Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer very slow

Started by NathanLAckey , Apr 27 2009 05:53 AM

  • Please log in to reply

#1
NathanLAckey
Posted 27 April 2009 - 05:53 AM

NathanLAckey

    New Member

  • Member
  • Pip
  • 5 posts
Can someone please help me w/ this, my computer is so f-d up, I cant load any cleaning or spyware software ie maleware wont load, also Cant run norton at all or system restore, Ive tried everything below are all the logs i believe you might need. Thank You :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:07 AM, on 4/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.3.0.1\gPhotoShow_Toolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Qwest Live - {3E11EEB3-62A4-4F48-B686-DA56D144A4C6} - http://qwest.live.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4328 bytes



Rooter log file :Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:143845 Mo/Free:1906 Mo)
D:\ [Fixed] - NTFS - (Total:8778 Mo/Free:907 Mo)
E:\ [CD-Rom] (Total:2086 Mo/Free:0 Mo)

Mon 04/27/2009| 9:09

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\nvvsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\rundll32.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\Taskmgr.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
--Locked-- iexplore.exe
--Locked-- SearchFilterHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Rogues..

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Privacy Eraser Pro
C:\PROGRA~1\PrivacyEraser Computing


1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/27/2009| 9:12

----------------------\\ Scan completed at 9:12



Tried using OTListIt2 scans for a sec then progam non responsive

Finally got it to go Here:

OTListIt logfile created on: 4/27/2009 9:36:51 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\melissa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.88% Memory free
4.00 Gb Paging File | 3.17 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.47 Gb Total Space | 93.70 Gb Free Space | 66.70% Space Free | Partition Type: NTFS
Drive D: | 8.57 Gb Total Space | 0.89 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive E: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: melissa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\melissa\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (.norton2009Reset [Auto | Stopped]) -- C:\ProgramData\Norton\Norton2009Reset.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LVCOMSer [Disabled | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Disabled | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Norton Internet Security [Auto | Running]) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SBSDWSCService [Disabled | Stopped]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Seekeen Service [Disabled | Stopped]) -- File not found
SRV - (SupportSoft RemoteAssist [Disabled | Stopped]) -- File not found
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BHDrvx86 [Auto | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys (Symantec Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (ccHP [System | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\ccHPx86.sys (Symantec Corporation)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (IDSVix86 [System | Running]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSvix86.sys (Symantec Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LVPr2Mon [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\Windows\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090426.023\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090426.023\NAVEX15.SYS (Symantec Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PID_0928 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SRTSP [On_Demand | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS (Symantec Corporation)
DRV - (StillCam [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SymEFA [Boot | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\SYMFW.SYS (Symantec Corporation)
DRV - (SymIM [System | Running]) -- C:\Windows\system32\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV - (SYMNDISV [On_Demand | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\SYMTDI.SYS (Symantec Corporation)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (VSTHWBS2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value Default_Secondary_Page_URL = 0 bytes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value Secondary Start Pages = 0 bytes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/22 05:53:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 10:19:31 | 00,000,000 | ---D | M]

[2009/04/03 15:49:28 | 00,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\mozilla\Extensions
[2009/04/03 15:49:28 | 00,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/11/18 14:38:37 | 00,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/04/26 16:26:23 | 00,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\mozilla\Firefox\Profiles\p2fhzlnp.default\extensions
[2009/04/13 23:16:22 | 00,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\mozilla\Firefox\Profiles\p2fhzlnp.default\extensions\[email protected]
[2009/04/27 09:30:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 05:53:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/22 05:53:16 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 05:53:16 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 11:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 11:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 11:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 11:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 11:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/03 15:49:06 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/03/26 11:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 11:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (909 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (gPhotoShow Toolbar) - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.3.0.1\gPhotoShow_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf () - [ NTFS ]
O32 - Autorun File - D:\autorun.inf () - [ NTFS ]
O32 - Autorun File - E:\AutoRun.exe (Electronic Arts Inc.) - [ UDF ]
O32 - Autorun File - E:\AutoRun.exe (Electronic Arts Inc.) - [ UDF ]
O32 - Autorun File - E:\AutoRunGUI.dll (Electronic Arts Inc.) - [ UDF ]
O32 - Autorun File - E:\autorun.ico () - [ UDF ]
O32 - Autorun File - E:\autorun.inf () - [ UDF ]
O33 - MountPoints2\{1375efce-9802-11dc-aaef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1375efce-9802-11dc-aaef-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007/07/20 10:16:58 | 00,634,880 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[165 C:\Windows\*.tmp files]
[2009/04/27 09:36:18 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\melissa\Desktop\OTListIt2.exe
[2009/04/27 09:24:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/04/27 09:23:56 | 00,000,913 | ---- | C] () -- C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/27 09:23:02 | 00,000,733 | ---- | C] () -- C:\Users\melissa\Desktop\NTREGOPT.lnk
[2009/04/27 09:23:01 | 00,000,714 | ---- | C] () -- C:\Users\melissa\Desktop\ERUNT.lnk
[2009/04/27 09:22:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/27 09:09:16 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/27 04:33:34 | 01,494,433 | -H-- | C] () -- C:\Users\melissa\AppData\Local\IconCache.db
[2009/04/27 01:42:56 | 00,000,344 | RHS- | C] () -- C:\autorun.inf
[2009/04/27 01:42:56 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/04/26 16:56:55 | 00,002,625 | ---- | C] () -- C:\Users\melissa\Desktop\TW Caddie 08.lnk
[2009/04/26 16:56:54 | 00,000,000 | ---D | C] -- C:\Program Files\CourseDownloads.com
[2009/04/26 16:56:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CourseDownloads.com
[2009/04/24 12:25:34 | 00,000,000 | ---D | C] -- C:\Users\melissa\AppData\Local\CourseDownloads.com
[2009/04/15 03:00:51 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2009/04/15 02:47:35 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/15 02:47:32 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/15 02:47:32 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/15 02:47:19 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/15 02:47:19 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/15 02:47:19 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/15 02:47:17 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/15 02:47:17 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/15 02:47:17 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/15 02:47:17 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/15 02:47:17 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/15 02:47:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/15 02:47:17 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/15 02:47:09 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/15 02:47:08 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/15 02:47:08 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/15 02:47:08 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/15 02:47:08 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/03 15:49:06 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/04/03 15:49:01 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/02 17:38:59 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/04/02 17:38:59 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/04/02 17:38:59 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/04/02 17:38:59 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/04/02 17:38:59 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/04/02 17:38:59 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/02 17:38:58 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/04/02 17:38:58 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/04/02 17:38:58 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/04/02 17:38:57 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/02 17:38:57 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/04/02 17:38:57 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/04/02 17:38:57 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/04/02 17:38:57 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/04/02 17:38:57 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/04/02 17:38:57 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/04/02 17:38:57 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/04/02 17:38:56 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/04/02 17:38:56 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/02 17:38:56 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/04/02 17:38:56 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/04/02 17:38:56 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/04/02 17:38:56 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/02 17:38:56 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/04/02 17:38:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/04/02 17:38:56 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/04/02 17:38:56 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/04/02 17:38:55 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/02 17:38:55 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/04/02 17:38:54 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/02 17:38:54 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/04/02 17:38:54 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/04/02 17:38:54 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/04/02 17:38:53 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/04/02 17:38:53 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/04/02 17:38:53 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/02 17:38:53 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/04/02 17:38:53 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/04/02 17:38:51 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/04/02 17:38:51 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/02 17:38:51 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/04/02 17:38:51 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/04/02 17:38:51 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/04/02 17:38:51 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/04/02 17:38:51 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/04/02 17:38:51 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/04/02 17:38:50 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/02 17:38:50 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/04/02 17:38:44 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/02 17:38:44 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/02 17:38:44 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/04/02 17:38:43 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/04/02 17:38:43 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/02 17:38:42 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/02 17:38:42 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/02 17:21:08 | 00,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2009/04/02 14:20:12 | 00,000,000 | ---D | C] -- C:\Users\melissa\AppData\Roaming\Opera
[2009/04/02 14:20:12 | 00,000,000 | ---D | C] -- C:\Users\melissa\AppData\Local\Opera
[2009/04/02 14:17:51 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/04/01 13:31:45 | 01,470,054 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\Cat.DB
[2009/04/01 13:31:13 | 00,025,136 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2009/04/01 13:31:09 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/04/01 13:31:09 | 00,007,386 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/04/01 13:31:09 | 00,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/04/01 13:31:09 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/04/01 13:30:52 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\SymEFA.sys
[2009/04/01 13:30:52 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\srtsp.sys
[2009/04/01 13:30:52 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symtdi.sys
[2009/04/01 13:30:52 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symfw.sys
[2009/04/01 13:30:52 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\srtspx.sys
[2009/04/01 13:30:52 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symndisv.sys
[2009/04/01 13:30:52 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symndis.sys
[2009/04/01 13:30:52 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symids.sys
[2009/04/01 13:30:51 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/04/01 13:30:51 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys
[2009/04/01 13:30:43 | 00,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\SymEFA.inf
[2009/04/01 13:30:43 | 00,001,753 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\ccHPx86.inf
[2009/04/01 13:30:43 | 00,001,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\SymNet.inf
[2009/04/01 13:30:43 | 00,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\srtspx.inf
[2009/04/01 13:30:43 | 00,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\srtsp.inf
[2009/04/01 13:30:43 | 00,000,640 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\BHDrvx86.inf
[2009/04/01 13:30:43 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\isolate.ini
[2009/04/01 13:30:34 | 00,009,423 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\SymNet.cat
[2009/04/01 13:30:34 | 00,007,410 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\SymEFA.cat
[2009/04/01 13:30:34 | 00,007,372 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\srtspx.cat
[2009/04/01 13:30:34 | 00,007,364 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\BHDrvx86.CAT
[2009/04/01 13:30:34 | 00,007,355 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\srtsp.cat
[2009/04/01 13:30:34 | 00,007,347 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1005000.087\ccHPx86.cat
[2009/04/01 13:30:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1005000.087
[2009/04/01 13:30:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2009/04/01 13:30:32 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/04/01 13:30:24 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2008/12/27 16:02:00 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/16 06:50:37 | 00,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/11/18 14:54:11 | 00,000,000 | ---- | C] () -- C:\Windows\galaxy.ini
[2008/08/18 18:29:45 | 00,000,037 | ---- | C] () -- C:\Windows\Wininit.ini
[2008/07/26 08:25:02 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/12/07 09:31:10 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/12/07 09:31:01 | 01,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/12/07 09:31:01 | 00,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/12/07 09:30:51 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/12/07 09:30:51 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/11/23 19:12:39 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/10/12 01:11:58 | 00,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[165 C:\Windows\*.tmp files]
[2009/04/27 09:40:05 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{245AE93B-878C-4C5D-8288-8A050F9C35B4}.job
[2009/04/27 09:36:32 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\melissa\Desktop\OTListIt2.exe
[2009/04/27 09:30:05 | 00,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/27 09:30:05 | 00,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/27 09:29:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/27 09:29:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/27 09:28:30 | 01,494,433 | -H-- | M] () -- C:\Users\melissa\AppData\Local\IconCache.db
[2009/04/27 09:23:56 | 00,000,913 | ---- | M] () -- C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/27 09:23:02 | 00,000,733 | ---- | M] () -- C:\Users\melissa\Desktop\NTREGOPT.lnk
[2009/04/27 09:23:01 | 00,000,714 | ---- | M] () -- C:\Users\melissa\Desktop\ERUNT.lnk
[2009/04/27 06:07:40 | 00,000,037 | ---- | M] () -- C:\Windows\Wininit.ini
[2009/04/27 04:33:04 | 01,470,054 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\Cat.DB
[2009/04/27 04:29:15 | 00,001,356 | ---- | M] () -- C:\Users\melissa\AppData\Local\d3d9caps.dat
[2009/04/27 03:50:13 | 00,000,344 | RHS- | M] () -- C:\autorun.inf
[2009/04/27 02:18:04 | 00,221,696 | ---- | M] () -- C:\Users\melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 16:57:55 | 00,002,625 | ---- | M] () -- C:\Users\melissa\Desktop\TW Caddie 08.lnk
[2009/04/16 17:23:16 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/16 17:23:16 | 00,598,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/16 17:23:16 | 00,101,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/06 07:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/04/03 15:49:06 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/04/03 14:59:49 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/04/02 17:21:08 | 00,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2009/04/01 13:31:09 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/04/01 13:31:09 | 00,007,386 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/04/01 13:31:09 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/04/01 13:31:02 | 00,000,502 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/04/01 13:30:52 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\SymEFA.sys
[2009/04/01 13:30:52 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\srtsp.sys
[2009/04/01 13:30:52 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symtdi.sys
[2009/04/01 13:30:52 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symfw.sys
[2009/04/01 13:30:52 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\srtspx.sys
[2009/04/01 13:30:52 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symndisv.sys
[2009/04/01 13:30:52 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symndis.sys
[2009/04/01 13:30:52 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\symids.sys
[2009/04/01 13:30:52 | 00,025,136 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2009/04/01 13:30:51 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/04/01 13:30:51 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys
[2009/04/01 13:30:43 | 00,003,373 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\SymEFA.inf
[2009/04/01 13:30:43 | 00,001,753 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\ccHPx86.inf
[2009/04/01 13:30:43 | 00,001,528 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\SymNet.inf
[2009/04/01 13:30:43 | 00,001,389 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\srtspx.inf
[2009/04/01 13:30:43 | 00,001,383 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\srtsp.inf
[2009/04/01 13:30:43 | 00,000,640 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\BHDrvx86.inf
[2009/04/01 13:30:43 | 00,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\isolate.ini
[2009/04/01 13:30:34 | 00,009,423 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\SymNet.cat
[2009/04/01 13:30:34 | 00,007,410 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\SymEFA.cat
[2009/04/01 13:30:34 | 00,007,372 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\srtspx.cat
[2009/04/01 13:30:34 | 00,007,364 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\BHDrvx86.CAT
[2009/04/01 13:30:34 | 00,007,355 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\srtsp.cat
[2009/04/01 13:30:34 | 00,007,347 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1005000.087\ccHPx86.cat

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06
< End of report >



OTListIt Extras logfile created on: 4/27/2009 9:36:51 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\melissa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.88% Memory free
4.00 Gb Paging File | 3.17 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.47 Gb Total Space | 93.70 Gb Free Space | 66.70% Space Free | Partition Type: NTFS
Drive D: | 8.57 Gb Total Space | 0.89 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive E: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: melissa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{4c72f5a7-06e6-419d-b707-4fb8de264629}" = Nero 9 Trial
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58A49B80-2595-4C9D-B3EB-261E68A2C4D1}_is1" = Wallpaper SlideShow LT 1.4.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B400B310-7F30-48A2-BED4-AD7F435E8D44}" = TW Caddie 08
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D3903688-F924-4AD8-B762-259CF2946C4E}" = QuickConnect
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7AD1EF2-2670-40C2-A541-939265AF2F18}_is1" = Privacy Eraser Pro
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ClubWPT" = ClubWPT
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESPN_is1" = ESPN Version 2.0.7.14
"gPhotoShow Toolbar" = gPhotoShow Toolbar
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"QcDrv" = Logitech® Camera Driver
"Registry Repair Wizard_is1" = Registry Repair Wizard
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2009 6:27:29 AM | Computer Name = Home | Source = Application Hang | ID = 1002
Description = The program TW2008.exe version 3.2.7.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1a0c Start Time: 01c9c717ba4a542d Termination Time: 64

Error - 4/27/2009 6:47:52 AM | Computer Name = Home | Source = Application Hang | ID = 1002
Description = The program ccSvcHst.exe version 108.1.0.24 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: bbc Start Time: 01c9c5091c1233a0 Termination Time: 60000

Error - 4/27/2009 6:49:05 AM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 4/27/2009 6:50:26 AM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 4/27/2009 6:54:23 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.33.0.0, time stamp 0x496e62ee,
faulting module mbam.exe, version 1.33.0.0, time stamp 0x496e62ee, exception code
0x80000003, fault offset 0x00002e4c, process id 0x878, application start time 0x01c9c72685d9213a.

Error - 4/27/2009 7:08:23 AM | Computer Name = Home | Source = Application Hang | ID = 1002
Description = The program TW2008.exe version 3.2.7.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 8a8 Start Time: 01c9c726ad14e8ec Termination Time: 20

Error - 4/27/2009 7:15:36 AM | Computer Name = Home | Source = Application Hang | ID = 1002
Description = The program ccSvcHst.exe version 108.1.0.24 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b88 Start Time: 01c9c72661a00225 Termination Time: 60000

Error - 4/27/2009 7:17:17 AM | Computer Name = Home | Source = Application Hang | ID = 1002
Description = The program ccSvcHst.exe version 108.1.0.24 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b88 Start Time: 01c9c72661a00225 Termination Time: 60000

Error - 4/27/2009 7:20:43 AM | Computer Name = Home | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2009 7:21:40 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.33.0.0, time stamp 0x496e62ee,
faulting module mbam.exe, version 1.33.0.0, time stamp 0x496e62ee, exception code
0x80000003, fault offset 0x00002e4c, process id 0x6cc, application start time 0x01c9c72a55df90be.

[ Media Center Events ]
Error - 4/20/2008 12:15:14 AM | Computer Name = melissa-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 11/16/2008 2:49:21 AM | Computer Name = Home | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 4/27/2009 7:34:53 AM | Computer Name = Home | Source = HTTP | ID = 15016
Description =

Error - 4/27/2009 7:36:19 AM | Computer Name = Home | Source = Service Control Manager | ID = 7009
Description =

Error - 4/27/2009 7:36:19 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2009 11:50:44 AM | Computer Name = Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:49:30 AM on 4/27/2009 was unexpected.

Error - 4/27/2009 11:50:46 AM | Computer Name = Home | Source = HTTP | ID = 15016
Description =

Error - 4/27/2009 11:52:07 AM | Computer Name = Home | Source = Service Control Manager | ID = 7009
Description =

Error - 4/27/2009 11:52:07 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2009 12:29:59 PM | Computer Name = Home | Source = HTTP | ID = 15016
Description =

Error - 4/27/2009 12:31:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7009
Description =

Error - 4/27/2009 12:31:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Edited by NathanLAckey, 27 April 2009 - 04:25 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP