Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Infected: Tidserv Activity


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I don't see any problems in your logs. How is it running?
  • 0

Advertisements


#17
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
I couldn't get Avast to run so I uninstalled it and reinstalled Norton Security Suite. I tried downloading Adobe Flash and when it tries installing it times out at 13% progress.

Also my computer has brought up blue screen several times when I start it:

A problem has been detected and windows has been shut down to prevent damage to your computer

Technical information:
STOP: 0x0000008E (0xC0000005, 0xB3820AE4, 0x00000000)
win32k.sys - Address BF848B4F base at BF800000, DateStamp 4e661e29

I'm not getting any notices of viruses or keylogging activity anymore.
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#19
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
The newest driver listed in the sigverif log was from 2009.


Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 2:25:27 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/12/2011 1:17:19 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 11/12/2011 1:15:26 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 11/12/2011 1:15:26 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 11/12/2011 1:09:50 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 11/12/2011 1:09:08 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 11/12/2011 1:09:08 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 2:27:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/12/2011 1:26:32 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 11/12/2011 1:25:22 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 11/12/2011 1:23:44 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 11/12/2011 11:52:53 AM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (7468) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 11:52:53 AM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (7480) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 11:52:53 AM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (7488) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~


'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.



Not sure what this is. Download , Save and run Autoruns from:
http://live.sysinter...om/autoruns.exe

Under Services tab you should find an entry for it. What file is it looking for (should be on the far right)? Uncheck it for now.

You can also look for MCSTRM service and uncheck it.

Same for upnphost

Close Autoruns.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

Run Vino's again as before and post the logs.
  • 0

#21
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
I can't find anything about the Security Service Driver, upnphost or MCSTRM service.

Edited by rebross, 11 December 2011 - 03:50 PM.

  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Run Autoruns. File, Save, (Change it to save as .txt), OK. then attach the file to your next reply.
  • 0

#23
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
When I shut down or restart my computer a box comes up "End Program IDVault.exe. This program is not responding." It takes a while for everything to load.

Attached Files


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
The idvault stuff is coming from a service that is not showing up in the regular logs but autoruns found it:

+ "IDVaultSvc" "Constant Guard Protection Suite process monitoring service. " "White Sky, Inc." "c:\program files\constant guard protection suite\idvaultsvc.exe"

Run Autoruns, click on Services and you should see an entry similar to the above. Uncheck it. Close Autoruns.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Run Vino's as before and post the logs.
  • 0

#25
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 9:10:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/12/2011 9:06:53 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 11/12/2011 9:06:05 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 9:37:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/12/2011 9:29:28 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (4064) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:28 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (6108) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:28 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (3704) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (5316) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (4732) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (3236) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (5736) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (3180) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (3292) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (4208) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (5480) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:27 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (6088) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:26 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (4500) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:26 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (6084) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:26 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (1908) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:26 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (5952) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:26 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (6080) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:26 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (5832) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:26 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (1464) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

Log: 'Application' Date/Time: 11/12/2011 9:29:25 PM
Type: error Category: 0
Event: 0 Source: IDVault
IsStrikeForceAlreadyRunning failed Cannot process request because the process (1996) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.OpenProcessHandle() at System.Diagnostics.Process.set_EnableRaisingEvents(Boolean value) at (Object , Boolean ) at ?.?.()

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by rebross, 11 December 2011 - 08:38 PM.

  • 0

Advertisements


#26
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
I'm still unable to reinstall adobe flash player.
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Can you uninstall Constant Guard Protection Suite? Or IDVault? Perhaps Start, All Programs, may have one of them and hopefully an uninstall option.
  • 0

#28
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
I uninstalled Constant Guard Protection through add/remove programs. When Adobe Flash Player tries to install it stops at 13% and says "cannot find reliable source".
Also my computer seems really bogged down and IE and Firefox give me "not responding" quite often. Are there programs I have installed that I really don't need?
Thank you for hanging in and helping me.
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

Run Vino's again as before and post the logs.

Run OTL, Quickscan and post the log.
  • 0

#30
rebross

rebross

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 193 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/12/2011 7:40:17 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/12/2011 7:33:31 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 17/12/2011 7:32:56 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/12/2011 7:25:21 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\OWNER-PC on the network \Device\NetBT_Tcpip_{B81231A3-9E59-4555-81CA-ECD922D241D1}. The data is the error code.



Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/12/2011 7:42:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



OTL logfile created on: 12/17/2011 7:43:27 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kelly Sorber\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.02% Memory free
3.84 Gb Paging File | 3.18 Gb Available in Paging File | 82.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS

Computer Name: STACEY | User Name: Kelly Sorber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 16:34:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly Sorber\Desktop\OTL.exe
PRC - [2011/11/28 10:58:39 | 002,976,200 | ---- | M] (Zemana Ltd.) -- C:\Program Files\AntiLogger\AntiLogger.exe
PRC - [2011/11/14 06:52:06 | 003,437,976 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/02/24 17:49:50 | 000,466,768 | ---- | M] (Acronis) -- C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
PRC - [2011/02/12 06:43:02 | 000,660,576 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/02/12 06:40:50 | 000,365,632 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 11:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/05/25 07:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/05/06 13:40:38 | 000,071,096 | ---- | M] () -- C:\Program Files\StudioLine Photo Classic\NMSAccess32.exe
PRC - [2010/04/07 15:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/04/15 21:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2007/04/15 21:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/04/15 21:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/15 21:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/02/18 23:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/18 23:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/02/01 09:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/01/30 15:32:42 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2007/01/22 11:53:02 | 000,212,992 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1188945143\ee\aolsoftware.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 18:08:13 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/13 18:07:59 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 18:07:47 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2011/10/13 09:27:07 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 09:18:55 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 09:16:20 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 09:16:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/13 09:14:38 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/02/24 17:39:44 | 000,012,128 | ---- | M] () -- C:\Program Files\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2010/09/07 11:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/07/13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/07/13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/07/13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010/07/13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010/07/13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010/07/13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/07/13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010/07/13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010/07/13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010/07/13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010/07/13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010/07/13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010/07/13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010/05/06 13:40:38 | 000,071,096 | ---- | M] () -- C:\Program Files\StudioLine Photo Classic\NMSAccess32.exe
MOD - [2010/04/02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010/04/02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
MOD - [2010/03/05 18:40:57 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\mvusbews.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/09/10 19:36:50 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/01/30 15:31:50 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/01/30 15:30:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2006/02/17 06:18:52 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\OPDSL.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/02/12 06:43:02 | 000,660,576 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/05/06 13:40:38 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\StudioLine Photo Classic\NMSAccess32.exe -- (NMSAccess)
SRV - [2010/04/10 16:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/04/07 15:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2008/05/13 20:21:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/18 23:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/01 09:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/29 21:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)


========== Driver Services (SafeList) ==========

DRV - [2011/12/11 11:23:41 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/10 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111216.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/10 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/10 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/10 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111216.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/09 16:53:28 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111216.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/28 10:58:43 | 000,059,096 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2011/11/23 23:08:44 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111210.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/06 08:14:42 | 000,101,616 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/05 18:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/10/26 08:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/09/08 20:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/08 20:06:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/08/12 18:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/15 21:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 15:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/18 23:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/31 18:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 18:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 18:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 17:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/28 15:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys -- (sonyhcb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070827
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070827

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Kelly Sorber\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Kelly Sorber\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\FireFox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/12/14 16:51:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\FireFox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6 [2011/12/17 19:32:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/01 10:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/17 12:33:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Kelly Sorber\Application Data\Move Networks [2010/05/21 09:45:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Kelly Sorber\Application Data\IDM\idmmzcc5 [2011/12/17 15:29:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Kelly Sorber\Application Data\IDM\idmmzcc5 [2011/12/17 15:29:52 | 000,000,000 | ---D | M]

[2009/12/06 19:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Extensions
[2009/12/06 19:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Extensions\[email protected]
[2010/04/10 17:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Extensions\[email protected]
[2011/11/21 10:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Firefox\Profiles\3q413xbt.default\extensions
[2010/05/19 04:47:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Firefox\Profiles\3q413xbt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/21 10:21:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Firefox\Profiles\3q413xbt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/20 20:18:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Firefox\Profiles\3q413xbt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/09/27 14:12:20 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Firefox\Profiles\3q413xbt.default\searchplugins\aim-search.xml
[2011/12/06 11:38:06 | 000,005,327 | ---- | M] () -- C:\Documents and Settings\Kelly Sorber\Application Data\Mozilla\Firefox\Profiles\3q413xbt.default\searchplugins\snipfiles---free-books-for-everyone.xml
[2011/12/10 16:32:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 11:05:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/12/10 16:32:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/08/31 18:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2011/12/10 11:05:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/01 10:32:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/17 12:33:32 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2009/11/20 16:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/20 16:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/02/24 18:59:26 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/10/02 10:22:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/13 19:02:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/01 10:32:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Kelly Sorber\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/07 23:30:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1188945143\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\System32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] "C:\WINDOWS\system32\rundll32.exe" nvHotkey.dll,Start File not found
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Kelly Sorber\Start Menu\Programs\Startup\StartupFaster [2011/03/13 18:40:02 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemywi...i Installer.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1188950013093 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B81231A3-9E59-4555-81CA-ECD922D241D1}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/12 13:35:32 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/17 15:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Sorber\Application Data\IDM
[2011/12/17 15:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Sorber\Application Data\DMCache
[2011/12/17 15:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Sorber\Start Menu\Programs\Internet Download Manager
[2011/12/17 15:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
[2011/12/17 15:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2011/12/17 15:25:28 | 004,579,720 | ---- | C] (Tonec Inc.) -- C:\Documents and Settings\Kelly Sorber\Desktop\idman607b15.exe
[2011/12/11 15:45:10 | 000,637,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kelly Sorber\Desktop\autoruns.exe
[2011/12/11 13:55:50 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/12/11 13:55:46 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/12/11 13:55:22 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/12/11 13:55:18 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/12/11 13:54:58 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/12/11 13:54:55 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/12/11 13:54:46 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/12/11 13:54:27 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/12/11 13:54:15 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/12/11 13:54:12 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/12/11 13:54:08 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/12/11 13:54:03 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/12/11 13:53:58 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/12/11 13:53:54 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/12/11 13:53:50 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/12/11 13:53:37 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/12/11 13:53:22 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/12/11 13:53:19 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/12/11 13:53:15 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/12/11 13:53:10 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/12/11 13:52:51 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/12/11 13:52:37 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/12/11 13:52:34 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/12/11 13:52:24 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/12/11 13:52:21 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/12/11 13:52:17 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/12/11 13:52:14 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/12/11 13:52:10 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/12/11 13:52:07 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/12/11 13:51:39 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/12/11 13:51:35 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/12/11 13:51:31 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/12/11 13:51:30 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/12/11 13:51:26 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/12/11 13:51:23 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/12/11 13:51:11 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/12/11 13:51:08 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/12/11 13:50:39 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/12/11 13:50:36 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/12/11 13:50:33 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/12/11 13:50:29 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/12/11 13:50:25 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/12/11 13:49:45 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/12/11 13:49:41 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/12/11 13:49:38 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/12/11 13:49:34 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/12/11 13:49:31 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/12/11 13:49:09 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/12/11 13:49:06 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/12/11 13:49:03 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/12/11 13:48:55 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/12/11 13:48:29 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/12/11 13:48:26 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/12/11 13:48:23 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/12/11 13:48:20 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/12/11 13:48:00 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/12/11 13:47:53 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/12/11 13:47:50 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/12/11 13:47:36 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/12/11 13:47:33 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/12/11 13:47:30 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/12/11 13:47:27 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/12/11 13:47:24 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/12/11 13:47:21 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/12/11 13:47:18 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/12/11 13:47:15 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/12/11 13:47:12 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/12/11 13:47:06 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/12/11 13:47:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/12/11 13:47:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/12/11 13:47:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/12/11 13:47:02 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/12/11 13:47:01 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/12/11 13:46:49 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/12/11 13:46:44 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/12/11 13:46:40 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/12/11 13:46:37 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/12/11 13:46:25 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/12/11 13:46:22 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/12/11 13:46:09 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/12/11 13:46:06 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/12/11 13:46:03 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/12/11 13:45:52 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/12/11 13:45:11 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/12/11 13:44:59 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/12/11 13:44:57 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/12/11 13:44:55 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/12/11 13:44:17 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/12/11 13:44:14 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/12/11 13:44:11 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/12/11 13:44:08 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/12/11 13:43:48 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/12/11 13:43:36 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/12/11 13:43:34 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/12/11 13:43:29 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/12/11 13:43:21 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/12/11 13:43:19 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/12/11 13:43:11 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/12/11 13:43:08 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/12/11 13:43:06 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/12/11 13:43:03 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/12/11 13:43:00 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/12/11 13:42:57 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/12/11 13:42:49 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/12/11 13:42:46 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/12/11 13:42:43 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/12/11 13:42:41 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/12/11 13:42:38 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/12/11 13:41:30 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/12/11 13:41:11 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/12/11 13:41:08 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/12/11 13:41:07 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/12/11 13:41:04 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/12/11 13:41:04 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/12/11 13:41:01 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/12/11 13:40:54 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/12/11 13:40:51 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/12/11 13:40:49 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/12/11 13:40:46 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/12/11 13:40:43 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/12/11 13:40:40 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/12/11 13:39:56 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/12/11 13:39:25 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/12/11 13:37:58 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/12/11 13:37:50 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/12/11 13:37:26 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/12/11 13:37:24 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/12/11 13:37:22 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/12/11 13:37:10 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/12/11 13:37:03 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/12/11 13:37:01 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/12/11 13:36:58 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/12/11 13:36:56 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/12/11 13:36:54 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/12/11 13:36:53 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/12/11 13:36:39 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/12/11 13:36:35 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/12/11 13:36:34 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/12/11 13:35:16 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/12/11 13:35:12 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/12/11 13:35:03 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/12/11 13:35:02 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/12/11 13:35:00 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/12/11 13:34:56 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/12/11 13:34:55 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/12/11 13:34:54 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/12/11 13:34:52 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/12/11 13:34:51 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/12/11 13:34:31 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/12/11 13:34:30 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/12/11 13:34:26 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/12/11 13:34:07 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/12/11 13:34:06 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/12/11 13:34:05 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/12/11 13:34:04 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/12/11 13:34:03 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/12/11 13:34:01 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/12/11 13:34:00 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/12/11 13:33:58 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/12/11 13:33:51 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/12/11 13:33:41 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/12/11 13:33:35 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/12/11 13:33:30 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/12/11 13:33:29 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/12/11 13:33:29 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/12/11 13:33:28 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/12/11 13:33:27 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/12/11 13:33:26 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/12/11 13:33:25 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/12/11 13:33:24 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/12/11 13:33:24 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/12/11 13:33:22 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/12/11 13:33:21 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/12/11 13:33:21 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/12/11 13:32:51 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/12/11 13:32:50 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/12/11 13:32:50 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/12/11 13:32:49 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/12/11 13:32:49 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/12/11 13:32:48 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/12/11 13:32:47 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/12/11 13:32:47 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/12/11 13:32:45 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/12/11 13:32:45 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/12/11 13:32:44 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/12/11 13:32:43 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/12/11 13:32:43 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/12/11 13:32:42 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/12/11 13:32:42 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/12/11 13:32:41 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/12/11 13:32:41 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/12/11 13:32:40 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/12/11 13:32:37 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/12/11 13:32:34 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/12/11 13:32:34 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/12/11 13:32:33 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/12/11 13:32:32 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/12/11 13:32:32 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/12/11 13:32:31 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/12/11 13:32:31 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/12/11 13:32:13 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/12/11 13:32:09 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/12/11 13:31:59 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/12/11 13:31:59 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/12/11 13:31:58 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/12/11 13:31:58 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/12/11 13:31:57 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/12/11 13:31:56 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/12/11 13:31:54 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/12/11 13:31:53 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/12/11 13:31:52 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/12/11 13:31:51 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/12/11 13:31:51 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/12/11 11:23:39 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/12/11 11:23:38 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2011/12/11 11:23:38 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/12/11 11:23:38 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/12/11 11:23:37 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/12/11 11:23:37 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2011/12/11 11:23:37 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/12/11 11:23:36 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/12/11 10:05:51 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/11 10:05:51 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/11 10:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/11 10:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/11 10:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2011/12/11 10:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
[2011/12/11 10:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/11 09:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ID Vault
[2011/12/11 09:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\ID Vault
[2011/12/11 08:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\ID Vault
[2011/12/11 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Sorber\Application Data\ID Vault
[2011/12/11 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Constant Guard Protection Suite
[2011/12/11 08:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/12/11 08:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/12/10 16:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/09 18:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/12/09 18:47:36 | 004,755,768 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kelly Sorber\Desktop\procexp.exe
[2011/12/09 18:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Sorber\Desktop\ProcessExplorer
[2011/12/09 12:21:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/12/09 12:21:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/12/08 14:07:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/08 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/08 13:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/08 00:15:20 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Kelly Sorber\Desktop\VEW.exe
[2011/12/07 23:43:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/07 20:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/07 20:38:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/07 20:21:03 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kelly Sorber\Desktop\aswMBR.exe
[2011/12/07 19:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Sorber\Desktop\tdsskiller
[2011/12/07 19:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AntiLogger
[2011/12/07 17:33:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 17:33:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kelly Sorber\Start Menu\Programs\Administrative Tools
[2011/12/07 17:11:41 | 004,331,784 | R--- | C] (Swearware) -- C:\Documents and Settings\Kelly Sorber\Desktop\ComboFix.exe
[2011/12/06 16:34:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly Sorber\Desktop\OTL.exe
[2011/12/06 12:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/06 12:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/06 11:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\SanctionedMedia
[2010/05/24 12:47:20 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kelly Sorber\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/12/17 19:33:31 | 000,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/12/17 19:33:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/17 19:33:01 | 000,037,738 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/17 19:32:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/17 19:31:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/17 19:31:52 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 19:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/17 15:25:28 | 004,579,720 | ---- | M] (Tonec Inc.) -- C:\Documents and Settings\Kelly Sorber\Desktop\idman607b15.exe
[2011/12/17 14:52:05 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/12/14 17:25:53 | 001,712,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 17:08:40 | 000,768,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/14 17:08:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/11 15:45:43 | 000,637,240 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kelly Sorber\Desktop\autoruns.exe
[2011/12/11 14:24:09 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Kelly Sorber\Desktop\VEW.exe
[2011/12/11 13:08:40 | 000,002,066 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2011/12/11 11:23:41 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/11 11:23:41 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/11 11:23:41 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/11 11:23:41 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/11 10:43:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/11 09:18:19 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\Kelly Sorber\Desktop\Norton Installation Files.lnk
[2011/12/11 08:40:39 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/09 18:56:57 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/12/07 23:30:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/07 20:53:27 | 000,117,964 | ---- | M] () -- C:\Documents and Settings\Kelly Sorber\Desktop\DiskManagement.JPG
[2011/12/07 20:38:38 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/07 20:23:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kelly Sorber\Desktop\MBR.dat
[2011/12/07 20:21:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kelly Sorber\Desktop\aswMBR.exe
[2011/12/07 19:46:56 | 000,034,704 | ---- | M] () -- C:\WINDOWS\syscall.dat
[2011/12/07 17:11:41 | 004,331,784 | R--- | M] (Swearware) -- C:\Documents and Settings\Kelly Sorber\Desktop\ComboFix.exe
[2011/12/06 16:34:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly Sorber\Desktop\OTL.exe
[2011/12/03 21:04:25 | 000,087,169 | ---- | M] () -- C:\Documents and Settings\Kelly Sorber\Desktop\jerk.jpg
[2011/12/02 12:15:40 | 004,755,768 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kelly Sorber\Desktop\procexp.exe
[2011/11/25 13:24:39 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/25 13:24:39 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/11 13:55:45 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/12/11 13:55:41 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/12/11 13:40:36 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/12/11 13:39:34 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/12/11 13:37:56 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/12/11 13:37:52 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/12/11 13:37:47 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/12/11 13:37:43 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/12/11 13:37:38 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/12/11 13:37:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/12/11 13:34:59 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/12/11 13:34:58 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/12/11 13:34:57 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/12/11 13:32:26 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/12/11 13:32:26 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/12/11 13:32:25 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/12/11 13:32:24 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/12/11 13:32:24 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/12/11 13:32:23 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/12/11 13:32:23 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/12/11 13:32:22 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/12/11 13:32:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/12/11 13:32:17 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/12/11 13:08:40 | 000,002,066 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2011/12/11 11:23:38 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/12/11 11:23:38 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2011/12/11 11:23:38 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/12/11 11:23:38 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2011/12/11 11:23:37 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2011/12/11 11:23:37 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/12/11 11:23:37 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/12/11 11:23:37 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2011/12/11 11:23:37 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2011/12/11 11:23:37 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/12/11 11:23:37 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/12/11 11:23:36 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/12/11 11:23:36 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2011/12/11 11:22:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2011/12/11 11:22:43 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/12/11 10:05:51 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/11 10:05:51 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/10 16:24:59 | 2145,353,728 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/09 18:56:57 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/12/09 12:23:50 | 000,768,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/07 20:53:26 | 000,117,964 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Desktop\DiskManagement.JPG
[2011/12/07 20:38:38 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/07 20:23:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Desktop\MBR.dat
[2011/12/03 21:04:25 | 000,087,169 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Desktop\jerk.jpg
[2011/06/27 20:27:25 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2011/05/19 19:36:52 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/19 19:31:50 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/13 19:40:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2011/03/05 21:50:50 | 000,974,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/30 20:14:51 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/01/30 20:14:50 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/01/30 20:14:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/01/30 18:52:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011/01/30 18:51:47 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011/01/24 00:05:17 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2011/01/24 00:05:13 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2011/01/19 17:28:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2011/01/09 12:32:28 | 000,147,831 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2011/01/09 12:32:27 | 000,000,504 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/12/22 15:19:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/22 12:51:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/22 12:51:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/22 12:51:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/22 12:51:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/22 12:51:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/06 11:55:16 | 000,000,768 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/05/24 12:47:20 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Application Data\pcouffin.cat
[2010/05/24 12:47:20 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Application Data\pcouffin.inf
[2010/05/23 14:06:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/05/19 12:50:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/19 12:50:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/27 18:40:02 | 000,000,086 | ---- | C] () -- C:\WINDOWS\winthsys0906.ini
[2010/03/25 17:32:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/29 16:53:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/12/27 17:10:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/12/27 16:55:36 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/11/27 16:17:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/20 14:54:25 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\fusioncache.dat
[2009/10/18 18:29:09 | 000,080,498 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2009/10/18 18:29:09 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2009/09/27 14:18:38 | 000,158,997 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/09/21 16:29:54 | 002,756,608 | ---- | C] () -- C:\WINDOWS\System32\NETw5r32.dll
[2009/09/20 11:01:19 | 000,000,288 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/09/20 10:44:15 | 000,000,067 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/18 07:16:52 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\rx_audio.Cache
[2009/04/01 10:48:16 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2008/12/29 03:33:41 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Application Data\mcs.rma
[2008/12/29 03:33:41 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Application Data\23F161
[2008/11/16 16:53:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/10/28 19:08:22 | 000,000,365 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/07/19 18:24:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/04/22 20:53:28 | 000,105,876 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/24 17:51:45 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\keyfile3.drm
[2008/02/26 17:02:05 | 000,130,971 | ---- | C] () -- C:\WINDOWS\hpoins12.dat.temp
[2008/02/26 17:02:05 | 000,001,470 | ---- | C] () -- C:\WINDOWS\hpomdl12.dat.temp
[2008/01/06 22:59:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/10/24 22:17:16 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/10/01 19:12:19 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/09/20 13:03:28 | 000,130,958 | ---- | C] () -- C:\WINDOWS\hpoins12.dat
[2007/09/20 13:03:28 | 000,001,470 | ---- | C] () -- C:\WINDOWS\hpomdl12.dat
[2007/09/10 16:13:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/09/05 15:19:16 | 000,001,287 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/04 18:40:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/09/04 18:10:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/09/04 13:15:02 | 000,219,136 | ---- | C] () -- C:\Documents and Settings\Kelly Sorber\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/04 13:11:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/27 23:18:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/27 23:15:10 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/08/27 23:15:10 | 000,000,938 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/27 23:10:55 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2007/08/27 23:09:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2007/08/27 23:05:51 | 001,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/08/27 23:04:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/08/27 23:04:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/08/27 22:43:03 | 000,037,738 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/08/27 22:39:20 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/08/27 22:39:20 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/27 22:39:19 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/27 22:39:19 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/08/27 22:39:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/27 22:39:18 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/08/27 22:39:18 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/08/27 22:39:16 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/08/27 22:39:15 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/08/27 22:38:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/08/27 22:37:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/31 20:16:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/01/31 20:11:14 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\OEM_Resources.dll
[2007/01/31 20:08:44 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/01/31 20:08:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/01/31 20:08:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/01/31 20:08:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/01/31 20:08:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/01/31 20:08:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/01/31 20:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/01/31 20:07:42 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/01/31 20:07:34 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/01/31 20:07:24 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/01/31 13:09:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/01/31 13:09:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/01/31 13:09:06 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/01/31 13:08:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/01/31 13:08:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/01/31 13:08:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/01/31 13:07:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/01/31 13:07:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/01/31 13:07:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/01/31 13:06:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/01/30 15:31:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/01/30 15:30:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/01/02 09:14:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 11:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 001,712,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/04/23 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4Media
[2011/04/11 20:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/02/28 16:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/09/26 21:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/02/28 18:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2011/12/11 08:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/09/20 11:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigiData
[2010/11/04 17:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/03/04 13:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/06/07 20:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2011/02/28 15:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\H&M System Software
[2011/12/11 08:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/02/09 09:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/12/08 19:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/07/11 14:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/08/27 23:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/29 16:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/05/04 06:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/01/06 22:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/11/08 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/06 19:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/03/14 23:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/25 00:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/08/27 23:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/09/20 11:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2011/12/11 08:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2009/09/20 11:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wi-Fi Connect
[2009/09/20 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WiFiTemp
[2011/02/28 22:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/05/07 20:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSS
[2009/03/13 13:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 08:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/04 15:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/23 22:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\4Media
[2011/02/28 16:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Ashampoo
[2011/03/13 20:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Avanquest
[2010/12/17 09:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\BatteryCare
[2010/11/03 19:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Blitware
[2011/01/11 21:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Catalina Marketing Corp
[2009/08/10 17:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Comcast
[2011/04/24 12:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Digiarty
[2009/09/20 11:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\DigiData
[2011/12/17 19:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\DMCache
[2011/10/05 14:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\FrostWire
[2011/06/07 20:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Genie-Soft
[2010/06/18 06:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\gtk-2.0
[2011/12/17 14:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\ID Vault
[2011/12/17 16:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\IDM
[2011/01/12 19:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Image Zone Express
[2010/06/18 06:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Inkscape
[2010/05/20 20:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Megaupload
[2011/03/25 21:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\NeoDownloader
[2011/10/02 15:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Opera
[2011/01/12 19:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Printer Info Cache
[2011/03/04 12:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Research In Motion
[2011/04/20 17:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Rovio
[2008/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\ScanSoft
[2010/01/03 22:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Smartsims
[2007/09/10 16:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Smith Micro
[2011/10/01 12:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Tific
[2009/12/06 19:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\TomTom
[2010/02/17 16:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Uniblue
[2011/03/13 18:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\URSoft
[2010/11/04 16:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\uTorrent
[2010/11/08 08:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Vso
[2011/12/15 22:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Wave Systems Corp
[2011/02/28 22:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\WindSolutions
[2010/03/11 14:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\WinPatrol
[2011/02/16 15:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Sorber\Application Data\Xilisoft Corporation
[2010/07/14 14:43:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2010/12/22 14:52:33 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/12/17 14:52:05 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/01/11 14:52:07 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kelly Sorber\My Documents\kellyresume.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kelly Sorber\My Documents\coastal carolina.JPG:Roxio EMC Stream

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP