Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

tidserv & search redirect issues after internet security 2010 repa

Started by Zymergist , Dec 20 2009 12:07 AM

  • This topic is locked This topic is locked

#1
Zymergist
Posted 20 December 2009 - 12:07 AM

Zymergist

    New Member

  • Member
  • Pip
  • 6 posts
Hello! and Thanks in advance

Trying to patch up my Wifes laptop. we think she got infected from a Hyenacart cloth diapering store of all places.

Last weekend I dug out the "Internet Security 2010" ransomware. It disabled taskmanager, .EXE files, the registy editor, safe mode etc. I used Pocket Killbox to delete the running file, and MBAM to dig the rest out. Thought that was it, but she has still been having problems:

Any search engine links redirect and bounce through a number of pages then land on random ad sites We added Norton 360 after the last round and it keeps poping up that it is blocking a RISK: "HTTPS Tidserv C and C Domain Request" by "a57990057.cn", Application Path "\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE" (I have a screen shot....)

Norton scans come back clean. A MBAM detailed scan came back clean.
When I tried to run Sysrestorpoint.exe no task window opened but a process with the same name launched using 99% processor capacity for over 30 min brfore I killed it and rebooted.

Here are the requested logs:




Malwarebytes' Anti-Malware 1.42
Database version: 3395
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2009 5:41:36 PM
mbam-log-2009-12-19 (17-41-36).txt

Scan type: Quick Scan
Objects scanned: 116554
Time elapsed: 19 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-19 21:10:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\B\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT 82E0A1C8 ZwAlertResumeThread
SSDT 829790C8 ZwAlertThread
SSDT 8295B070 ZwAllocateVirtualMemory
SSDT 82DC1F48 ZwAssignProcessToJobObject
SSDT 82D3C630 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xED9D8130]
SSDT 82C90CA8 ZwCreateMutant
SSDT 82DA6DC0 ZwCreateSymbolicLinkObject
SSDT 82CCC058 ZwCreateThread
SSDT 8297B090 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xED9D83B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xED9D8910]
SSDT 8295B008 ZwDuplicateObject
SSDT 82DE9788 ZwFreeVirtualMemory
SSDT 82C90D78 ZwImpersonateAnonymousToken
SSDT 82E0A108 ZwImpersonateThread
SSDT 82D54C08 ZwLoadDriver
SSDT 82D651A8 ZwMapViewOfSection
SSDT 82C90BE8 ZwOpenEvent
SSDT 82CCE1B0 ZwOpenProcess
SSDT 8295B140 ZwOpenProcessToken
SSDT 82D380D0 ZwOpenSection
SSDT 82CCE0E0 ZwOpenThread
SSDT 82DC1E58 ZwProtectVirtualMemory
SSDT 829640E0 ZwResumeThread
SSDT 8296E140 ZwSetContextThread
SSDT 8296E008 ZwSetInformationProcess
SSDT 8297B170 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xED9D8B60]
SSDT 82D38190 ZwSuspendProcess
SSDT 82979188 ZwSuspendThread
SSDT 8294A118 ZwTerminateProcess
SSDT 8296E080 ZwTerminateThread
SSDT 82D650E8 ZwUnmapViewOfSection
SSDT 82DE9858 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device BA620D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\atapi \Device\Harddisk0\DR0 82EC8618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----





OTL logfile created on: 12/19/2009 9:14:58 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\B\Desktop\Debug
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 17.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.88 Gb Total Space | 5.22 Gb Free Space | 18.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BETH
Current User Name: B
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/19 17:07:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B\Desktop\Debug\OTL.exe
PRC - [2009/12/15 21:12:23 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/12 03:10:54 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
PRC - [2005/03/03 20:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
PRC - [2005/02/17 08:50:22 | 00,847,983 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2005/02/17 08:50:22 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2004/12/05 22:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/12/04 00:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/12/03 18:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2004/09/13 13:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 11:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/29 09:20:10 | 00,118,784 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\BACS\BacsTray.exe
PRC - [2004/04/26 05:04:14 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/04/01 15:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe
PRC - [2003/05/31 15:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2009/12/19 17:07:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B\Desktop\Debug\OTL.exe
MOD - [2009/12/15 21:11:52 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\asOEHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/15 21:12:23 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/03 20:29:02 | 00,356,352 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/02/17 08:50:22 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc)
SRV - [2004/12/04 00:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/14 22:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/01 15:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)
SRV - [2003/07/28 09:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/31 15:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Web Search: FLYLADY"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie8"
FF - prefs.js..extensions.enabledItems: [email protected]:3.1
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 21:53:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 21:53:18 | 00,000,000 | ---D | M]

[2009/07/31 07:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Extensions
[2009/12/18 22:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\emfm9se9.default\extensions
[2009/08/09 19:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\emfm9se9.default\extensions\[email protected]
[2009/08/09 19:46:09 | 00,001,417 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\emfm9se9.default\searchplugins\web-search-flylady.xml
[2009/12/19 16:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6D263CCF-3819-4474-A800-69E5AE6F7CFE} http://symantec.gtwe...ll/gtdownpc.cab (PCPal Content Update)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1182224762328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} http://a248.e.akamai...ol/SymDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 14:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/03/02 12:03:35 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (52920800314916864)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/19 16:58:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/19 16:58:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/19 16:55:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/19 16:46:05 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/19 15:53:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\Debug
[2009/12/15 21:13:10 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/12/15 21:12:52 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/15 21:12:51 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/15 21:12:29 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009/12/15 21:12:28 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009/12/15 21:12:28 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009/12/15 21:12:28 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009/12/15 21:12:28 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009/12/15 21:12:28 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009/12/15 21:12:28 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009/12/15 21:12:28 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009/12/15 21:12:27 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009/12/15 21:12:27 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009/12/15 21:11:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0305020.00B
[2009/12/15 21:11:15 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009/12/15 21:10:46 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/15 20:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Malwarebytes
[2009/12/15 20:17:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/15 20:17:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/15 20:08:06 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/12/15 10:03:46 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/12/15 09:50:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Symantec
[2009/12/15 09:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2009/12/15 09:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/12/15 09:01:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Downloaded Installations
[2009/12/15 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009/12/15 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0300000.087
[2009/12/15 08:59:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/12/15 08:59:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/12/15 08:12:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/02 20:09:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/30 15:43:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/11 20:23:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/11 14:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/19 17:06:23 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\B\Desktop\gmer.exe
[2009/12/19 16:58:15 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/19 16:47:03 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\B\Desktop\NTREGOPT.lnk
[2009/12/19 16:47:03 | 00,000,624 | ---- | M] () -- C:\Documents and Settings\B\Desktop\ERUNT.lnk
[2009/12/19 16:12:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/19 16:10:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/19 16:09:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/19 16:09:29 | 53,627,2896 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/19 16:07:42 | 04,194,304 | ---- | M] () -- C:\Documents and Settings\B\NTUSER.DAT
[2009/12/19 16:07:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\B\ntuser.ini
[2009/12/19 15:52:49 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\B\Desktop\WordPad.lnk
[2009/12/19 10:10:55 | 05,362,862 | -H-- | M] () -- C:\Documents and Settings\B\Local Settings\Application Data\IconCache.db
[2009/12/18 23:32:39 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D5ABFCB1-1ADE-4E3E-B378-8B31401E9391}.job
[2009/12/18 18:53:54 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\B\My Documents\Address list.xls
[2009/12/15 21:14:21 | 00,657,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009/12/15 21:12:51 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/15 21:12:51 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/15 21:12:51 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/15 21:12:51 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/15 21:12:32 | 00,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/12/15 21:12:29 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009/12/15 21:12:29 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009/12/15 21:12:28 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009/12/15 21:12:28 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009/12/15 21:12:28 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009/12/15 21:12:28 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009/12/15 21:12:28 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/12/15 21:12:28 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009/12/15 21:12:28 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009/12/15 21:12:27 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009/12/15 21:12:27 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009/12/15 21:11:42 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009/12/15 21:11:42 | 00,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009/12/15 21:11:42 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009/12/15 21:11:41 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009/12/15 21:11:41 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009/12/15 21:11:41 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009/12/15 21:11:40 | 00,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009/12/15 21:11:40 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009/12/15 21:11:19 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009/12/15 21:11:19 | 00,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009/12/15 21:11:18 | 00,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009/12/15 21:11:18 | 00,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009/12/15 21:11:18 | 00,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009/12/15 21:11:18 | 00,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009/12/15 21:11:18 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009/12/15 19:23:50 | 60,607,6928 | -HS- | M] () -- C:\NRTPage.sys
[2009/12/15 09:59:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/15 09:39:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/15 09:19:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/15 09:02:20 | 00,657,612 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\Cat.DB
[2009/12/15 08:15:33 | 00,355,108 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/13 17:33:34 | 00,402,994 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/13 17:33:34 | 00,062,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/13 17:33:33 | 00,471,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/13 15:22:14 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/13 15:20:41 | 02,000,740 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/07 19:48:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

========== Files Created - No Company Name ==========

[2009/12/19 17:44:27 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\B\Desktop\gmer.exe
[2009/12/19 16:58:15 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/19 16:47:03 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\B\Desktop\NTREGOPT.lnk
[2009/12/19 16:47:02 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\B\Desktop\ERUNT.lnk
[2009/12/19 15:52:49 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\B\Desktop\WordPad.lnk
[2009/12/17 14:51:11 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\B\My Documents\Address list.xls
[2009/12/15 21:13:47 | 00,657,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009/12/15 21:12:51 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/15 21:12:51 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/15 21:12:32 | 00,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/12/15 21:11:42 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009/12/15 21:11:42 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009/12/15 21:11:42 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009/12/15 21:11:41 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009/12/15 21:11:41 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009/12/15 21:11:41 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009/12/15 21:11:40 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009/12/15 21:11:40 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009/12/15 21:11:19 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009/12/15 21:11:19 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009/12/15 21:11:18 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009/12/15 21:11:18 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009/12/15 21:11:18 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009/12/15 21:11:18 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009/12/15 21:11:18 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009/12/15 19:23:50 | 60,607,6928 | -HS- | C] () -- C:\NRTPage.sys
[2009/12/15 09:59:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/12/15 09:39:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/15 09:02:03 | 00,657,612 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\Cat.DB
[2009/12/15 08:02:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/08/19 18:23:24 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/01 16:25:39 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/27 19:38:01 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\TnetWCoInst.dll
[2006/05/14 17:44:26 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/20 21:15:04 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/01 12:40:42 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/01/01 12:40:41 | 01,204,224 | ---- | C] () -- C:\WINDOWS\System32\bcmwcfg.dll
[2006/01/01 12:40:40 | 00,946,176 | ---- | C] () -- C:\WINDOWS\System32\bcmacfg.dll
[2006/01/01 12:40:40 | 00,909,312 | ---- | C] () -- C:\WINDOWS\System32\bcmctrls.dll
[2005/06/13 19:29:30 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\B\Local Settings\Application Data\fusioncache.dat
[2005/05/20 12:59:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/20 12:56:43 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/20 12:49:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/20 12:41:13 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/05/20 12:18:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/05/20 12:17:18 | 00,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 20:57:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 14:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 14:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 12:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2005/06/08 19:20:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2007/10/29 20:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/07/22 04:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/10/08 18:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/01/07 22:45:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/04/11 19:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/09/11 18:00:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/05/14 17:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/03 09:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/10/06 19:21:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/12/15 09:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2006/05/14 17:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\acccore
[2005/06/20 21:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Leadertech
[2009/09/11 17:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\PlayFirst
[2007/10/30 23:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Sammsoft
[2009/08/19 18:34:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Ulead Systems
[2007/06/23 15:48:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Viewpoint
[2008/06/17 13:18:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\WholeSecurity
[2009/12/07 19:48:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/12/18 23:32:39 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D5ABFCB1-1ADE-4E3E-B378-8B31401E9391}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/03/11 01:16:44 | 45,469,528 | ---- | M] () -- C:\NIS06910.exe
[2006/01/01 15:21:10 | 05,834,344 | ---- | M] () -- C:\winzip100.exe


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 20:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 20:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 02:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 02:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 02:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >
SRV - [2009/12/15 21:12:23 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/03 20:29:02 | 00,356,352 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/02/17 08:50:22 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc)
SRV - [2004/12/04 00:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/14 22:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/01 15:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)
SRV - [2003/07/28 09:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/31 15:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - [2009/12/15 21:12:51 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/15 21:12:29 | 00,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/12/15 21:12:28 | 00,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMEFA.SYS -- (SymEFA)
DRV - [2009/12/15 21:12:28 | 00,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/15 21:12:28 | 00,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMFW.SYS -- (SYMFW)
DRV - [2009/12/15 21:12:28 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/12/15 21:12:28 | 00,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/12/15 21:12:28 | 00,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/12/15 21:12:28 | 00,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/12/15 21:12:28 | 00,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/12/15 21:12:27 | 00,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\ccHPx86.sys -- (ccHP)
DRV - [2009/12/15 21:12:27 | 00,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/15 21:12:27 | 00,026,600 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/12/15 11:37:32 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091219.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/15 11:37:32 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/15 11:37:32 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/15 11:37:32 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091219.020\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/28 14:37:22 | 00,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/05/20 12:41:22 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/11 05:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/05 22:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/05 22:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/05 22:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/05 22:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/05 22:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/05 22:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/05 22:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/05 22:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/05 22:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/04 00:34:26 | 00,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/01 00:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/22 23:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 13:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 16:52:46 | 00,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/09/03 14:23:38 | 00,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/04 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 19:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/01 23:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/07/14 08:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 08:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/30 06:39:36 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2004/06/17 17:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 17:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/03 18:26:16 | 00,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/02/13 13:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2004/02/09 11:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003/04/24 13:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BASFND.sys -- (BASFND)
DRV - [2003/01/30 08:52:48 | 00,011,904 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FADXP32.sys -- (FAD)
DRV - [2001/08/17 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 09:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Web Search: FLYLADY"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie8"
FF - prefs.js..extensions.enabledItems: [email protected]:3.1
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 21:53:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 21:53:18 | 00,000,000 | ---D | M]

[2009/07/31 07:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Extensions
[2009/12/18 22:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\emfm9se9.default\extensions
[2009/08/09 19:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\emfm9se9.default\extensions\[email protected]
[2009/08/09 19:46:09 | 00,001,417 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\emfm9se9.default\searchplugins\web-search-flylady.xml
[2009/12/19 16:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6D263CCF-3819-4474-A800-69E5AE6F7CFE} http://symantec.gtwe...ll/gtdownpc.cab (PCPal Content Update)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1182224762328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} http://a248.e.akamai...ol/SymDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 14:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/19 16:58:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/19 16:58:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/19 16:55:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/19 15:53:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\Debug
[2009/12/15 21:13:10 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/12/15 21:12:52 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/15 21:12:51 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/15 21:12:29 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009/12/15 21:12:28 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009/12/15 21:12:28 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009/12/15 21:12:28 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009/12/15 21:12:28 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009/12/15 21:12:28 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009/12/15 21:12:28 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009/12/15 21:12:28 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009/12/15 21:12:27 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009/12/15 21:12:27 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009/12/15 21:11:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0305020.00B
[2009/12/15 20:08:06 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/12/15 09:02:57 | 00,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/12/15 09:02:55 | 00,026,600 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/12/15 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009/12/15 08:59:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0300000.087

========== Files - Modified Within 14 Days ==========

[2009/12/19 17:06:23 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\B\Desktop\gmer.exe
[2009/12/19 16:58:15 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/19 16:47:03 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\B\Desktop\NTREGOPT.lnk
[2009/12/19 16:47:03 | 00,000,624 | ---- | M] () -- C:\Documents and Settings\B\Desktop\ERUNT.lnk
[2009/12/19 16:12:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/19 16:10:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/19 16:09:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/19 16:09:29 | 53,627,2896 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/19 16:07:42 | 04,194,304 | ---- | M] () -- C:\Documents and Settings\B\NTUSER.DAT
[2009/12/19 16:07:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\B\ntuser.ini
[2009/12/19 15:52:49 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\B\Desktop\WordPad.lnk
[2009/12/19 10:10:55 | 05,362,862 | -H-- | M] () -- C:\Documents and Settings\B\Local Settings\Application Data\IconCache.db
[2009/12/18 23:32:39 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D5ABFCB1-1ADE-4E3E-B378-8B31401E9391}.job
[2009/12/18 18:53:54 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\B\My Documents\Address list.xls
[2009/12/15 21:14:21 | 00,657,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009/12/15 21:12:51 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/15 21:12:51 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/15 21:12:51 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/15 21:12:51 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/15 21:12:32 | 00,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/12/15 21:12:29 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009/12/15 21:12:29 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009/12/15 21:12:28 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009/12/15 21:12:28 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009/12/15 21:12:28 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009/12/15 21:12:28 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009/12/15 21:12:28 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/12/15 21:12:28 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009/12/15 21:12:28 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009/12/15 21:12:27 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009/12/15 21:12:27 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009/12/15 21:12:27 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/12/15 21:12:10 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/12/15 21:11:42 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009/12/15 21:11:42 | 00,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009/12/15 21:11:42 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009/12/15 21:11:41 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009/12/15 21:11:41 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009/12/15 21:11:41 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009/12/15 21:11:40 | 00,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009/12/15 21:11:40 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009/12/15 21:11:19 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009/12/15 21:11:19 | 00,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009/12/15 21:11:18 | 00,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009/12/15 21:11:18 | 00,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009/12/15 21:11:18 | 00,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009/12/15 21:11:18 | 00,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009/12/15 21:11:18 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009/12/15 19:23:50 | 60,607,6928 | -HS- | M] () -- C:\NRTPage.sys
[2009/12/15 09:59:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/15 09:39:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/15 09:19:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/15 09:02:20 | 00,657,612 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\Cat.DB
[2009/12/15 08:15:33 | 00,355,108 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/13 17:33:34 | 00,402,994 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/13 17:33:34 | 00,062,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/13 17:33:33 | 00,471,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/13 15:22:14 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/13 15:20:41 | 02,000,740 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/07 19:48:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/05 14:44:13 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\B\My Documents\Sit Means Sit testimonial.doc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 20:05:58 | 00,002,507 | ---- | M] () -- C:\Documents and Settings\B\Desktop\9mopin.jpg
[2009/11/23 10:40:13 | 00,122,045 | ---- | M] () -- C:\Documents and Settings\B\My Documents\purses.pdf

========== Files Created - No Company Name ==========

[2009/12/19 17:44:27 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\B\Desktop\gmer.exe
[2009/12/19 16:58:15 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/19 16:47:03 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\B\Desktop\NTREGOPT.lnk
[2009/12/19 16:47:02 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\B\Desktop\ERUNT.lnk
[2009/12/19 15:52:49 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\B\Desktop\WordPad.lnk
[2009/12/17 14:51:11 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\B\My Documents\Address list.xls
[2009/12/15 21:13:47 | 00,657,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009/12/15 21:12:51 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/15 21:12:51 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/15 21:12:32 | 00,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/12/15 21:11:42 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009/12/15 21:11:42 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009/12/15 21:11:42 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009/12/15 21:11:41 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009/12/15 21:11:41 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009/12/15 21:11:41 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009/12/15 21:11:40 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009/12/15 21:11:40 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009/12/15 21:11:19 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009/12/15 21:11:19 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009/12/15 21:11:18 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009/12/15 21:11:18 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009/12/15 21:11:18 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009/12/15 21:11:18 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009/12/15 21:11:18 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009/12/15 19:23:50 | 60,607,6928 | -HS- | C] () -- C:\NRTPage.sys
[2009/12/15 09:59:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/12/15 09:39:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/15 09:02:03 | 00,657,612 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\Cat.DB
[2009/12/15 08:02:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/12/05 14:44:13 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\B\My Documents\Sit Means Sit testimonial.doc
[2009/11/24 20:05:48 | 00,002,507 | ---- | C] () -- C:\Documents and Settings\B\Desktop\9mopin.jpg
[2009/11/23 10:40:04 | 00,122,045 | ---- | C] () -- C:\Documents and Settings\B\My Documents\purses.pdf
[2009/08/19 18:23:24 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/01 16:25:39 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/27 19:38:01 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\TnetWCoInst.dll
[2006/05/14 17:44:26 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/20 21:15:04 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/01 12:40:42 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/01/01 12:40:41 | 01,204,224 | ---- | C] () -- C:\WINDOWS\System32\bcmwcfg.dll
[2006/01/01 12:40:40 | 00,946,176 | ---- | C] () -- C:\WINDOWS\System32\bcmacfg.dll
[2006/01/01 12:40:40 | 00,909,312 | ---- | C] () -- C:\WINDOWS\System32\bcmctrls.dll
[2005/06/13 19:29:30 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\B\Local Settings\Application Data\fusioncache.dat
[2005/05/20 12:59:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/20 12:56:43 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/20 12:49:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/20 12:41:13 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/05/20 12:18:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/05/20 12:17:18 | 00,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 20:57:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 14:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 14:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 12:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/07 19:48:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/12/18 23:32:39 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D5ABFCB1-1ADE-4E3E-B378-8B31401E9391}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/03/11 01:16:44 | 45,469,528 | ---- | M] () -- C:\NIS06910.exe
[2006/01/01 15:21:10 | 05,834,344 | ---- | M] () -- C:\winzip100.exe


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 20:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 20:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 02:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 02:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 02:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >




OTL Extras logfile created on: 12/19/2009 9:14:58 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\B\Desktop\Debug
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 17.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.88 Gb Total Space | 5.22 Gb Free Space | 18.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BETH
Current User Name: B
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo! Games\Tradewinds\tradewinds.exe" = C:\Program Files\Yahoo! Games\Tradewinds\tradewinds.exe:*:Enabled:tradewinds -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1147657631\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1147657631\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1147657631\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1147657631\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\B\Local Settings\Temp\7zS10.tmp\SymNRT.exe" = C:\Documents and Settings\B\Local Settings\Temp\7zS10.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CB9C12F-AF20-4FF4-BFFA-F4502B9F5F8A}" = Digital Camera Driver
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"ATI Display Driver" = ATI Display Driver
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ™
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2009 2:03:57 PM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 2:03:58 PM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 11:05:17 PM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application ccSvcHst.exe, version 108.1.0.24, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 11:05:17 PM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application ccSvcHst.exe, version 108.1.0.24, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 11:05:18 PM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application ccSvcHst.exe, version 108.1.0.24, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 11:05:22 PM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application ccSvcHst.exe, version 108.1.0.24, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 11:05:23 PM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application ccSvcHst.exe, version 108.1.0.24, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2009 2:15:27 AM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2009 11:08:27 AM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2009 11:08:37 AM | Computer Name = BETH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/19/2009 7:40:56 PM | Computer Name = BETH | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/19/2009 7:41:03 PM | Computer Name = BETH | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 12/19/2009 7:41:04 PM | Computer Name = BETH | Source = Service Control Manager | ID = 7034
Description = The MSSQL$MICROSOFTBCM service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/19/2009 7:46:08 PM | Computer Name = BETH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/19/2009 7:46:08 PM | Computer Name = BETH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/19/2009 7:46:40 PM | Computer Name = BETH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 12/19/2009 8:09:56 PM | Computer Name = BETH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/19/2009 8:09:56 PM | Computer Name = BETH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/19/2009 8:11:13 PM | Computer Name = BETH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 12/20/2009 1:06:50 AM | Computer Name = BETH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP