exe
[09/07/2007 01:50 AM | 0,004,0960 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\hidfind.exe
[09/07/2007 01:49 AM | 0,004,9152 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\ApntEx.exe
[02/09/2008 07:06 PM | 0,023,8968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[08/04/2008 08:10 PM | 0,124,5064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[08/10/2008 08:33 PM | 0,039,6288 | ---- | M] (Trend Micro Inc.) - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[08/22/2008 09:31 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Users\Damian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRBRQQEP\OTViewIt[1].exe

===== Win32 Services - Non-Microsoft Only =====

(AESTFilters) Andrea ST Filters Service [Auto | Running]
[11/12/2007 06:07 AM | 0,007,3728 | ---- | M] (Andrea Electronics Corporation) - C:\Windows\System32\AEstSrv.exe

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 0,011,6040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running]
[02/09/2008 07:06 PM | 0,023,8968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[01/25/2008 08:47 PM | 0,014,9864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[01/25/2008 08:47 PM | 0,014,9864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(CertPropSvc) Certificate Propagation [Unknown | Stopped]
File not found - %SystemRoot%\system32\svchost.exe

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[01/25/2008 08:47 PM | 0,014,9864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(DcomLaunch) DCOM Server Process Launcher [Unknown | Running]
File not found - %SystemRoot%\system32\svchost.exe

(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [On_Demand | Stopped]
[08/01/2008 10:40 PM | 0,002,9744 | ---- | M] (Google) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(IAANTMON) Intel® Matrix Storage Event Monitor [Auto | Running]
[03/21/2007 02:00 PM | 0,035,5096 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[10/22/2004 04:24 AM | 0,007,3728 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

(idsvc) Windows CardSpace [Unknown | Running]
File not found - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/30/2008 10:47 AM | 0,053,2264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[08/04/2008 11:20 AM | 0,322,0856 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

(LiveUpdate Notice) LiveUpdate Notice [Auto | Running]
[01/25/2008 08:47 PM | 0,014,9864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped]
[08/10/2008 10:43 PM | ---D | M] - C:\Windows\System32\Msdtc

(RoxMediaDB9) RoxMediaDB9 [On_Demand | Stopped]
[11/05/2006 12:15 PM | 0,088,0640 | ---- | M] (Sonic Solutions) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

(RoxWatch9) Roxio Hard Drive Watcher 9 [Auto | Running]
[11/05/2006 12:13 PM | 0,015,9744 | ---- | M] (Sonic Solutions) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

(Schedule) Task Scheduler [Unknown | Running]
File not found - %systemroot%\system32\svchost.exe

(SCPolicySvc) Smart Card Removal Policy [Unknown | Stopped]
File not found - %SystemRoot%\system32\svchost.exe

(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Auto | Running]
[10/09/2007 07:56 PM | 0,020,2544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

(STacSV) SigmaTel Audio Service [Auto | Running]
[11/12/2007 06:07 AM | 0,010,2400 | ---- | M] (IDT, Inc.) - C:\Windows\System32\stacsv.exe

(stllssvr) stllssvr [On_Demand | Stopped]
[09/14/2006 03:54 PM | 0,007,3728 | ---- | M] (MicroVision Development, Inc.) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

(Symantec Core LC) Symantec Core LC [On_Demand | Running]
[08/04/2008 08:10 PM | 0,124,5064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped]
[01/29/2008 04:09 PM | 0,039,4704 | ---- | M] (Symantec, Inc.) - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

(TrustedInstaller) Windows Modules Installer [Unknown | Stopped]
File not found - %SystemRoot%\servicing\TrustedInstaller.exe

(WdiServiceHost) Diagnostic Service Host [Unknown | Stopped]
File not found - %SystemRoot%\System32\svchost.exe

(WdiSystemHost) Diagnostic System Host [Unknown | Running]
File not found - %SystemRoot%\System32\svchost.exe

(wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running]
[12/12/2007 01:02 AM | 0,002,4064 | ---- | M] () - C:\Windows\System32\WLTRYSVC.EXE

(XAudioService) XAudioService [Auto | Running]
[08/04/2006 07:39 PM | 0,038,6560 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\XAudio.exe

===== Driver Services - Non-Microsoft Only =====

(adp94xx) adp94xx [Disabled | Stopped]
[11/02/2006 04:51 AM | 0,042,0968 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adp94xx.sys

(adpahci) adpahci [Disabled | Stopped]
[11/02/2006 04:51 AM | 0,029,7576 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpahci.sys

(adpu160m) adpu160m [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,009,8408 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpu160m.sys

(adpu320) adpu320 [Disabled | Stopped]
[11/02/2006 04:51 AM | 0,014,7048 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpu320.sys

(aic78xx) aic78xx [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,007,1272 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\djsvs.sys

(aliide) aliide [Disabled | Stopped]
[02/11/2008 01:44 PM | 0,001,7592 | ---- | M] (Acer Laboratories Inc.) - C:\Windows\System32\drivers\aliide.sys

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [On_Demand | Running]
[12/26/2007 08:02 PM | 0,016,4400 | ---- | M] (Alps Electric Co., Ltd.) - C:\Windows\System32\drivers\Apfiltr.sys

(arc) arc [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,006,7688 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\arc.sys

(arcsas) arcsas [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,006,7688 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\arcsas.sys

(BCM42RLY) BCM42RLY [On_Demand | Stopped]
File not found - C:\Windows\System32\drivers\BCM42RLY.sys

(BCM43XX) Dell Wireless WLAN Card Driver [On_Demand | Running]
[12/12/2007 01:02 AM | 0,104,4984 | ---- | M] (Broadcom Corp.) - C:\Windows\System32\drivers\BCMWL6.SYS

(blbdrive) blbdrive [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\blbdrive.sys

(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [On_Demand | Stopped]
[11/02/2006 03:24 AM | 0,001,3568 | ---- | M] (Brother Industries, Ltd.) - C:\Windows\System32\drivers\BrFiltLo.sys

(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [On_Demand | Stopped]
[11/02/2006 03:24 AM | 0,000,5248 | ---- | M] (Brother Industries, Ltd.) - C:\Windows\System32\drivers\BrFiltUp.sys

(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Disabled | Stopped]
[11/02/2006 03:25 AM | 0,007,1808 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrSerId.sys

(BrSerWdm) Brother WDM Serial driver [Disabled | Stopped]
[11/02/2006 03:24 AM | 0,006,2336 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrSerWdm.sys

(BrUsbMdm) Brother MFC USB Fax Only Modem [Disabled | Stopped]
[11/02/2006 03:24 AM | 0,001,2160 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrUsbMdm.sys

(BrUsbSer) Brother MFC USB Serial WDM Driver [On_Demand | Stopped]
[11/02/2006 03:24 AM | 0,001,1904 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrUsbSer.sys

(CLFS) Common Log (CLFS) [Unknown | Running]
File not found -

(cmdide) cmdide [Disabled | Stopped]
[02/11/2008 01:44 PM | 0,001,9128 | ---- | M] (CMD Technology, Inc.) - C:\Windows\System32\drivers\cmdide.sys

(COH_Mon) COH_Mon [On_Demand | Stopped]
[07/30/2008 05:42 PM | 0,002,3888 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\COH_Mon.sys

(e1express) Intel® PRO/1000 PCI Express Network Connection Driver [On_Demand | Stopped]
[11/02/2006 02:30 AM | 0,020,0704 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\e1e6032.sys

(E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [On_Demand | Stopped]
[11/02/2006 02:30 AM | 0,011,7760 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\E1G60I32.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/20/2008 03:00 AM | 0,037,1248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(elxstor) elxstor [Disabled | Stopped]
[11/02/2006 04:51 AM | 0,031,6520 | ---- | M] (Emulex) - C:\Windows\System32\drivers\elxstor.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/20/2008 03:00 AM | 0,009,9376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 0,001,6168 | ---- | M] (GEAR Software Inc.) - C:\Windows\System32\drivers\GEARAspiWDM.sys

(HpCISSs) HpCISSs [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,003,7480 | ---- | M] (Hewlett-Packard Company) - C:\Windows\System32\drivers\HpCISSs.sys

(HSF_DPV) HSF_DPV [On_Demand | Running]
[11/02/2006 09:43 PM | 0,098,6624 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\HSX_DPV.sys

(HSXHWAZL) HSXHWAZL [On_Demand | Running]
[11/02/2006 09:42 PM | 0,020,6848 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\HSXHWAZL.sys

(iaStor) Intel AHCI Controller [Boot | Running]
[09/06/2007 11:43 AM | 0,030,4920 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\iaStor.sys

(iaStorV) Intel RAID Controller Vista [Disabled | Stopped]
[11/02/2006 04:51 AM | 0,023,2040 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\iaStorV.sys

(IDSvix86) Symantec Intrusion Prevention Driver [System | Running]
[03/20/2008 03:37 PM | 0,026,1680 | ---- | M] (Symantec Corporation) - C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080818.001\IDSvix86.sys

(igfx) igfx [On_Demand | Running]
[12/14/2007 10:53 PM | 0,167,4240 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\igdkmd32.sys

(iirsp) iirsp [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,004,1576 | ---- | M] (Intel Corp./ICP vortex GmbH) - C:\Windows\System32\drivers\iirsp.sys

(IntcHdmiAddService) Intel® High Definition Audio HDMI Service [On_Demand | Running]
[12/14/2007 10:54 PM | 0,011,1104 | ---- | M] (Intel® Corporation) - C:\Windows\System32\drivers\IntcHdmi.sys

(IpInIp) IP in IP Tunnel Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\ipinip.sys

(iteatapi) ITEATAPI_Service_Install [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,003,5944 | ---- | M] (Integrated Technology Express, Inc.) - C:\Windows\System32\drivers\iteatapi.sys

(iteraid) ITERAID_Service_Install [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,003,5944 | ---- | M] (Integrated Technology Express, Inc.) - C:\Windows\System32\drivers\iteraid.sys

(LSI_FC) LSI_FC [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,006,5640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_fc.sys

(LSI_SAS) LSI_SAS [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,006,5640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_sas.sys

(LSI_SCSI) LSI_SCSI [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,006,5640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_scsi.sys

(mdmxsdk) mdmxsdk [Auto | Running]
[06/19/2006 04:26 PM | 0,001,2672 | ---- | M] (Conexant) - C:\Windows\System32\drivers\mdmxsdk.sys

(megasas) megasas [Disabled | Stopped]
[11/02/2006 04:49 AM | 0,002,8776 | ---- | M] (LSI Logic Corporation) - C:\Windows\System32\drivers\megasas.sys

(Mraid35x) Mraid35x [Disabled | Stopped]
[11/02/2006 04:49 AM | 0,003,3384 | ---- | M] (LSI Logic Corporation) - C:\Windows\System32\drivers\Mraid35x.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/20/2008 03:00 AM | 0,008,9104 | ---- | M] (Symantec Corporation) - C:\ProgramData\Symantec\Definitions\VirusDefs\20080822.003\naveng.sys

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/20/2008 03:00 AM | 0,087,3552 | ---- | M] (Symantec Corporation) - C:\ProgramData\Symantec\Definitions\VirusDefs\20080822.003\navex15.sys

(nfrd960) nfrd960 [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,004,5160 | ---- | M] (IBM Corporation) - C:\Windows\System32\drivers\nfrd960.sys

(ntrigdigi) N-trig HID Tablet Driver [Disabled | Stopped]
[11/02/2006 02:36 AM | 0,002,0608 | ---- | M] (N-trig Innovative Technologies) - C:\Windows\System32\drivers\ntrigdigi.sys

(nvraid) nvraid [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,008,8680 | ---- | M] (NVIDIA Corporation) - C:\Windows\System32\drivers\nvraid.sys

(nvstor) nvstor [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,004,0040 | ---- | M] (NVIDIA Corporation) - C:\Windows\System32\drivers\nvstor.sys

(NwlnkFlt) IPX Traffic Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwlnkflt.sys

(NwlnkFwd) IPX Traffic Forwarder Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwlnkfwd.sys

(OEM02Dev) Creative Camera OEM002 Driver [On_Demand | Running]
[10/10/2007 05:03 PM | 0,023,5648 | ---- | M] (Creative Technology Ltd.) - C:\Windows\System32\drivers\OEM02Dev.sys

(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [On_Demand | Running]
[08/28/2007 12:51 AM | 0,000,7424 | ---- | M] (EyePower Games Pte. Ltd.) - C:\Windows\System32\drivers\OEM02Vfx.sys

(PxHelp20) PxHelp20 [Boot | Running]
[07/24/2006 04:00 AM | 0,003,6528 | ---- | M] (Sonic Solutions) - C:\Windows\System32\drivers\pxhelp20.sys

(ql2300) QLogic Fibre Channel Miniport Driver [Disabled | Stopped]
[11/02/2006 04:51 AM | 0,090,0712 | ---- | M] (QLogic Corporation) - C:\Windows\System32\drivers\ql2300.sys

(ql40xx) QLogic iSCSI Miniport Driver [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,010,6088 | ---- | M] (QLogic Corporation) - C:\Windows\System32\drivers\ql40xx.sys

(R300) R300 [On_Demand | Stopped]
[11/02/2006 02:36 AM | 0,202,8032 | ---- | M] (ATI Technologies Inc.) - C:\Windows\System32\drivers\atikmdag.sys

(rimmptsk) rimmptsk [Auto | Running]
[09/06/2007 11:35 AM | 0,003,9936 | ---- | M] (REDC) - C:\Windows\System32\drivers\rimmptsk.sys

(rimsptsk) rimsptsk [Auto | Running]
[09/06/2007 11:35 AM | 0,004,2496 | ---- | M] (REDC) - C:\Windows\System32\drivers\rimsptsk.sys

(rismxdp) Ricoh xD-Picture Card Driver [Auto | Running]
[09/06/2007 11:35 AM | 0,003,7376 | ---- | M] (REDC) - C:\Windows\System32\drivers\rixdptsk.sys

(SASDIFSV) SASDIFSV [System | Running]
[10/10/2006 12:53 PM | 0,000,5632 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Stopped]
[02/16/2006 04:51 PM | 0,000,4096 | R--- | M] (SuperAdBlocker, Inc.) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[02/27/2007 11:39 AM | 0,003,2256 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(secdrv) Security Driver [Auto | Running]
[11/02/2006 01:37 AM | 0,002,0480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\Windows\System32\drivers\secdrv.sys

(SiSRaid2) SiSRaid2 [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,003,8504 | ---- | M] (Silicon Integrated Systems Corp.) - C:\Windows\System32\drivers\sisraid2.sys

(SiSRaid4) SiSRaid4 [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,007,1784 | ---- | M] (Silicon Integrated Systems) - C:\Windows\System32\drivers\sisraid4.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[01/16/2008 11:05 PM | 0,044,7024 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SRTSP) SRTSP [System | Running]
[01/31/2008 08:51 PM | 0,027,9088 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[01/31/2008 08:51 PM | 0,031,7616 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[01/31/2008 08:51 PM | 0,004,3696 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\srtspx.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[11/12/2007 06:07 AM | 0,033,0240 | ---- | M] (IDT, Inc.) - C:\Windows\System32\drivers\stwrt.sys

(Symc8xx) Symc8xx [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,003,5944 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\symc8xx.sys

(SYMDNS) SYMDNS [On_Demand | Running]
[06/13/2008 02:13 PM | 0,001,3616 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/04/2008 10:41 PM | 0,012,3952 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[06/13/2008 02:13 PM | 0,009,6432 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symfw.sys

(SymIM) Symantec Network Security Intermediate Filter Driver [System | Running]
[06/13/2008 02:14 PM | 0,002,4112 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\SymIMV.sys

(SYMNDISV) SYMNDISV [On_Demand | Running]
[06/13/2008 02:13 PM | 0,004,1008 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symndisv.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[06/13/2008 02:13 PM | 0,002,2320 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[06/13/2008 02:13 PM | 0,018,4240 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symtdi.sys

(Sym_hi) Sym_hi [Disabled | Stopped]
[11/02/2006 04:49 AM | 0,003,1848 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\sym_hi.sys

(Sym_u3) Sym_u3 [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,003,4920 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\sym_u3.sys

(uliahci) uliahci [Disabled | Stopped]
[11/02/2006 04:51 AM | 0,023,5112 | ---- | M] (ULi Electronics Inc.) - C:\Windows\System32\drivers\uliahci.sys

(UlSata) UlSata [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,009,8408 | ---- | M] (Promise Technology, Inc.) - C:\Windows\System32\drivers\ulsata.sys

(ulsata2) ulsata2 [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,011,5816 | ---- | M] (Promise Technology, Inc.) - C:\Windows\System32\drivers\ulsata2.sys

(viaide) viaide [Disabled | Stopped]
[02/11/2008 01:44 PM | 0,002,0152 | ---- | M] (VIA Technologies, Inc.) - C:\Windows\System32\drivers\viaide.sys

(vsmraid) vsmraid [Disabled | Stopped]
[11/02/2006 04:50 AM | 0,011,2232 | ---- | M] (VIA Technologies Inc.,Ltd) - C:\Windows\System32\drivers\vsmraid.sys

(winachsf) winachsf [On_Demand | Running]
[11/02/2006 09:42 PM | 0,065,9968 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\HSX_CNXT.sys

(XAudio) XAudio [Auto | Running]
[08/04/2006 07:39 PM | 0,000,8192 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\XAudio.sys

(yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [On_Demand | Running]
[12/06/2007 09:51 AM | 0,029,8496 | ---- | M] (Marvell) - C:\Windows\System32\drivers\yk60x86.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM | 0,003,9792 | ---- | M] (Adobe Systems Incorporated)
"Apoint" = C:\Program Files\DellTPad\Apoint.exe [10/25/2007 01:31 PM | 0,016,7936 | ---- | M] (Alps Electric Co., Ltd.)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 0,011,6040 | ---- | M] (Apple Inc.)
"Broadcom Wireless Manager UI" = C:\Windows\system32\WLTRAY.exe [12/12/2007 01:02 AM | 0,344,4736 | ---- | M] (Dell Inc.)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 08:47 PM | 0,005,1048 | ---- | M] (Symantec Corporation)
"DELL Webcam Manager" = "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [07/27/2007 05:43 PM | 0,011,8784 | ---- | M] (Creative Technology Ltd.)
"DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [10/09/2007 07:56 PM | 0,020,2544 | ---- | M] (SupportSoft, Inc.)
"dscactivate" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 07:57 PM | 0,001,6384 | ---- | M] ( )
"Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [08/01/2008 10:40 PM | 0,002,9744 | ---- | M] (Google)
"HotKeysCmds" = C:\Windows\system32\hkcmd.exe [12/14/2007 10:53 PM | 0,015,4136 | ---- | M] (Intel Corporation)
"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [03/21/2007 02:00 PM | 0,017,4872 | ---- | M] (Intel Corporation)
"IgfxTray" = C:\Windows\system32\igfxtray.exe [12/14/2007 10:54 PM | 0,013,7752 | ---- | M] (Intel Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [10/03/2006 12:37 PM | 0,008,1920 | ---- | M] (Macrovision Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 0,028,9064 | ---- | M] (Apple Inc.)
"OEM02Mon.exe" = C:\Windows\OEM02Mon.exe [08/28/2007 12:51 AM | 0,003,6864 | ---- | M] (Creative Technology Ltd.)
"PCMService" = "C:\Program Files\Dell\MediaDirect\PCMService.exe" [12/21/2007 11:58 AM | 0,018,4320 | ---- | M] (CyberLink Corp.)
"Persistence" = C:\Windows\system32\igfxpers.exe [12/14/2007 10:53 PM | 0,013,3656 | ---- | M] (Intel Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 0,041,3696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" = %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [11/12/2007 06:07 AM | 0,040,5504 | ---- | M] (IDT, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [10/09/2007 07:56 PM | 0,020,2544 | ---- | M] (SupportSoft, Inc.)
"igndlm.exe" = C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [03/05/2007 04:57 PM | 0,110,3480 | ---- | M] (IGN Entertainment)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/23/2006 12:08 AM | 0,006,2080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
HKLM CLSID: (Symantec Intrusion Prevention) - [08/04/2008 08:11 PM | 0,011,6088 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [02/11/2008 05:59 AM | 0,050,1384 | ---- | M] (Sun Microsystems, Inc.) c:\Program Files\Java\jre1.6.0\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
HKLM CLSID: (CBrowserHelperObject Object) - [11/09/2006 10:56 AM | 0,009,8304 | ---- | M] (Dell Inc.) C:\Program Files\Dell\BAE\BAE.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}"
HKLM CLSID: (Easy-WebPrint) - [04/16/2004 07:43 PM | 0,040,5504 | ---- | M] () C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"start" = C:\Program Files\Applications\iebtm.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin" = 2
"ConsentPromptBehaviorUser" = 1
"EnableInstallerDetection" = 1
"EnableLUA" = 1
"EnableSecureUIAPaths" = 1
"EnableVirtualization" = 1
"PromptOnSecureDesktop" = 1
"ValidateAdminCodeSignatures" = 0
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"scforceoption" = 0
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"FilterAdministratorToken" = 0
"EnableUIADesktopToggle" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT" = 1
"CF_BITMAP" = 2
"CF_OEMTEXT" = 7
"CF_DIB" = 8
"CF_PALETTE" = 9
"CF_UNICODETEXT" = 13
"CF_DIBV5" = 17

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" - [08/01/2008 10:40 PM | 0,011,3664 | ---- | M] (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ not found. -> ->

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ not found. -> ->

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"explorer.exe" - [01/19/2008 02:33 AM | 0,292,7104 | ---- | M] (Microsoft Corporation) C:\Windows\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\Windows\system32\userinit.exe" - [01/19/2008 02:33 AM | 0,002,5088 | ---- | M] (Microsoft Corporation) C:\Windows\System32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/23/2008 11:58 PM | 1,158,0416 | ---- | M] (Microsoft Corporation) C:\Windows\System32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [01/19/2008 02:32 AM | 0,024,2688 | ---- | M] (Microsoft Corporation) C:\Windows\System32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [02/27/2007 11:39 AM | 0,028,2624 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\Windows\System32\igfxdev.dll [12/14/2007 10:53 PM | 0,020,4800 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"bootini" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{13538EA0-26FD-4981-AE76-9E3CA017F7C4}]
Servers: | Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E7B44AD6-7076-414A-9900-43204041EE3E}]
Servers: | Description: Dell Wireless 1395 WLAN Mini-Card



[Files/Folders - Created Within 30 days]
[08/21/2008 03:35 PM | -HSD | C] - C:\Config.Msi
[08/22/2008 08:53 PM | 2,137,042944 | -HS- | M] () - C:\hiberfil.sys
[12/26/2007 08:02 PM | 0,016,4400 | ---- | M] (Alps Electric Co., Ltd.) - C:\Windows\System32\drivers\Apfiltr.sys
[08/04/2008 10:41 PM | 0,001,0671 | ---- | M] () - C:\Windows\System32\drivers\SYMEVENT.CAT
[08/04/2008 10:41 PM | 0,000,0805 | ---- | M] () - C:\Windows\System32\drivers\SYMEVENT.INF
[08/04/2008 10:41 PM | 0,012,3952 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\SYMEVENT.SYS
[11/08/2007 04:04 AM | 1,196,7524 | ---- | M] () - C:\Windows\System32\korwbrkr.lex
[08/22/2008 12:36 AM | ---D | C] - C:\Windows\System32\SmitfraudFix
[05/26/2008 11:59 PM | 0,010,6605 | ---- | M] () - C:\Windows\System32\StructuredQuerySchema.bin
[05/26/2008 11:59 PM | 0,001,8904 | ---- | M] () - C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[08/04/2008 07:09 PM | ---D | C] - C:\Windows\pss
[08/04/2008 10:45 PM | 0,000,0482 | ---- | M] () - C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Damian.job
[08/10/2008 05:56 PM | ---D | C] - C:\ProgramData\Malwarebytes
[08/05/2008 05:58 PM | ---D | C] - C:\ProgramData\SUPERAntiSpyware.com
[08/04/2008 11:25 PM | ---D | C] - C:\ProgramData\Symantec
[08/04/2008 07:50 PM | ---D | C] - C:\ProgramData\Symantec Temporary Files
[08/10/2008 05:55 PM | ---D | C] - C:\Users\Damian\AppData\Roaming\Download Manager
[07/27/2008 10:30 PM | ---D | C] - C:\Users\Damian\AppData\Roaming\IGN_DLM
[08/10/2008 05:56 PM | ---D | C] - C:\Users\Damian\AppData\Roaming\Malwarebytes
[08/10/2008 10:43 PM | ---D | C] - C:\Users\Damian\AppData\Roaming\SUPERAntiSpyware.com
[08/22/2008 09:04 PM | ---D | C] - C:\Users\Damian\AppData\Local\Apple
[08/22/2008 08:54 PM | ---D | C] - C:\Users\Damian\AppData\Local\Apple Computer
[08/04/2008 07:39 PM | 0,000,1356 | ---- | M] () - C:\Users\Damian\AppData\Local\d3d9caps.dat
[08/14/2008 08:35 PM | 0,188,2021 | -H-- | M] () - C:\Users\Damian\AppData\Local\IconCache.db
[08/04/2008 08:57 PM | ---D | C] - C:\Users\Damian\Documents\Symantec
[07/27/2008 07:33 PM | 0,000,0831 | ---- | M] () - C:\Users\Public\Desktop\Download Manager.lnk
[08/20/2008 07:26 PM | 0,000,1804 | ---- | M] () - C:\Users\Public\Desktop\iTunes.lnk
[08/04/2008 08:12 PM | 0,000,2199 | ---- | M] () - C:\Users\Public\Desktop\Norton AntiVirus.lnk
[08/20/2008 07:24 PM | 0,000,1728 | ---- | M] () - C:\Users\Public\Desktop\QuickTime Player.lnk
[07/31/2008 08:37 PM | 0,092,1654 | ---- | M] () - C:\Users\Damian\Desktop\dad_logo.bmp
[08/21/2008 09:31 PM | 0,015,3726 | ---- | M] () - C:\Users\Damian\Desktop\Fallow_new.SCW
[08/11/2008 09:00 PM | 0,015,2815 | ---- | M] () - C:\Users\Damian\Desktop\Fallow_v2.pdf
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Fallow_v2.pdf:Zone.Identifier
[08/02/2008 02:12 PM | 0,007,2212 | ---- | M] () - C:\Users\Damian\Desktop\Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg:Zone.Identifier
[08/10/2008 08:33 PM | 0,000,1876 | ---- | M] () - C:\Users\Damian\Desktop\HijackThis.lnk
[07/31/2008 08:40 PM | 0,003,0887 | ---- | M] () - C:\Users\Damian\Desktop\logoTemp.jpg
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\logoTemp.jpg:Zone.Identifier
[07/24/2008 08:09 PM | ---D | C] - C:\Users\Damian\Desktop\mom_photos
[08/11/2008 10:18 PM | 0,003,2256 | ---- | M] () - C:\Users\Damian\Desktop\Notes for Pretensions.doc
[08/10/2008 07:16 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/10/2008 08:13 PM | ---D | C] - C:\Program Files\Common Files\Symantec Shared
[08/10/2008 10:43 PM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[08/20/2008 07:27 PM | ---D | C] - C:\Program Files\Apple Software Update
[08/10/2008 10:43 PM | ---D | C] - C:\Program Files\Applications
[07/27/2008 07:33 PM | ---D | C] - C:\Program Files\Download Manager
[08/04/2008 06:47 PM | ---D | C] - C:\Program Files\Enigma Software Group
[08/20/2008 07:26 PM | ---D | C] - C:\Program Files\iPod
[08/20/2008 07:26 PM | ---D | C] - C:\Program Files\iTunes
[08/10/2008 07:30 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/04/2008 08:14 PM | ---D | C] - C:\Program Files\Norton AntiVirus
[08/20/2008 07:24 PM | ---D | C] - C:\Program Files\QuickTime
[08/10/2008 08:14 PM | ---D | C] - C:\Program Files\SUPERAntiSpyware
[08/04/2008 10:41 PM | ---D | C] - C:\Program Files\Symantec
[08/10/2008 08:33 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/21/2008 03:35 PM | -HSD | M] - C:\Config.Msi
[08/10/2008 07:58 PM | ---D | M] - C:\DELL
[08/22/2008 08:53 PM | 2,137,042944 | -HS- | M] () - C:\hiberfil.sys
[08/20/2008 07:27 PM | R--D | M] - C:\Program Files
[08/10/2008 05:56 PM | -H-D | M] - C:\ProgramData
[08/20/2008 07:22 PM | -HSD | M] - C:\System Volume Information
[08/21/2008 03:36 PM | ---D | M] - C:\Windows
[07/30/2008 05:28 PM | 0,001,0537 | ---- | M] () - C:\Windows\System32\drivers\coh_mon.cat
[07/30/2008 05:28 PM | 0,000,0706
  • 0

#4
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there :)

Your log looks very good, it was cut off a bit but we got enough to work from. We are going to do two general scans to see if we can find any leftovers.

I would like you to disable windows defender temporarily as it could conflict with our fixes, take a look here for instructions http://wiki.castleco...toring_Programs

Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present):

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe


Now please close all open windows except HJT and press "Fix checked".

Now,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

And,

Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

#5
haasd01

haasd01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Mike,

Here is the first scan:
Malwarebytes' Anti-Malware 1.25
Database version: 1078
Windows 6.0.6001 Service Pack 1

5:32:17 PM 8/23/2008
mbam-log-08-23-2008 (17-32-17).txt

Scan type: Quick Scan
Objects scanned: 40928
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

The Kaspersky scan won't let me save. Here is what it says I have: C:\Windows\System32\Smitfraudfix\... -- that's the only infection it says I have. It doesn't allow me to see the entire path, and when I save as, nothing actually appears where I tried to save it. I've ran the scan three times so far, and each time it doesn't save anywhere. Thank you. Let me know what you think.
  • 0

#6
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there :)

I don't want to have you run those ridiculously long scans again, you say it only found smitfraudfix?

Let's do this, delete your copy of OTViewIt.

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

  • 0

#7
haasd01

haasd01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Mike,

I'm not sure why these scanning programs aren't working on my computer. When I run Otviewit now, it comes up with "List index out of bounds (20)" and then when I press 'Okay' in the pop-up window it says it is "scanning HOSTS file" but I've let it run for a long time and it doesn't change -- it is essentially frozen from that point on. Do you have any suggestions?
  • 0

#8
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
You caught a bug :)

It's an issue with OTViewIt that's being addressed, for the time being let's leave it and run another tool.

Please download OTScanIt.exe to your Desktop.
Double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close all other programs.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program
  • (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the File created within section select 60 Days
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the file in your next post, do not try to copy/paste it into the post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#9
haasd01

haasd01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Um, so now it's not letting me attach files either. The OTScanit file supposedly is too large to attach, and when I zip it, it won't let me attach the file. Even though you told me not to, I'm going to try to copy and paste it since that seems to be the only option I have.
[code=auto:0]OTScanIt logfile created on: 8/24/2008 5:59:29 PM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Users\Damian\Desktop\OTScanIt
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.89% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.57% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 55.72 Gb Free Space | 56.15% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.80 Gb Free Space | 57.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIMMY
Current User Name: Damian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [Ver = | Size = 24064 bytes | Modified Date = 12/12/2007 1:02:14 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
apoint.exe -> %ProgramFiles%\DellTPad\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.101.207 | Size = 167936 bytes | Modified Date = 10/25/2007 1:31:20 PM | Attr = ]
oem02mon.exe -> %SystemRoot%\OEM02Mon.exe -> Creative Technology Ltd. [Ver = 1.01.01.00 | Size = 36864 bytes | Modified Date = 8/28/2007 12:51:42 AM | Attr = ]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 154136 bytes | Modified Date = 12/14/2007 10:53:54 PM | Attr = ]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 133656 bytes | Modified Date = 12/14/2007 10:53:58 PM | Attr = ]
dellwmgr.exe -> %ProgramFiles%\Dell\Dell Webcam Manager\DellWMgr.exe -> Creative Technology Ltd. [Ver = 1.3.5.0 | Size = 118784 bytes | Modified Date = 7/27/2007 5:43:34 PM | Attr = ]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 174872 bytes | Modified Date = 3/21/2007 2:00:00 PM | Attr = ]
wltray.exe -> %SystemRoot%\System32\WLTRAY.EXE -> Dell Inc. [Ver = 4.170.25.12 | Size = 3444736 bytes | Modified Date = 12/12/2007 1:02:12 AM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 8/1/2008 10:40:34 PM | Attr = ]
pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 12/21/2007 11:58:06 AM | Attr = ]
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:24 PM | Attr = ]
sttray.exe -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\sttray.exe -> IDT, Inc. [Ver = 1.0.5614.0 nd654 cp1 | Size = 405504 bytes | Modified Date = 11/12/2007 6:07:24 AM | Attr = ]
igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 252440 bytes | Modified Date = 12/14/2007 10:54:04 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 8/23/2008 6:05:50 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 7:02:14 PM | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc. [Ver = 8, 2, 17, 0 | Size = 1180952 bytes | Modified Date = 9/7/2007 5:27:08 PM | Attr = ]
aestsrv.exe -> %SystemRoot%\System32\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Modified Date = 11/12/2007 6:07:16 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 355096 bytes | Modified Date = 3/21/2007 2:00:04 PM | Attr = ]
roxwatch9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 12:13:00 PM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 8/1/2008 10:40:34 PM | Attr = ]
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:30 PM | Attr = ]
stacsv.exe -> %SystemRoot%\System32\stacsv.exe -> IDT, Inc. [Ver = 1.0.5614.0 nd654 cp1 | Size = 102400 bytes | Modified Date = 11/12/2007 6:07:20 AM | Attr = ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 7:39:20 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ]
apmsgfwd.exe -> %ProgramFiles%\DellTPad\ApMsgFwd.exe -> Alps Electric Co., Ltd. [Ver = 7, 0, 0, 18 | Size = 50736 bytes | Modified Date = 9/7/2007 1:49:56 AM | Attr = ]
hidfind.exe -> %ProgramFiles%\DellTPad\hidfind.exe -> Alps Electric Co., Ltd. [Ver = 7.0.0.26 | Size = 40960 bytes | Modified Date = 9/7/2007 1:50:02 AM | Attr = ]
apntex.exe -> %ProgramFiles%\DellTPad\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 7.0.1.27 | Size = 49152 bytes | Modified Date = 9/7/2007 1:49:56 AM | Attr = ]
bcmwltry.exe -> %SystemRoot%\System32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.170.25.12 | Size = 2506752 bytes | Modified Date = 12/12/2007 1:01:26 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 7:06:33 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 8/4/2008 8:10:38 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AESTFilters) Andrea ST Filters Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Modified Date = 11/12/2007 6:07:16 AM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 7:06:33 PM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 8/1/2008 10:40:34 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 8/23/2008 6:05:49 PM | Attr = ]
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 355096 bytes | Modified Date = 3/21/2007 2:00:04 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 4:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.238 | Size = 3220856 bytes | Modified Date = 8/4/2008 11:20:16 AM | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 11/5/2006 12:15:12 PM | Attr = ]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 12:13:00 PM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:30 PM | Attr = ]
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\stacsv.exe -> IDT, Inc. [Ver = 1.0.5614.0 nd654 cp1 | Size = 102400 bytes | Modified Date = 11/12/2007 6:07:20 AM | Attr = ]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 9/14/2006 3:54:34 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 8/4/2008 8:10:38 PM | Attr = ]
(Symantec RemoteAssist) Symantec RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\Support Controls\ssrc.exe -> Symantec, Inc. [Ver = 6.9.2894.0 | Size = 394704 bytes | Modified Date = 1/29/2008 4:09:02 PM | Attr = ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE -> [Ver = | Size = 24064 bytes | Modified Date = 12/12/2007 1:02:14 AM | Attr = ]
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 7:39:20 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 11/2/2006 4:51:38 AM | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 11/2/2006 4:51:32 AM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 11/2/2006 4:50:35 AM | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 11/2/2006 4:51:00 AM | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 11/2/2006 4:50:11 AM | Attr = ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 17592 bytes | Modified Date = 2/11/2008 1:44:11 PM | Attr = ]
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.7.0.93 built by: WinDDK | Size = 164400 bytes | Modified Date = 12/26/2007 8:02:52 PM | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 4:50:09 AM | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 4:50:10 AM | Attr = ]
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BCM42RLY.sys -> File not found
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\BCMWL6.SYS -> Broadcom Corp. [Ver = 4.170.25.17 | Size = 1044984 bytes | Modified Date = 12/12/2007 1:02:00 AM | Attr = ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 11/2/2006 3:24:45 AM | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 11/2/2006 3:24:46 AM | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 11/2/2006 3:25:24 AM | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 11/2/2006 3:24:44 AM | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 11/2/2006 3:24:44 AM | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 11/2/2006 3:24:47 AM | Attr = ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_ldr.070416-1510) | Size = 19128 bytes | Modified Date = 2/11/2008 1:44:11 PM | Attr = ]
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 7/30/2008 5:42:12 PM | Attr = ]
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\e1e6032.sys -> Intel Corporation [Ver = 9.6.8.0 built by: WinDDK | Size = 200704 bytes | Modified Date = 11/2/2006 2:30:55 AM | Attr = ]
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 11/2/2006 2:30:54 AM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 108.2.1.3 | Size = 371248 bytes | Modified Date = 8/20/2008 3:00:00 AM | Attr = ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 11/2/2006 4:51:34 AM | Attr = ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 108.2.1.3 | Size = 99376 bytes | Modified Date = 8/20/2008 3:00:00 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 11/2/2006 4:50:10 AM | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 986624 bytes | Modified Date = 11/2/2006 9:43:30 PM | Attr = ]
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 206848 bytes | Modified Date = 11/2/2006 9:42:18 PM | Attr = ]
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\iaStor.sys -> Intel Corporation [Ver = 7.5.0.1017 | Size = 304920 bytes | Modified Date = 9/6/2007 11:43:26 AM | Attr = ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 11/2/2006 4:51:25 AM | Attr = ]
(IDSvix86) Symantec Intrusion Prevention Driver [Kernel | System | Running] -> %AllUsersProfile%\Symantec\Definitions\SymcData\ipsdefs\20080818.001\IDSvix86.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 261680 bytes | Modified Date = 3/20/2008 3:37:22 PM | Attr = ]
(igfx) igfx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\igdkmd32.sys -> Intel Corporation [Ver = 7.14.10.1253 | Size = 1674240 bytes | Modified Date = 12/14/2007 10:53:56 PM | Attr = ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 11/2/2006 4:50:17 AM | Attr = ]
(IntcHdmiAddService) Intel(R) High Definition Audio HDMI Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\IntcHdmi.sys -> Intel(R) Corporation [Ver = 6.10.01.2025 built by: WinDDK | Size = 111104 bytes | Modified Date = 12/14/2007 10:54:26 PM | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 4:50:07 AM | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 4:50:09 AM | Attr = ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 4:50:04 AM | Attr = ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 4:50:05 AM | Attr = ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 4:50:10 AM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/19/2006 4:26:58 PM | Attr = ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 11/2/2006 4:49:53 AM | Attr = ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 11/2/2006 4:49:59 AM | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %AllUsersProfile%\Symantec\Definitions\VirusDefs\20080824.007\naveng.sys -> Symantec Corporation [Ver = 20081.2.0.36 | Size = 89104 bytes | Modified Date = 8/20/2008 3:00:00 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %AllUsersProfile%\Symantec\Definitions\VirusDefs\20080824.007\navex15.sys -> Symantec Corporation [Ver = 20081.2.0.36 | Size = 873552 bytes | Modified Date = 8/20/2008 3:00:00 AM | Attr = ]
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 11/2/2006 4:50:19 AM | Attr = ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 11/2/2006 2:36:50 AM | Attr = ]
(nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 11/2/2006 4:50:24 AM | Attr = ]
(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 11/2/2006 4:50:13 AM | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
(OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\OEM02Dev.sys -> Creative Technology Ltd. [Ver = 1.03.01.00 | Size = 235648 bytes | Modified Date = 10/10/2007 5:03:00 PM | Attr = ]
(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\OEM02Vfx.sys -> EyePower Games Pte. Ltd. [Ver = 1.61.00.00 | Size = 7424 bytes | Modified Date = 8/28/2007 12:51:44 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.40a | Size = 36528 bytes | Modified Date = 7/24/2006 4:00:00 AM | Attr = ]
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 11/2/2006 4:51:45 AM | Attr = ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 11/2/2006 4:50:35 AM | Attr = ]
(R300) R300 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\atikmdag.sys -> ATI Technologies Inc. [Ver = 7.01.01.523 | Size = 2028032 bytes | Modified Date = 11/2/2006 2:36:43 AM | Attr = ]
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rimmptsk.sys -> REDC [Ver = 6.00.02.03 | Size = 39936 bytes | Modified Date = 9/6/2007 11:35:14 AM | Attr = ]
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rimsptsk.sys -> REDC [Ver = 6.00.01.10 | Size = 42496 bytes | Modified Date = 9/6/2007 11:35:12 AM | Attr = ]
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rixdptsk.sys -> REDC [Ver = 6.00.01.12 | Size = 37376 bytes | Modified Date = 9/6/2007 11:35:16 AM | Attr = ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/2/2006 1:37:21 AM | Attr = ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 11/2/2006 4:50:10 AM | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 11/2/2006 4:50:16 AM | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 4.1.0.12 | Size = 447024 bytes | Modified Date = 1/16/2008 11:05:42 PM | Attr = ]
(SRTSP) SRTSP [File_System | System | Running] -> %SystemRoot%\System32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 279088 bytes | Modified Date = 1/31/2008 8:51:16 PM | Attr = ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 317616 bytes | Modified Date = 1/31/2008 8:51:16 PM | Attr = ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\System32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 43696 bytes | Modified Date = 1/31/2008 8:51:16 PM | Attr = ]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\stwrt.sys -> IDT, Inc. [Ver = 6.10.5614.0 nd654 cp1 built by: WinDDK | Size = 330240 bytes | Modified Date = 11/12/2007 6:07:28 AM | Attr = ]
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 11/2/2006 4:50:05 AM | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 13616 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 8/4/2008 10:41:54 PM | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 96432 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ]
(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\SymIMV.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 24112 bytes | Modified Date = 6/13/2008 2:14:02 PM | Attr = ]
(SYMNDISV) SYMNDISV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symndisv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 41008 bytes | Modified Date = 6/13/2008 2:13:40 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 22320 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\System32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 184240 bytes | Modified Date = 6/13/2008 2:13:40 PM | Attr = ]
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 11/2/2006 4:49:56 AM | Attr = ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 11/2/2006 4:50:03 AM | Attr = ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 11/2/2006 4:51:25 AM | Attr = ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 11/2/2006 4:50:35 AM | Attr = ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 11/2/2006 4:50:45 AM | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 20152 bytes | Modified Date = 2/11/2008 1:44:11 PM | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 11/2/2006 4:50:41 AM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 659968 bytes | Modified Date = 11/2/2006 9:42:08 PM | Attr = ]
(XAudio) XAudio [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.sys -> Conexant Systems, Inc. [Ver = 1.00.00 built by: WinDDK | Size = 8192 bytes | Modified Date = 8/4/2006 7:39:10 PM | Attr = ]
(yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\yk60x86.sys -> Marvell [Ver = 10.51.1.3 built by: WinDDK | Size = 298496 bytes | Modified Date = 12/6/2007 9:51:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> [] -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ]
Apoint -> %ProgramFiles%\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 7.0.101.207 | Size = 167936 bytes | Modified Date = 10/25/2007 1:31:20 PM | Attr = ]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:24 PM | Attr = ]
Broadcom Wireless Manager UI -> %SystemRoot%\System32\WLTRAY.EXE [C:\Windows\system32\WLTRAY.exe] -> Dell Inc. [Ver = 4.170.25.12 | Size = 3444736 bytes | Modified Date = 12/12/2007 1:02:12 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 1/25/2008 8:47:22 PM | Attr = ]
DELL Webcam Manager -> %ProgramFiles%\Dell\Dell Webcam Manager\DellWMgr.exe ["C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s] -> Creative Technology Ltd. [Ver = 1.3.5.0 | Size = 118784 bytes | Modified Date = 7/27/2007 5:43:34 PM | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:24 PM | Attr = ]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 10/9/2007 7:57:14 PM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 8/1/2008 10:40:34 PM | Attr = ]
HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 154136 bytes | Modified Date = 12/14/2007 10:53:54 PM | Attr = ]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"] -> Intel Corporation [Ver = 7.5.0.1017 | Size = 174872 bytes | Modified Date = 3/21/2007 2:00:00 PM | Attr = ]
IgfxTray -> %SystemRoot%\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 137752 bytes | Modified Date = 12/14/2007 10:54:06 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 10/3/2006 12:37:04 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ]
OEM02Mon.exe -> %SystemRoot%\OEM02Mon.exe [C:\Windows\OEM02Mon.exe] -> Creative Technology Ltd. [Ver = 1.01.01.00 | Size = 36864 bytes | Modified Date = 8/28/2007 12:51:42 AM | Attr = ]
PCMService -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 12/21/2007 11:58:06 AM | Attr = ]
Persistence -> %SystemRoot%\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 133656 bytes | Modified Date = 12/14/2007 10:53:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ]
SigmatelSysTrayApp -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\sttray.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe] -> IDT, Inc. [Ver = 1.0.5614.0 nd654 cp1 | Size = 405504 bytes | Modified Date = 11/12/2007 6:07:24 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:24 PM | Attr = ]
igndlm.exe -> %ProgramFiles%\Download Manager\DLM.exe [C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork] -> IGN Entertainment [Ver = 2.3.6.108 | Size = 1103480 bytes | Modified Date = 3/5/2007 4:57:48 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 8/23/2008 6:05:50 PM | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.806.10245 | Size = 113664 bytes | Modified Date = 8/1/2008 10:40:35 PM | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2927104 bytes | Modified Date = 1/19/2008 2:33:10 AM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 25088 bytes | Modified Date = 1/19/2008 2:33:33 AM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 11580416 bytes | Modified Date = 4/23/2008 11:58:20 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 242688 bytes | Modified Date = 1/19/2008 2:32:57 AM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1253 | Size = 204800 bytes | Modified Date = 12/14/2007 10:53:56 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> F
  • 0

#10
haasd01

haasd01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay, so I split up the scans in order to get the text attachments under the 500 k limit. Here is the check without the "Reg - BotCheck"

Attached Files


  • 0

Advertisements


#11
haasd01

haasd01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here's the scan without the "File - Additional Folder Scans," which was still too large to attach, and so I had to break it into two separate text files.

Attached Files


  • 0

#12
haasd01

haasd01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Alright, here's the second part of the scan without "File - additional, etc., etc.". I'm going to go on a run right now to try to get rid of the frustration I feel. Good luck making sense of my horribly corrupt machine.

Attached Files


Edited by haasd01, 24 August 2008 - 05:37 PM.

  • 0

#13
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Sorry for that,

Would you mind uploading the whole log to http://www.mediafire.com and posting me a link to the download?

Edited by Mike, 25 August 2008 - 04:02 AM.

  • 0

#14
haasd01

haasd01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Actually, I finally got OTviewit to work. I'll attach the scan report. Thank you.

Attached Files


  • 0

#15
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Post extras.txt as well then :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP