Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirect and windows internet security [Solved]

Started by mcfly_junior_88 , May 04 2010 09:13 PM

  • This topic is locked This topic is locked

#1
mcfly_junior_88
Posted 04 May 2010 - 09:13 PM

mcfly_junior_88

    New Member

  • Member
  • Pip
  • 9 posts
Hi, I'm new to geekstogo and I'm hoping you can help me out with my system issues. I've already followed the steps in the Malware and Spyware Cleanup Guide. Had a very hard time finding a MBAM .exe that I could access, as the redirect bug blocked the links to it from your site and mirror sites. Anyway, I finally was able to run through the guide and have all the logs requested to paste here.

My first issue is the google redirect problem where I click on a link in a google search and it directs me to some other site (which temporarily appears to be fixed after running through your Guide). My second issue is a Windows Internet Security window that pops up randomly when I go to various websites (popped up just now when I went to my bookmark for this site). Currently, my Windows update manager is unable to retrieve security updates, tho it tries like heck to do it every day.

I'm on a Dell Inspiron 1545 and am running Windows7. It's bubblegum pink, if that matters... :)

Here are my MBAM, GMER, and both OTL logs, in that order:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4066

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/4/2010 4:32:41 PM
mbam-log-2010-05-04 (16-32-41).txt

Scan type: Quick scan
Objects scanned: 130487
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6cf08d06-5527-49ec-bbd6-b603bca57a56}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\aOXnINgPG.dll (Rogue.VirusProtector) -> Quarantined and deleted successfully.


------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-04 20:31:43
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\McFly\AppData\Local\Temp\kwryquow.sys


---- System - GMER 1.0.15 ----

SSDT 875C8450 ZwAlertResumeThread
SSDT 87589448 ZwAlertThread
SSDT 87569220 ZwAllocateVirtualMemory
SSDT 87534F50 ZwAlpcConnectPort
SSDT 875D99C8 ZwAssignProcessToJobObject
SSDT 875B0890 ZwCreateMutant
SSDT 875DC9C0 ZwCreateSymbolicLinkObject
SSDT 875679C8 ZwCreateThread
SSDT 875DB218 ZwCreateThreadEx
SSDT 875DAFD0 ZwDebugActiveProcess
SSDT 875693F0 ZwDuplicateObject
SSDT 8754CFC0 ZwFreeVirtualMemory
SSDT 875C8618 ZwImpersonateAnonymousToken
SSDT 875C8710 ZwImpersonateThread
SSDT 87504440 ZwLoadDriver
SSDT 8754CEE0 ZwMapViewOfSection
SSDT 875C8920 ZwOpenEvent
SSDT 8756A1D8 ZwOpenProcess
SSDT 87569310 ZwOpenProcessToken
SSDT 875D8068 ZwOpenSection
SSDT 8756A0E8 ZwOpenThread
SSDT 861DDE08 ZwProtectVirtualMemory
SSDT 87555430 ZwResumeThread
SSDT 8754CC50 ZwSetContextThread
SSDT 8754CD30 ZwSetInformationProcess
SSDT 875D9410 ZwSetSystemInformation
SSDT 875C9450 ZwSuspendProcess
SSDT 8752FF08 ZwSuspendThread
SSDT 8756A330 ZwTerminateProcess
SSDT 8756AE30 ZwTerminateThread
SSDT 8754CE20 ZwUnmapViewOfSection
SSDT 87569130 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E20AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E20104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E203F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E08634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E08898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E201DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E20958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E206F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E20F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E211A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E805C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA5052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 254 82EAC854 8 Bytes [50, 84, 5C, 87, 48, 94, 58, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 26C 82EAC86C 4 Bytes [20, 92, 56, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 278 82EAC878 4 Bytes [50, 4F, 53, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 2CC 82EAC8CC 4 Bytes [C8, 99, 5D, 87] {ENTER 0x5d99, 0x87}
.text ntkrnlpa.exe!RtlSidHashLookup + 348 82EAC948 4 Bytes [90, 08, 5B, 87] {NOP ; OR [EBX-0x79], BL}
.text ...
.text peauth.sys B2B53C9D 28 Bytes [C4, FF, 73, F8, B0, 75, 04, ...]
.text peauth.sys B2B53CC1 28 Bytes [C4, FF, 73, F8, B0, 75, 04, ...]
PAGE peauth.sys B2B59B9B 20 Bytes [09, 0A, AA, F9, 07, 3A, 2C, ...]
PAGE peauth.sys B2B59BB0 51 Bytes [F9, CF, 76, 8E, D0, 20, 1D, ...]
PAGE peauth.sys B2B59BEC 111 Bytes [D9, B9, 81, F2, 12, AA, A6, ...]
PAGE ...

---- EOF - GMER 1.0.15 ----


-------------------------------------------

OTL logfile created on: 5/4/2010 8:34:18 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\McFly\Desktop\Malware Spyware Cleaning
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 181.69 Gb Free Space | 64.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 7.41 Gb Free Space | 50.61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCFLYDELL-PC
Current User Name: McFly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/04 16:21:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\McFly\Desktop\Malware Spyware Cleaning\OTL.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/22 03:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/23 09:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\SMINST\SftService.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/30 00:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/09 12:06:32 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 17:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/14 23:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\stacsv.exe
PRC - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\AEstSrv.exe
PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/09/04 00:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/04 00:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/09/04 00:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/09/04 00:29:10 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/21 13:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2007/09/14 13:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/04 16:21:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\McFly\Desktop\Malware Spyware Cleaning\OTL.exe
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/01/09 12:06:10 | 000,101,456 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 04:01:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/22 03:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/23 09:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\WINDOWS\SMINST\sftservice.EXE -- (SftService)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 17:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\stacsv.exe -- (STacSV)
SRV - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/21 13:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 13:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/04/19 11:46:30 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/04/19 11:46:30 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/28 17:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/09/10 18:23:41 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/29 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/29 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/22 03:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 03:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 03:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 03:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 03:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 03:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 03:14:09 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 03:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 03:13:59 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 16:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/12/14 23:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/08 00:32:50 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/09/04 00:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/03 03:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 03:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/06/17 11:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/05/07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/25 12:59:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 09:28:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 09:28:25 | 000,000,000 | ---D | M]

[2010/04/15 17:33:23 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\Mozilla\Extensions
[2010/05/04 16:04:05 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\Mozilla\Firefox\Profiles\n1zkk9n6.default\extensions
[2010/04/19 20:32:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\McFly\AppData\Roaming\Mozilla\Firefox\Profiles\n1zkk9n6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 16:56:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/29 17:11:24 | 000,001,199 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\McFly\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\McFly\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 21:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/04 16:24:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/04 16:24:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/04 16:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 15:53:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/04 15:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/04 15:41:16 | 000,000,000 | ---D | C] -- C:\Users\McFly\Desktop\Malware Spyware Cleaning
[2010/04/28 09:26:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/19 18:01:52 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\Symantec
[2010/04/19 16:08:45 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\Dell
[2010/04/19 14:47:13 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\ElevatedDiagnostics
[2010/04/18 15:06:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/15 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Roaming\Mozilla
[2010/04/12 21:17:26 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\Yahoo!
[2010/04/10 09:49:06 | 000,000,000 | ---D | C] -- C:\Users\McFly\Documents\Bob's Crafts
[2010/04/05 21:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2010/04/01 17:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/01 17:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/06 20:23:54 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2010/03/06 20:23:54 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2010/03/06 20:23:54 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2010/03/06 20:23:54 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2010/03/06 20:23:54 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2010/03/06 20:23:53 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2010/03/06 20:23:53 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2010/03/06 20:23:53 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2010/03/06 20:23:52 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Roaming\FreeAudioPack
[2010/03/06 20:08:11 | 000,000,000 | ---D | C] -- C:\Users\McFly\Desktop\mp3 songs
[2010/02/25 04:01:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/02/06 15:36:25 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Roaming\Facebook

========== Files - Modified Within 90 Days ==========

[2010/05/04 20:36:08 | 004,194,304 | -HS- | M] () -- C:\Users\McFly\ntuser.dat
[2010/05/04 20:02:38 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 20:02:38 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 20:00:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/04 16:55:36 | 000,000,439 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/05/04 16:55:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/04 16:54:36 | 426,082,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/04 16:54:27 | 2788,970,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/04 16:34:19 | 001,783,462 | -H-- | M] () -- C:\Users\McFly\AppData\Local\IconCache.db
[2010/05/04 16:24:46 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 15:53:13 | 000,000,856 | ---- | M] () -- C:\Users\McFly\Desktop\NTREGOPT.lnk
[2010/05/04 15:53:13 | 000,000,837 | ---- | M] () -- C:\Users\McFly\Desktop\ERUNT.lnk
[2010/05/03 18:16:06 | 000,928,674 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/05/03 09:25:10 | 000,170,195 | ---- | M] () -- C:\Users\McFly\Desktop\packet 3.zip
[2010/05/03 09:15:06 | 000,185,163 | ---- | M] () -- C:\Users\McFly\Desktop\packet 2.zip
[2010/05/03 09:12:16 | 001,847,544 | ---- | M] () -- C:\Users\McFly\Desktop\packet 1.zip
[2010/05/01 22:00:29 | 000,090,485 | ---- | M] () -- C:\Users\McFly\Documents\John and Stephanie Wedding Gift.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 09:28:28 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/26 11:54:29 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/26 11:54:29 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/26 11:54:29 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/25 12:56:56 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/23 13:09:50 | 000,524,288 | -HS- | M] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TMContainer00000000000000000002.regtrans-ms
[2010/04/23 13:09:50 | 000,524,288 | -HS- | M] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TMContainer00000000000000000001.regtrans-ms
[2010/04/23 13:09:50 | 000,065,536 | -HS- | M] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TM.blf
[2010/04/18 14:47:10 | 000,187,956 | ---- | M] () -- C:\Users\McFly\Documents\bookmarks.html
[2010/04/12 20:38:50 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/12 20:37:20 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/12 20:31:10 | 000,284,504 | ---- | M] () -- C:\Users\McFly\Documents\LEGO Indiana Jones 2 Walkthrough and FAQ.docx
[2010/04/06 09:44:06 | 000,337,241 | ---- | M] () -- C:\Users\McFly\Documents\Lego Star Wars.docx
[2010/04/06 09:33:27 | 000,380,790 | ---- | M] () -- C:\Users\McFly\Documents\Firefox Password List.pptx
[2010/04/05 13:25:01 | 000,080,457 | ---- | M] () -- C:\Users\McFly\Documents\Lego Star Wars Canisters and Power Bricks.docx
[2010/04/04 19:48:10 | 000,043,748 | ---- | M] () -- C:\Users\McFly\Documents\Lego Star Wars Blue Canister Challenges.docx
[2010/04/01 14:28:15 | 000,002,534 | ---- | M] () -- C:\Users\McFly\Documents\farmville id number.rtf
[2010/02/25 00:18:04 | 000,009,906 | ---- | M] () -- C:\Users\McFly\Documents\AZ Drive Money Tracker.xlsx
[2010/02/21 15:06:47 | 000,061,002 | ---- | M] () -- C:\Users\McFly\Documents\ColdStoneCouponAlex.pdf
[2010/02/06 10:10:54 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

========== Files Created - No Company Name ==========

[2010/05/04 16:24:46 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 16:20:28 | 000,293,376 | ---- | C] () -- C:\Users\McFly\Desktop\gmer.exe
[2010/05/04 15:53:13 | 000,000,856 | ---- | C] () -- C:\Users\McFly\Desktop\NTREGOPT.lnk
[2010/05/04 15:53:13 | 000,000,837 | ---- | C] () -- C:\Users\McFly\Desktop\ERUNT.lnk
[2010/05/03 09:25:10 | 000,170,195 | ---- | C] () -- C:\Users\McFly\Desktop\packet 3.zip
[2010/05/03 09:15:06 | 000,185,163 | ---- | C] () -- C:\Users\McFly\Desktop\packet 2.zip
[2010/05/03 09:12:15 | 001,847,544 | ---- | C] () -- C:\Users\McFly\Desktop\packet 1.zip
[2010/05/01 22:00:08 | 000,090,485 | ---- | C] () -- C:\Users\McFly\Documents\John and Stephanie Wedding Gift.pdf
[2010/04/28 09:28:28 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/19 18:01:48 | 000,524,288 | -HS- | C] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TMContainer00000000000000000002.regtrans-ms
[2010/04/19 18:01:48 | 000,524,288 | -HS- | C] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TMContainer00000000000000000001.regtrans-ms
[2010/04/19 18:01:48 | 000,065,536 | -HS- | C] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TM.blf
[2010/04/18 14:47:10 | 000,187,956 | ---- | C] () -- C:\Users\McFly\Documents\bookmarks.html
[2010/04/12 20:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/12 20:37:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/06 09:33:25 | 000,380,790 | ---- | C] () -- C:\Users\McFly\Documents\Firefox Password List.pptx
[2010/04/05 17:33:37 | 000,284,504 | ---- | C] () -- C:\Users\McFly\Documents\LEGO Indiana Jones 2 Walkthrough and FAQ.docx
[2010/04/04 19:48:10 | 000,043,748 | ---- | C] () -- C:\Users\McFly\Documents\Lego Star Wars Blue Canister Challenges.docx
[2010/04/04 19:46:05 | 000,080,457 | ---- | C] () -- C:\Users\McFly\Documents\Lego Star Wars Canisters and Power Bricks.docx
[2010/03/26 14:15:55 | 000,002,534 | ---- | C] () -- C:\Users\McFly\Documents\farmville id number.rtf
[2010/03/11 13:25:48 | 000,337,241 | ---- | C] () -- C:\Users\McFly\Documents\Lego Star Wars.docx
[2010/03/06 20:23:54 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2010/02/24 23:50:59 | 000,009,906 | ---- | C] () -- C:\Users\McFly\Documents\AZ Drive Money Tracker.xlsx
[2010/02/21 15:06:03 | 000,061,002 | ---- | C] () -- C:\Users\McFly\Documents\ColdStoneCouponAlex.pdf
[2009/10/04 16:46:29 | 000,001,521 | ---- | C] () -- C:\Windows\disney.ini
[2009/09/21 01:15:44 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/21 01:15:44 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\622CD8EFAD.sys
[2009/09/17 08:45:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/16 07:05:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/16 07:05:08 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/16 07:05:08 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/16 07:05:08 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/16 07:05:08 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/16 07:05:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/16 07:05:08 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/16 07:05:08 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/16 07:05:08 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/16 07:05:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/16 07:05:08 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/16 07:05:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/16 07:05:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/16 07:05:08 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/16 07:05:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/16 07:05:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/16 07:05:08 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/16 07:05:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/16 07:05:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/16 07:05:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/16 07:05:07 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/16 07:05:05 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/16 07:05:04 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2008/08/05 01:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll

========== LOP Check ==========

[2009/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\Azureus
[2009/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\CVS
[2010/03/31 10:56:17 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\Facebook
[2010/03/06 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\FreeAudioPack
[2009/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\GARMIN
[2009/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\LEGO Company
[2010/04/19 20:37:02 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\PDF reDirect
[2009/06/27 19:25:59 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\PeerNetworking
[2009/07/13 23:53:46 | 000,015,118 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/06 18:37:43 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/16 09:25:11 | 000,003,584 | RH-- | M] () -- C:\dell.sdr
[2010/05/04 16:54:27 | 2788,970,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/04 16:54:36 | 3718,631,424 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


----------------------------------


OTL Extras logfile created on: 5/4/2010 8:34:18 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\McFly\Desktop\Malware Spyware Cleaning
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 181.69 Gb Free Space | 64.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 7.41 Gb Free Space | 50.61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCFLYDELL-PC
Current User Name: McFly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A435B708-FACA-4740-92ED-03CE0A16D2F0}" = Disneys Digital Coloring Book Featuring Little Mermaid
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Ask Toolbar_is1" = Vuze Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"doPDF 6 printer_is1" = doPDF 6.2 printer
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"N360" = Norton 360
"New LEGO Digital Designer" = LEGO Digital Designer
"PDF reDirect" = PDF reDirect (remove only)
"U.B. Funkeys" = U.B. Funkeys
"Vuze" = Vuze
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 05 May 2010 - 05:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
mcfly_junior_88
Posted 05 May 2010 - 07:48 AM

mcfly_junior_88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 10-05-04.06 - McFly 05/05/2010 8:31.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3546.2441 [GMT -5:00]
Running from: c:\users\McFly\Desktop\Malware Spyware Cleaning\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-04 21:36 . 2010-02-02 01:20 165240 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-05-04 21:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 21:24 . 2010-05-04 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 21:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 20:53 . 2010-05-04 20:53 -------- d-----w- c:\program files\ERUNT
2010-05-04 19:36 . 2010-04-19 16:46 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\NAVENG.SYS
2010-05-04 19:36 . 2010-04-19 16:46 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\NAVENG32.DLL
2010-05-04 19:36 . 2010-04-19 16:46 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\NAVEX32A.DLL
2010-05-04 19:36 . 2010-04-19 16:46 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\NAVEX15.SYS
2010-05-04 19:36 . 2010-04-19 16:46 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\ERASER.SYS
2010-05-04 19:36 . 2010-04-19 16:46 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\EECTRL.SYS
2010-05-04 19:36 . 2010-04-19 16:46 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\CCERASER.DLL
2010-05-04 19:36 . 2010-04-19 16:46 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100504.004\ECMSVR32.DLL
2010-05-03 20:36 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSvix86.sys
2010-05-03 20:36 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\Scxpx86.dll
2010-05-03 20:36 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSxpx86.dll
2010-05-03 20:36 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSviA64.sys
2010-05-03 20:36 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSXpx86.sys
2010-04-26 21:52 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys
2010-04-26 21:52 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys
2010-04-26 21:52 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\Scxpx86.dll
2010-04-26 21:52 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSxpx86.dll
2010-04-26 21:52 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSviA64.sys
2010-04-25 17:59 . 2010-02-12 23:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-04-19 23:01 . 2010-04-19 23:01 -------- d-----w- c:\users\McFly\AppData\Local\Symantec
2010-04-19 21:08 . 2010-04-19 21:08 -------- d-----w- c:\users\McFly\AppData\Local\Dell
2010-04-19 19:47 . 2010-04-23 18:04 -------- d-----w- c:\users\McFly\AppData\Local\ElevatedDiagnostics
2010-04-13 02:17 . 2010-04-20 01:35 -------- d-----w- c:\users\McFly\AppData\Local\Yahoo!
2010-04-13 01:38 . 2010-04-13 01:38 0 ----a-w- c:\windows\nsreg.dat
2010-04-13 01:37 . 2010-04-13 01:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-06 02:45 . 2010-04-06 02:45 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-04-06 02:36 . 2010-04-06 02:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-05 22:30 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSvix86.sys
2010-04-05 22:30 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
2010-04-05 22:30 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\Scxpx86.dll
2010-04-05 22:30 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
2010-04-05 22:30 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 13:38 . 2009-09-14 20:36 -------- d-----w- c:\users\McFly\AppData\Roaming\Skype
2010-05-05 13:12 . 2009-09-14 20:38 -------- d-----w- c:\users\McFly\AppData\Roaming\skypePM
2010-04-20 01:37 . 2009-07-06 23:36 -------- d-----w- c:\users\McFly\AppData\Roaming\PDF reDirect
2010-04-20 01:36 . 2009-09-14 20:36 -------- d-----r- c:\program files\Skype
2010-04-20 01:36 . 2009-12-10 15:03 -------- d-----w- c:\program files\iTunes
2010-04-20 01:36 . 2009-12-06 20:28 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-04-20 01:36 . 2009-09-17 14:22 -------- d-----w- c:\program files\Bonjour
2010-04-20 01:36 . 2009-06-14 01:36 -------- d-----w- c:\program files\Apple Software Update
2010-04-20 01:36 . 2009-05-16 12:06 -------- d-----w- c:\program files\Dell Remote Access
2010-04-20 01:36 . 2009-05-16 11:52 -------- d-----w- c:\program files\Dell Video Chat
2010-04-20 01:36 . 2009-05-16 11:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-20 01:35 . 2009-05-16 12:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-08 20:55 . 2009-05-16 11:49 -------- d-----w- c:\program files\Dell Webcam
2010-04-01 22:59 . 2010-04-01 22:59 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 22:58 . 2009-05-16 11:45 -------- d-----w- c:\program files\Java
2010-04-01 22:56 . 2009-05-16 11:59 -------- d-----w- c:\programdata\WildTangent
2010-03-31 15:56 . 2010-02-06 20:36 50354 ----a-w- c:\users\McFly\AppData\Roaming\Facebook\uninstall.exe
2010-03-31 15:56 . 2010-02-06 20:36 -------- d-----w- c:\users\McFly\AppData\Roaming\Facebook
2010-03-10 09:06 . 2009-06-03 02:04 -------- d-----w- c:\programdata\Microsoft Help
2010-03-07 01:23 . 2010-03-07 01:23 -------- d-----w- c:\users\McFly\AppData\Roaming\FreeAudioPack
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\McFly\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-09-21 06:15 . 2009-09-21 06:15 8 --sha-r- c:\windows\System32\622CD8EFAD.sys
2009-09-27 03:59 . 2009-09-21 06:15 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 23:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms [2008-11-04 22904]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100429.001\IDSvix86.sys [2009-10-28 343088]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\aestsrv.exe [2008-12-15 81920]
S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 SftService;SoftThinks Agent Service;c:\windows\SMINST\sftservice.EXE [2009-02-23 632048]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-09-03 144672]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-09-03 269216]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\McFly\AppData\Roaming\Mozilla\Firefox\Profiles\n1zkk9n6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\McFly\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\McFly\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\McFly\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\program files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2978442559-573188213-4027773216-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)

[HKEY_USERS\S-1-5-21-2978442559-573188213-4027773216-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{708A9F77-BC85-4A4B-AA0E-BDF55839A360}"=""
"{CD24B236-FC9F-447A-89A1-EFB963E8BC8F}"=""
"{7327C335-B6B1-4308-B83C-3CDDE5B2DED3}"=""
"{CC34A0F6-ADFF-4A22-8345-8719989ABBAD}"=""
"{E50D44FD-28A8-498A-83C7-80EBC476D819}"=""
"{4CFC9345-4781-44E1-824B-E78B3D58CDD1}"=""
"{3C67D820-34F7-4C3B-ACD8-ED8B09B28F2B}"=""
"{47BF3DF4-3639-43CB-81B0-9C8EF50AF77F}"=""
"{23873957-B339-466B-9774-FCF2F6CEFB73}"=""
"{252AEE32-742C-4743-B4C4-1B10627F27D2}"=""
"{8A72FE2E-BF22-467C-8EBB-84974984CEDE}"=""
"{FE53BECA-EE63-407F-B757-7828B0602C81}"=""
"{3BB8414B-9C38-4E0E-AD28-BED2F734183B}"=""
"{FFD581F6-CEDE-4868-8CFE-839B3072632B}"=""
"{9C523380-45D7-4ED9-B98F-4EA3CADB0E23}"=""
"{0822B11A-BC08-4FE5-9F09-92300635B7F6}"=""
"{C12C5454-1B41-4C34-8DA9-93B443510F5A}"=""
"{2A02BFC5-EE24-49B6-A63C-5E8018989800}"=""
"{E9E4F920-D5E9-43CB-BDE3-CAAFD1790302}"=""
"{6626C088-CEF9-48B8-AE7A-550E62DC6CA3}"=""
"{3E5958D0-003B-4361-A9C6-A5145CCE4649}"=""
"{CDEB3B63-7ABC-4F29-AFBB-F2F138CB83F6}"=""
"{95581682-1ED3-40B8-A26E-FA81B7311298}"=""
"{13D25E31-DC2B-4225-9463-54BBA52DC90B}"=""
"{F3869189-DA26-41AA-8197-F2CD38018EC9}"=""
"{E9B759AD-2B22-4850-847D-A43603D115F6}"=""
"{19DBBE03-1783-4893-A376-C473FD43FDF0}"=""
"{5118255B-8C64-428D-9138-8FDD97935E1C}"=""
"{1D676137-9923-4A7F-970D-9A7A379B9A9B}"=""
"{0BB6DC7E-B26B-4705-94F9-069077A9BDF4}"=""
"{0F676F83-E991-4850-A232-95DF75E81648}"=""
"{523AF0D5-4417-4A1A-BFF3-20EC06A70817}"=""
"{00E2777A-3D76-4183-9224-60D931F26835}"=""
"{8CB3F91D-7C00-47BB-AE01-C62AD45FE989}"=""
"{DE9FFC9E-98E2-4BE1-882E-DE243CC4A67D}"=""
"{9C6460C2-912F-47F0-9A02-E776D2DBC49B}"=""
"{723B2792-F449-420E-BB98-510628F58A32}"=""
"{E1776CFD-0F81-4CBE-A3A6-5E9226E0CB38}"=""
"{CAD4CF2A-D03C-446D-B680-D30F70C9D33C}"=""
"{35FFA1EF-6248-4E18-BB47-84F10009DAB3}"=""
"{803EE30A-A774-4C2E-8A41-B85AF38FEAC0}"=""
"{13099A61-D123-426F-BEDF-55D5167BCED0}"=""
"{C44F45E1-1DB9-45CF-817C-A209D504479A}"=""
"{95B04C63-88CE-42B9-AEE5-B907B8CE580A}"=""
"{FB440827-838F-4B13-AED1-B3FA4D510B92}"=""
"{9FED4667-C381-4024-A19B-08E899E085D1}"=""
"{3952F951-8632-412D-B9E4-F91243900631}"=""
"{36C82BB0-CAED-4CF2-9968-9E2F21309A90}"=""
"{340B6700-ABAA-480B-84F4-BA05B1A92C96}"=""
"{8EE9FF04-1911-469F-8587-49AC335F17A5}"=""
"{348BC4FF-B3A7-464A-97EF-FEF6E0CF480E}"=""
"{CFA41681-FCFF-4CC2-A0C5-E793F149B5CF}"=""
"{3B05643E-68F8-4D40-8451-AAB8E7B8B122}"=""
"{A7B005CA-2540-4200-9D84-E456317AC99C}"=""
"{93217E73-CB44-474B-B0F6-165F5C5C1F7E}"=""
"{F34E46E9-EABF-4654-86D6-87A1A9AF3141}"=""
"{C613477F-8DD7-4DCC-8D39-698C5D0C788A}"=""
"{BDBB717F-6528-45DF-9949-BF81BD738AAD}"=""
"{6A445F16-E54D-4C1C-888F-90B79A7C885B}"=""
"{3F95C0D8-709A-4D38-92D1-D660E464AF70}"=""
"{88964E06-EA19-495F-9BE8-4694B7E47910}"=""
"{9CCD084C-5B7A-47A9-8189-AC2FC5A5C298}"=""
"{E451AA55-947C-4657-A04A-A0500679DCE1}"=""
"{41DBE081-7970-4438-BC3A-E221BAC3A663}"=""
"{5F8A96AF-1E18-45C6-909B-65D69DFDAB7E}"=""
"{5A34ECE0-29DE-4FCC-8D6A-740880471000}"=""
"{23CB221C-839F-4113-BE60-F0F43AD5D85C}"=""
"{C47410CE-8624-429A-B5A4-8B54D54A3443}"=""
"{EB6F51C4-1FC1-468A-931D-40BB6312943D}"=""
"{27285EB3-6DC8-4222-86E6-16CF0CD51E3E}"=""
"{F9222519-EFD2-4091-A71D-0F9C12A2715D}"=""
"{29B8F5D4-2059-4BF0-9176-3B2C62C22005}"=""
"{AD7F816F-24BD-4777-9C83-C81A14CA071F}"=""
"{0DD52D7F-2096-41B7-A7FC-361B3A8FA5F6}"=""
"{DC027912-8865-45CC-9273-9C1079BBFDE0}"=""
"{7D72639B-D8EF-41CF-93C6-F64579353147}"=""
"{C67E3E14-2F37-44F4-8092-12A0CDAF8647}"=""
"{488A8025-527A-4729-ACCD-86B264CC7D5E}"=""
"{A429BC1C-65E4-4572-B758-8CFADE7F9869}"=""
"{7C87C0E2-38EC-419C-B2E7-36B72FB491A1}"=""
"{2BD42839-748F-4C8C-ABEA-3CEAAB46BC4C}"=""
"{0934425F-41D6-4219-8EF9-2E65F8878365}"=""
"{8DAE9F07-3BAA-4947-9D35-B6B7345F52AB}"=""
"{C5F92D14-28DA-4990-82F9-8551F7E67546}"=""
"{29B53E39-9174-46E0-9D66-5BF24F2B1523}"=""
"{39353B27-5C3B-4640-B7E7-50E076940EBF}"=""
"{0457D30C-760F-4B39-A4BD-B6AC35F42C80}"=""
"{8F1183AB-B1FA-445C-ABC7-BF2266DA0B18}"=""
"{181FF3BA-9964-412F-805A-658185AD006C}"=""
"{8CA63DC4-ABB0-4540-932B-AB032FCA0DC1}"=""
"{25C178A2-D1AE-4AC1-81F5-0D9EB79C2AE6}"=""
"{593D3549-D141-4870-93FA-7AFE535C0953}"=""
"{ED10EE88-88F6-430B-92CE-6CFE7FB7E08B}"=""
"{A58801C1-F01A-4AE8-A288-708C917D1B3F}"=""
"{A10B9E09-AC7A-4CAE-BEBE-CA6400AE6DCE}"=""
"{DAA89640-D608-4F29-8337-EA09F21139CB}"=""
"{F14873D3-83E9-448F-BDDA-5BFD759C5430}"=""
"{79C44547-14C3-4265-8697-202A808440FF}"=""
"{E3626AD9-B557-4BBD-A307-3E2DA8CF5E8C}"=""
"{564842B6-17DB-4B51-A455-03AF996A6033}"=""
"{FB559E59-AD8A-48E9-AF59-4030857CCA93}"=""
"{7C41D11C-0E2A-4F47-8ADF-DCCB6A27E3EF}"=""
"{BB0A892E-DC70-4AD9-8F32-FB4AC7206C0B}"=""
"{8783264F-0A2D-49FD-92EB-E56D67B6B70D}"=""
"{E7C816BC-E33C-45DC-8081-1D27B5C5CF8D}"=""
"{26FFCB65-D261-4F72-9EDC-11F0802E3DAD}"=""
"{C2466A5C-B1C1-4CE1-8F1E-20C5237EDC32}"=""
"{91CA9907-36B5-4DCF-AF9A-9B44544CF2FB}"=""
"{1BBCFC8F-DA47-4869-BC02-96440CFF17A6}"=""
"{0AE9F79F-F420-4DDC-85DF-532E720ED694}"=""
"{D9DBCE25-1FD3-4290-AF43-0F1326F97984}"=""
"{DD8A64C2-8939-4CCB-9524-9C0680BAB3E9}"=""
"{B77F4756-F766-4ED3-B276-1F7969145A9C}"=""
"{01ACD8F9-8667-472B-B071-D93266F99841}"=""
"{3AFA1CBC-93A4-4BF7-8D4A-1DEACECDD621}"=""
"{709C2747-7BEB-4C3E-AC91-0C23EC925620}"=""
"{810658E3-A275-4A10-B3BB-83C086A0C123}"=""
"{88028B1D-3757-42B3-A4EE-29261DA0C9D9}"=""
"{D98755C5-4E03-4D06-B104-D1A782171E5A}"=""
"{E40383FB-D704-44C5-B8F3-F7A546994F63}"=""
"{66854E7A-56D7-4FF9-8296-34327BF41DB9}"=""
"{70CDC204-31E4-4ACB-98FB-2A07E918B83A}"=""
"{F6D9D118-8F03-480D-82AE-54A73B0421AB}"=""
"{57829761-B5A9-47CF-A818-00D91EE20B78}"=""
"{7D5BD843-C26F-4192-96E3-6A3AFD6E83D9}"=""
"{CACBA7CD-5FEA-4866-ACAD-9B0F23062914}"=""
"{9F911C70-C578-4CF4-A74F-4F820EFB0FFD}"=""
"{D88845D7-1D5D-4926-9223-CA969147FB00}"=""
"{D3455F77-D27D-4414-8850-E42405AF50B7}"=""
"{A645F987-FC10-453F-8482-7B15683B35D2}"=""
"{B7252B92-E971-45FF-95D6-36C9AAF3045B}"=""
"{2149C8E7-7461-47A5-8444-89EBE0F9CE8F}"=""
"{BE932948-373C-42A2-96BA-FD90A2036556}"=""
"{C755B9D5-33A3-4647-ACFA-75C640DC36DE}"=""
"{25E9D777-943F-4F36-AD2C-072DA5792528}"=""
"{97428E41-44E5-45CA-8210-1243F071B160}"=""
"{8AEECBA9-4643-49A9-B0D7-92EB4C67EDE6}"=""
"{503AE32B-6DE9-442C-9379-05C4F40A46F6}"=""
"{DB1042D8-964A-4D2D-BDE3-8C8363AC9C93}"=""
"{FAD4FC4C-1441-4E5F-9577-21A45A5239DB}"=""
"{DD3B5D3C-5006-428B-A7A0-6B525DA96626}"=""
"{FBDDD57F-E16F-410B-A7F6-314C8AA53971}"=""
"{1FF97507-EDE7-4D1A-A111-947573DF030C}"=""
"{8C6B01F8-8D87-4EC3-833F-0C66CFFF4573}"=""
"{A4C66B63-8547-4274-A765-20C8F0F8E7A6}"=""
"{EB4B4F12-2F88-4EEA-8EA6-92B3B699A70F}"=""
"{6E2962E1-5B14-4568-8D97-794229673B15}"=""
"{00BE87E7-73BF-4B6B-9C0D-710754BBB368}"=""
"{B4CA1CB6-D02D-42A3-9866-42E7E99A7CEE}"=""
"{5ED3BDFC-618F-479F-B7D8-C61C0B30537E}"=""
"{7DE010E4-B7D1-4D5E-8848-A6DFBDAC6910}"=""
"{D8AF73FD-9DBF-4AD5-83AB-6AEA17CB41FE}"=""
"{3264D7C0-A278-4873-9743-A5B43C7E005D}"=""
"{1B66A69E-86E7-46F4-9428-1A9714692802}"=""
"{18A657C0-7742-4147-84E4-C6A8C9471CA8}"=""
"{41220A92-D126-4902-A02C-FEA8BFD521CC}"=""
"{BF04EA0B-BC76-4878-8908-7F075790FA0F}"=""
"{8716954E-210E-40F0-A833-A40618F81CE2}"=""
"{D742918C-B5AE-46FE-AFBF-D6FE7B5C71DC}"=""
"{E96C6D0A-B260-4516-BE69-E39EF62A4755}"=""
"{099FB842-0F6D-4133-9EEC-B00A82274EAD}"=""
"{3FCF3A25-E1A0-424D-BB57-84CF91C4B560}"=""
"{153F5541-8D97-401F-AB8D-F6404111B1CB}"=""
"{8711FCB1-3D69-49BD-8526-3E9C6A0682F7}"=""
"{D1B115C3-8E1E-442A-9015-B278C259FE20}"=""
"{004B968F-03A8-40D3-8933-CF4BCF4A30CA}"=""
"{E9F8A112-6711-4A71-9526-F5657AC363E1}"=""
"{D1B0686E-97D3-4E71-9E41-382D3B49C56F}"=""
"{0966D981-6F35-46BC-A26F-FADFD2B70503}"=""
"{87A8393C-CCF4-4CB7-8D4A-83E8AB9DB352}"=""
"{DC57D9C6-50A7-4BB5-9852-1F0E750C3593}"=""
"{0F202104-35F6-40AA-A0BA-6BAE394A5D27}"=""
"{B16F98C3-6701-4103-99E8-F2EDFD56E5A9}"=""
"{8B4B67C6-D616-46EC-AC5F-8CB648DB8B1A}"=""
"{36868C70-1F68-4EFD-B6AE-698E4C8EDAB1}"=""
"{DD568147-786F-4101-A332-9D3156CF19F0}"=""
"{F7D31568-B5A8-4397-99A5-48C92BD69614}"=""
"{06542F59-B0F6-45CD-8FDF-2A0847720472}"=""
"{05A8A594-CCC8-4F87-A902-F51436A3C04D}"=""
"{A370FFBC-74A6-484B-83C7-FD3659725ED7}"=""
"{2C1CA712-31D5-4314-9EE4-7113A44CEA46}"=""
"{98D604DD-6C8C-4243-BEB5-A67B158C518E}"=""
"{CC7937A0-A3A5-469C-924C-561F2EC4242D}"=""
"{F558AA20-729D-4FE5-AA8A-5E5AB980204E}"=""
"{3153A6D0-9148-4CB3-8691-35432AE695F3}"=""
"{2D8DB59B-A8BF-4575-ADC2-84717EE6FB8B}"=""
"{C4D84AD0-30F9-465B-97A6-2B09FF0C48E4}"=""
"{EB43598A-14F2-4436-9753-3912F28F9560}"=""
"{D3B7BB1E-D64C-47AF-918E-19E929110C90}"=""
"{EFF7340A-37E8-4C9A-AE9A-1D8042833D55}"=""
"{DC5D0B35-D83E-4BB3-8033-7F2C9E96CD16}"=""
"{4E11C731-FE8B-4C6E-B583-218C5B18DCCE}"=""
"{F1C2033E-22B7-4A54-924D-CCFCA895B23A}"=""
"{DBA40168-16B8-418F-A9F1-203E7EB5CE0F}"=""
"{FDF62470-A70E-4593-A40B-0527EF6B6C30}"=""
"{64DBE6A7-5CD2-40A2-AC92-8BD3FA564478}"=""
"{ECA3538C-672E-41F1-A643-672FEABB922C}"=""
"{3F8776AE-B9DA-4737-A486-0C5085451DEC}"=""
"{D0F2A800-B493-4A1B-9BB5-C86DD1A5005B}"=""
"{C2B8113C-8F62-458A-B778-BFA8A74AB84D}"=""
"{5099E70E-89FB-469B-9789-68E9A4739393}"=""
"{B068AE14-F8A4-4C94-B0F9-5AD6DC9852EA}"=""
"{954E5603-FA2A-4DCB-B937-293036084E8D}"=""
"{F66C64E2-1091-4556-B5FA-91817F6018E2}"=""
"{1A2ABCF7-36A5-4173-B859-F352C2D5DAD2}"=""
"{92F45939-CE17-457B-B547-23151AF46AD0}"=""
"{94870135-E682-4E80-8051-5694B6034348}"=""
"{6F417E1A-1689-4CBB-A2E2-8D18D0984E55}"=""
"{57C2D7FB-525B-4C11-B7E2-0B808959837C}"=""
"{7B4FF6DB-381C-4715-B3BC-BA21E5D872DC}"=""
"{D27CD4B0-2302-46A3-B115-9AC4666D1B5F}"=""
"{17F5C46F-A2B7-4FFF-AFD0-85EDCC5B512A}"=""
"{CFAA4E7B-F89D-4F58-BCB8-DA94226E329F}"=""
"{EE4DCD02-31B4-447B-B2F7-6CF56802F847}"=""
"{3C9A99E4-A18E-43A2-B23F-0B4E3B7D45AD}"=""
"{A1D55533-742D-42CD-96C8-4C32CFCDF8C2}"=""
"{46D23A26-BD82-413C-94C6-57A6CFBBD443}"=""
"{A0B14158-CB1A-40F9-A3A3-194CC6B85B49}"=""
"{AB0C7A64-F142-4733-8E39-084D27016A1B}"=""
"{67CA9491-6A79-452F-A984-03279BC83604}"=""
"{2395F7CD-D9EA-4816-AAC4-E85C786F8773}"=""
"{BD750BBA-6990-4D32-A9F5-58F41ECEA73D}"=""
"{5993EBFF-7DCB-41C4-A7C9-47515DDF9198}"=""
"{6FEC5401-F8B4-408F-AB37-06D45C1AC08A}"=""
"{D8C0DB70-4C81-4448-B281-90B87F14EFB6}"=""
"{0980D28D-2FBE-4E42-9A0F-383DDEC9F67C}"=""
"{D8616CB7-B912-40BA-BC74-C7856293AC27}"=""
"{66EFCA9C-0FB7-448E-A005-8BBE39F00033}"=""
"{383E9799-8C8F-4BDA-8DD4-E9099EDD1BD4}"=""
"{9380F60E-CD27-48E8-9699-269E432C34B2}"=""
"{A093D5CB-5C94-40D9-A0CA-5A47BF912134}"=""
"{2315742C-327D-4479-A932-7DD81426184A}"=""
"{D1C3AC7B-F9F1-4726-A5FE-240D8DA4442F}"=""
"{CBD5E9C1-C528-47DF-B560-F9AA62DF346C}"=""
"{2E2E5693-FE0F-4060-A100-EF9279E051D4}"=""
"{9D3E6132-D8DB-4D14-AA9D-E69E83FCA770}"=""
"{665906C9-C5E7-4225-9E75-B91090DAE726}"=""
"{2C6FEE7F-F7FC-483A-85B5-2EADACF819A6}"=""
"{A63FD28A-2026-4297-8763-46AFC2A48569}"=""
"{9C8F1370-4D2F-42DB-AEFA-7C7AD518BC5C}"=""
"{2A990159-BE06-4EEB-A331-47EA0CB6A785}"=""
"{C108CA42-A6D0-4C06-888B-29A7628C0D79}"=""
"{BFC543F1-1257-4CE8-B237-CDB226933B22}"=""
"{E76A1CB7-3451-4C2B-974D-CE917F238160}"=""
"{1BDBFC01-74F6-430F-BAF1-AB2ACC05FE80}"=""
"{3F234C8D-5B0E-48B7-AD28-E6FE8C0137D2}"=""
"{AAEF6850-10D3-4B53-8B36-4C08F893F578}"=""
"{608621B3-4F0F-42B8-8F44-8790778F6A64}"=""
"{615C93B3-6268-47AF-AF01-5F917C1A1776}"=""
"{63EE3F40-7CA5-40E9-BD2B-4C9BA5E352BB}"=""
"{8B3A55F6-D6CC-4C26-8FB4-D35DA38795A5}"=""
"{B32F841D-56BD-415A-89C3-52F9CEAF5DDC}"=""
"{75CC3157-8DB0-42E0-9F72-807D8A319F94}"=""
"{9A2152AA-2565-4004-A9CD-EE382FAEE039}"=""
"{4B9E0701-324B-4900-9D62-508244212F31}"=""
"{37C1CDF0-4FB0-4797-8653-DCA2239C40E0}"=""
"{9376B3AA-264D-4022-BD81-6BC6995439B5}"=""
"{20DE34E1-700C-462A-9C59-8BAEB7BD6962}"=""
"{113BC6D1-64C9-407D-93B0-5F47AFC0B832}"=""
"{2A72C9D6-435B-4A50-BEA9-2A61262EBCA0}"=""
"{0035365B-BD70-45E3-AF5D-B26CF90A64B5}"=""
"{3983D2E7-E79A-4373-92F4-9E543C0BAB20}"=""
"{A71238CD-926E-40D8-B08A-0AD8CBC81C6A}"=""
"{CF8F3634-254C-44C5-9693-E1863C61A994}"=""
"{AEC2F82B-420E-4550-868C-37C2DE2C6895}"=""
"{BE697583-DE6D-4854-9C10-07141BD52741}"=""
"{096348DC-1662-4557-99A0-9EC38C28F069}"=""
"{0BCAD8E8-51F4-4C70-8720-D25E856256AD}"=""
"{4958B636-3DBA-4F3B-8490-07C7B1F3876A}"=""
"{A82B10DE-57CE-4F2B-BBF4-AFD296D4055A}"=""
"{440939BE-4E32-45F8-AF86-BEC96CC4D60C}"=""
"{79155B44-6289-4C21-A031-E1A90A24AB42}"=""
"{910A1772-2A1B-43C1-9978-6D8D1E1B8812}"=""
"{94CF043B-CBD9-4812-972F-B32AA9568AD0}"=""
"{A6E091E4-9752-439A-AC36-7363B920E4CA}"=""
"{FF59C8B6-434F-472D-842F-CBDAD822AB27}"=""
"{2CC1456A-D39C-44E1-94BB-EA680966954A}"=""
"{07369F78-BE7A-486C-B24D-3576516CA92B}"=""
"{6511AB07-F4F0-446B-95EC-AABE490E5515}"=""
"{80B3B58B-5E9B-4F17-A172-B884AA47D63D}"=""
"{0272AB89-7AF0-410B-AA5F-7270B1F0575A}"=""
"{AA8A8FB1-BF83-4B07-B0EA-7343234E4247}"=""
"{34DBA7A9-AC29-4BC0-A9E6-4AD6A2870559}"=""
"{EA4EA793-5B43-4840-86EB-5E5B695299DB}"=""
"{9059DEF4-6F4D-4975-B04A-CD4D4B6294CD}"=""
"{DFBB357D-84BB-4CE1-8763-0C28EC9F3418}"=""
"{3776A3E2-4EBD-459E-B281-CEECDDF23C3D}"=""
"{0D63868B-8FD0-445A-8437-87ECEB58C5C9}"=""
"{02AA09F9-913C-4CBF-B55E-0490F50F3C5E}"=""
"{C9EE1A28-563E-421C-93CB-581B239E38B7}"=""
"{721A5B89-6B58-482F-81DD-118F43B7918C}"=""
"{96702E0A-E20B-4E34-9581-8119C3107BC6}"=""
"{44B9C0B9-E100-48FD-AA88-C2BD6969B891}"=""
"{94DCF89A-4AF5-4D5D-A22C-5DEDCDFB194F}"=""
"{81F35AB2-20C2-4FC8-A245-1901488B618D}"=""
"{B022CEF8-43FE-4076-8D6A-DFC9C8D41342}"=""
"{7C1BF559-5F80-4677-99CC-639D521B0E94}"=""
"{45E04B2F-5844-46D1-A611-5832780D6CF3}"=""
"{2AAAD265-5379-44BA-B64A-49E4FA450570}"=""
"{635C0BCB-E9EF-42B8-A88C-16085A441CF7}"=""
"{D347EADA-D8D5-44D0-9B63-5D2F1D1C084D}"=""
"{BF6ECB92-7F1A-4709-9592-B8ED8B4B3EB9}"=""
"{E2838CF7-5294-4603-B461-F1EE7166070F}"=""
"{CE53D752-9D71-4416-BC66-1C7D972B618B}"=""
"{A238DAD7-2FC0-4208-8B51-A938DCA88A37}"=""
"{9AA6F90F-2F74-46AB-84A4-F553DFD3A20A}"=""
"{25587C20-F7BA-4E49-AEC1-9864A91B7722}"=""
"{B99F2E18-3DD6-4A74-9A39-087F40B07BC1}"=""
"{3E5AFE15-BF22-4F8D-80DA-DF0EEABA1120}"=""
"{D1E1B220-EE3A-44C0-A40C-3D44DCD7053F}"=""
"{56D4C134-B9F0-440B-B578-D5292DF0E4D0}"=""
"{91EC311D-1034-410E-A691-B72FB09F7356}"=""
"{F383714E-400A-4E92-A960-C7EC3E1788F6}"=""
"{0572D939-CC6B-4349-ACA6-10CADEA561E8}"=""
"{4433BED1-DBFF-4ACC-8353-C6361F5510BA}"=""
"{3FCD5ECE-3E0D-481F-9872-7BB05CEB1A5A}"=""
"{2744AB15-5026-45DD-BEAF-00E5C2A0D850}"=""
"{4DEFD875-CEE0-411E-91AA-C185DE21D815}"=""
"{5A20DD13-0731-43FF-8492-8D9C1AA35CBC}"=""
"{AFB2F7B4-819C-4D7A-858F-90FE8908802A}"=""
"{7564C4BB-CEB5-4559-A1E6-0BB9DDE874EF}"=""
"{BB5A77C8-F0D9-4DEB-90E3-683F459491D5}"=""
"{9E600AD6-F438-4B7B-B7BE-13A056BA4826}"=""
"{D330CAE1-482C-4123-BCBF-0B39206C6E68}"=""
"{89F24A5B-F3C2-4604-9F51-F2BC545AEAA6}"=""
"{7DBD34EC-866D-4791-86C8-A6B9D584ACFC}"=""
"{114D4EC9-CB31-43BF-AC00-4DDBBF91F28D}"=""
"{16124D06-E94A-4428-8EEA-CD0DC6CDB171}"=""
"{A14EC328-07D5-4803-AAE5-41978B40ED74}"=""
"{C2FC9E5E-F151-40E7-894D-9F6B72727D9C}"=""
"{D0439850-AD36-4CAF-AC51-658C2FA0A4AA}"=""
"{7F3290F6-42A9-41FE-818E-A9D2E6E33736}"=""
"{B42B3A4C-436B-46BA-9565-365FEA66F2E9}"=""
"{083E52DC-CFAE-4599-9A42-70EFF55F3978}"=""
"{03C03386-D735-41F0-9303-A3C167A37386}"=""
"{C3027FD9-6A9B-4037-9C4B-CF51B367AA57}"=""
"{C1F73241-725F-427E-B736-14736162FD22}"=""
"{90C97266-1E8D-4DF3-9E5C-31DD347D2DD4}"=""
"{93985D6F-B2B4-4E84-9022-E1E59601D35C}"=""
"{4149B1AE-BAFC-444A-B4C0-1A7DCE1D4605}"=""
"{5F2026CC-A7B1-43B3-A38E-0886BEB42AFE}"=""
"{4391AA0A-DB67-43C8-84A1-B8B4387BBEE6}"=""
"{D0E5B8FF-FF5E-448D-85FD-F819D93E657A}"=""
"{EE4BFF22-6466-4FF1-9363-C3F410EC1318}"=""
"{1897B9FF-974C-4A68-91F5-D5E51245DA33}"=""
"{EF63247C-C465-461A-952F-031F808D20B9}"=""
"{A387F44A-40DF-4382-BADA-08B18760B2F5}"=""
"{0030F46A-7CC1-4FD0-816B-6E0238B3CAAC}"=""
"{A42B923C-7EE6-400A-9B30-B7F6240D6BAB}"=""
"{B052BD8D-D36D-483A-A0F0-09776A3BC6AA}"=""
"{3467B241-104D-4271-B386-B8458D55F40C}"=""
"{CED99825-EFF6-46DD-B566-9D8D415FE7A1}"=""
"{3C72FB5F-301D-4FB2-BEFE-DBDD8A7AE370}"=""
"{E4D9B446-0377-4BD7-B4D8-2D3D7B4D54AD}"=""
"{04253272-3A93-460F-A757-021D863A38A3}"=""
"{4EDEC13C-75D3-49AE-96A6-971B6FCB9510}"=""
"{41FD23D8-6905-474A-B13D-577B0A0D32C9}"=""
"{675C07E1-F0E4-4136-AC94-8C4AEE2DEB34}"=""
"{8B6646B2-776A-4F0B-B0AB-D594C58B38F1}"=""
"{1F973973-FC6D-42E3-B8D5-3F1C3DE0D4B0}"=""
"{16297827-8527-401A-B5BA-D9F7D78CF6F2}"=""
"{C4CF15C8-9692-4F13-83C7-12BC2E407F97}"=""
"{9995F610-18C0-47FB-B2A8-00BC7670600C}"=""
"{1FA5FDEA-E52B-4C4E-B8E6-27F5AC1E6AF2}"=""
"{BCEF5C35-AD57-4673-9BE0-2487831D2BF5}"=""
"{2C9967D4-AE21-4D1A-9476-4738ABFD0AA8}"=""
"{ADB7D92E-7527-4CBB-A0B2-E90696E7B2FC}"=""
"{7CCC00EC-30AC-4DA7-9F8B-073FC2EC3815}"=""
"{5C6CDDB3-62D3-454B-AEFC-CC48C852148F}"=""
"{2257417B-C64B-4005-8B57-47E7584A54FE}"=""
"{D72E18DA-1E59-4E1D-8410-AF1B13E15EF1}"=""
"{C6204695-DC50-4078-8F88-AABD97E5A9F3}"=""
"{A5482946-B838-4A3F-8CAE-DB0619EE7280}"=""

[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)

[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_5348"="{CDB129A4-6B8E-4101-80E3-8EC126729772}"
"ccSvcHst_UserSession_3996"="{2EFEDB1A-0B47-49FA-BF6B-2586A3EBE06C}"
"ccSvcHst_UserSession_4608"="{83B2DE11-9BE9-4456-BBCC-439024B0E66E}"
"ccSvcHst_UserSession_3172"="{55B7D4F2-C880-48BD-BB74-92C126288B13}"
"_buSvcCommSink_{7EEEDDF6-70F2-4104-8B26-B845285105CF}"="{3DDB1E9F-ED4E-48BE-AB69-FB5BE27ED86F}"
"ccSvcHst_UserSession_692"="{FA078A1E-AFE2-4753-8D90-A4AF5DA2FF59}"
"ccSvcHst_UserSession_6128"="{DE5326DB-2F6A-4E71-8D4B-B4BBAF6EFBF4}"
"ccSvcHst_UserSession_4448"="{24FE91CC-8C3A-44E1-9DEC-725A27994A0F}"
"ccSvcHst_UserSession_4800"="{739A8CEE-4ECB-4CD4-8438-D2DBDA21AE40}"
"clt::AlertChannel_01"="{739A8CEE-4ECB-4CD4-8438-D2DBDA21AE40}"
"ccSvcHst_UserSession_5188"="{5AFE8AEA-0AC2-494F-88A1-64AACEFCA2FB}"
"_buSvcCommSink_{AA416267-6735-4210-A572-5B3502B0F2F6}"="{8D6B0383-8491-4B2F-B658-B453D33038BD}"
"ccSvcHst_UserSession_5292"="{678F58CA-B642-4B70-B352-360A20E4025A}"
"ccSvcHst_UserSession_5140"="{F60A2247-C5DA-4808-ADA8-EFB4360CCC85}"
"ccSvcHst_N360"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"uiPerf_Service_Channel"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"IPS_COMMAND_CHANNEL"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"ccGenericEvent_Global_EM"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"ccGenericEvent_Global_LM"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"ccGenericLog_Manager"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"ccSettingsService"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"SNDServiceRequestChannel"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"SNDLocationChannel"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"_isDataPrComm_"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"g_coVistaProxyChannel"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"Tuneup_Context_Switch_Channel"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"SymRedirSvcRequestChannel"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"NortonNetServiceIPC"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"_buSvcComm_"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"NetMapServiceIPC"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"FWAlert"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"BashIPCChannel"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"_StatisticsCommand_"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"_AvProdSvcComm_"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"ccSvcHst_UserSession_4656"="{68CF0C87-2684-4AD0-82D6-7DA14D63800E}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"AvProdSession_01"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"AvProdSession_Options_01"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"AvProdSession_Scanless_01"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"clt::AlertChannel2_01"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"_TrustSvcComm_"="{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"
"ccSvcHst_UserSession_5008"="{358B93D7-7204-4C8C-B48E-5566EBA29031}"
"ccSvcHst_UserSession_5000"="{CC84AF0F-CB7E-4405-BE26-81BA8F39192C}"
"ccSvcHst_UserSession_5124"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"_buUIComm_"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"TRUSTCHANNEL"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"SDKCHANNEL1"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"ToasterNotify\\SessionID_1"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"AccountServices_1"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"
"FormHandler_1"="{0921B2A7-736C-422D-AF60-7F48DF9D3851}"

[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{48121B6F-290E-442F-AFAA-36C211BF6544}"=""
"{CDB129A4-6B8E-4101-80E3-8EC126729772}"=""
"{C5A81D84-5E15-4010-B5C2-1FF2189636F5}"=""
"{01B69543-94B2-40AA-8397-607546FECFDE}"=""
"{1E3341E7-EEED-49D7-9FDC-7656B8904CC5}"=""
"{88ECD729-6798-453F-AE3D-C2125ED8956E}"=""
"{C15D7398-72F5-4AE4-9510-682DC9766C97}"=""
"{0BEEAECD-2DD3-4FFD-AD9D-00D79444EC57}"=""
"{1DCEB2ED-FD23-4C4C-B7DA-3AB5ABE48886}"=""
"{44BB6011-A7AF-43DF-A764-DD2C2677C300}"=""
"{2EFEDB1A-0B47-49FA-BF6B-2586A3EBE06C}"=""
"{32182840-BE1C-40BF-A30A-F537E90F8D76}"=""
"{83B2DE11-9BE9-4456-BBCC-439024B0E66E}"=""
"{CDD7BCD6-F8D1-42E5-B9C7-28D6CC20388C}"=""
"{55B7D4F2-C880-48BD-BB74-92C126288B13}"=""
"{4582433D-FD78-4268-8FFF-B8B7BA171104}"=""
"{18711322-BB13-42B3-8F07-FF83C6291664}"=""
"{03202B27-D903-4E01-9C47-289BE7FCE4FA}"=""
"{A128463F-09F5-4188-BB1C-CCC6EB87C911}"=""
"{6BE37664-487D-47D2-AB4F-3BDA2746310C}"=""
"{3BE8A4C4-CA89-4C1E-A57F-B409716F52DE}"=""
"{9EA84C5A-0E36-473F-8206-605BC85E824D}"=""
"{42E504B7-68DC-4307-A4E2-38F5434FEF9D}"=""
"{942FD5AF-A017-4160-9D22-0EBBD29FECD6}"=""
"{43C68C22-B28E-4C2C-B9ED-C36208591B4E}"=""
"{B06C2450-A33A-44B2-BE59-3BEE0C4A3CE7}"=""
"{3DDB1E9F-ED4E-48BE-AB69-FB5BE27ED86F}"=""
"{36961F6C-C554-4C0F-87EB-459ACD11FEB0}"=""
"{AC6E492D-D41B-4177-AFD4-8E970CEDDE89}"=""
"{63548201-02B4-48BA-8583-3671328692C1}"=""
"{23CDB0BD-E8EA-4F47-9575-0E23F381DDD7}"=""
"{6FB9950E-CFFA-490E-A7A4-0F196D143A80}"=""
"{FA078A1E-AFE2-4753-8D90-A4AF5DA2FF59}"=""
"{A2AC7D76-B37A-4E8A-AB7D-0BF52BA25EB4}"=""
"{DE5326DB-2F6A-4E71-8D4B-B4BBAF6EFBF4}"=""
"{1AEBC00D-7F8D-4539-8B5A-F2A277EBD0AE}"=""
"{F3AA61FB-DEAC-42DF-B370-E37629FC5685}"=""
"{D3147E5C-18EF-4E55-8E69-AAC2E4625595}"=""
"{191424D7-6803-40FE-8A71-D7431A7D00FC}"=""
"{2B368753-592B-4995-A27A-7C15C22C8696}"=""
"{290188EF-188A-4659-9C8E-845EF0052911}"=""
"{CF62763A-BFE5-46BC-96C9-A543D627C2FD}"=""
"{24FE91CC-8C3A-44E1-9DEC-725A27994A0F}"=""
"{9B4845E0-A31A-4A25-884E-B3EC24F40820}"=""
"{7E1AE17E-20F1-4B40-AC3D-A0C4DE7CDC51}"=""
"{4473D8C8-151C-459F-9571-079E1A787822}"=""
"{E2D5B46B-D07B-4DE4-86E8-8BCD5BDB5F43}"=""
"{CC8B6783-9675-49A0-A480-B51009172E33}"=""
"{847F8F14-316F-4D18-ABAC-892A8A247148}"=""
"{0AB25315-0CD8-457A-B4B9-FBC22C7BAA63}"=""
"{739A8CEE-4ECB-4CD4-8438-D2DBDA21AE40}"=""
"{5C4B3954-9150-4C7F-8117-962263369C65}"=""
"{3EF67E9F-B371-41A1-B66D-74D5A055CE78}"=""
"{1538716C-26FA-4345-9C9F-7EDCF6E07A27}"=""
"{8A7F38CB-BC14-4B6B-B204-61155B2C5317}"=""
"{7A3B0F8E-2CD1-47DD-A556-FE95FBCF645A}"=""
"{C6C5E744-B47F-4E09-BB41-6AA0035EE4B5}"=""
"{2253FE2D-1274-4257-9E90-5B49E480B657}"=""
"{97F25DE0-5E64-4867-80B1-28C9D3B32DC9}"=""
"{C0BCCFD6-940D-48A3-9179-1343FC473D44}"=""
"{4673E7CA-65D0-497E-BE9A-F6ACC5A11ED1}"=""
"{9E39EEA9-8C00-4C1C-B238-2A27F1C882FB}"=""
"{2AD12768-1458-4E77-AF8A-A153FE804FA1}"=""
"{CAC54ED6-F026-4404-8387-D53033C836C5}"=""
"{B94755B3-B093-40D5-9DE3-CB163A35620E}"=""
"{E25D4DD5-F69C-4BD7-8AFD-8ECC98360E48}"=""
"{38655EBE-FADB-46C6-B67D-557CBF6E1C33}"=""
"{3EC7BD89-9368-4B61-9DB6-5817DB6D14A5}"=""
"{8488EAAB-1F40-450A-B78C-241B9619CB1E}"=""
"{A625D61D-F978-41D8-B274-75D3B12330F4}"=""
"{5463EA36-33B2-406C-ACE8-2EBE6DA2211C}"=""
"{FEEC5D14-852C-467A-9806-AC1354AB9FCD}"=""
"{6F33A53A-B20D-4AC3-87CE-E07D90654BD1}"=""
"{C670D95F-C274-42B4-9F5E-6FB34F1133A0}"=""
"{5AFE8AEA-0AC2-494F-88A1-64AACEFCA2FB}"=""
"{0DC99898-7F7E-4D8E-8932-B673E52E78DA}"=""
"{F2A3A687-B7D7-44B0-ABC6-2BBDB61F6123}"=""
"{7DC60780-99FE-4A95-A7A6-88A78B599BF2}"=""
"{1B3A6E87-E736-4775-9504-77744A3EFB12}"=""
"{C0B2474F-D239-473F-96DA-00FC8260EFEE}"=""
"{F4B8C235-DFDE-49D3-812D-C360D0DEDED3}"=""
"{08669A64-B6DE-49C4-A97A-47E415160597}"=""
"{513BBE07-75B2-4576-9CA4-D59C06A5A7D7}"=""
"{48F6F076-D35F-4D10-880A-C83FBFD83A1D}"=""
"{9E064D35-35D9-46E1-9A66-A6EB282F0BED}"=""
"{A63D2322-6310-4219-B8ED-A9E5E1522FAA}"=""
"{8D6B0383-8491-4B2F-B658-B453D33038BD}"=""
"{6A1D4981-2044-4E5E-8307-3101CEEF7E68}"=""
"{C3936A8B-668A-49DA-9703-70DA597DA40A}"=""
"{0BD229BE-50AC-4D49-B445-386C0241B878}"=""
"{BA75B7DE-82BA-4113-A907-5F3F5F4F9296}"=""
"{AFDB6995-7FFD-463B-AEB4-8630494864C0}"=""
"{9C0F4C17-EE26-4095-BC39-D32906EE8D70}"=""
"{F501CC81-5031-47FA-9B85-4E897F90264C}"=""
"{678F58CA-B642-4B70-B352-360A20E4025A}"=""
"{84B3B0C1-028D-4203-A39D-21FC1484C238}"=""
"{8537C526-79E3-41B2-8C65-F41001BA22E3}"=""
"{B6FE5D51-75E0-4DB0-BCF5-F35E73E0E1CA}"=""
"{DEB38A21-81B1-45C9-A307-144B762A6F91}"=""
"{311F0F77-2CA6-4338-AF11-9D4CD7308DEC}"=""
"{DE0D3884-0A5B-448D-B71A-9B2A1F55FB65}"=""
"{689DAE46-D9C7-4B02-BDA2-EA6D909847D7}"=""
"{9FD93673-F087-40B0-BD8E-2E02753584BA}"=""
"{077C65B4-2077-4911-B5A3-66CE105B622F}"=""
"{F60A2247-C5DA-4808-ADA8-EFB4360CCC85}"=""
"{F6846776-F82D-46BF-BFA2-22FBACCC5962}"=""
"{08657866-A953-46B1-918A-CE35A9998871}"=""
"{C221224E-2530-4A23-A9A0-5027E3D6B6C1}"=""
"{57E7C977-3444-479E-BC0F-6A4DFD0BDF8C}"=""
"{40AD73CE-23A1-4BBF-AD5F-685118F785CC}"=""
"{5E5D1011-E596-4241-9AFD-697C919CD5B4}"=""
"{EAD80B71-89D9-40DE-AAA8-FD7EACC69A8C}"=""
"{48EE2419-D1F9-448C-971C-F5E49548DEE9}"=""
"{FCC75C91-A06D-493E-940C-645D75B6012F}"=""
"{68CF0C87-2684-4AD0-82D6-7DA14D63800E}"=""
"{AA6D9ADA-4AAF-43E1-A53B-B7918DDEEAEA}"=""
"{358B93D7-7204-4C8C-B48E-5566EBA29031}"=""
"{9F5507A1-6D42-4156-BE17-8AC47E529347}"=""
"{CC84AF0F-CB7E-4405-BE26-81BA8F39192C}"=""
"{DAA4A6A2-A909-4963-B7A3-70BE520FA81E}"=""
"{0921B2A7-736C-422D-AF60-7F48DF9D3851}"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-05 08:40:32
ComboFix-quarantined-files.txt 2010-05-05 13:40

Pre-Run: 192,664,100,864 bytes free
Post-Run: 192,579,710,976 bytes free

- - End Of File - - 5C02FDC2357AB8955EB37F437CEA2BA9
  • 0

#4
Rorschach112
Posted 05 May 2010 - 10:47 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#5
mcfly_junior_88
Posted 05 May 2010 - 02:55 PM

mcfly_junior_88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I can't get the kaspersky site to successfully complete the download, so I can't scan my computer with it. I disabled my anti-virus software (Norton 360), but it won't complete. I get one of the two following errors on each try (tried multiple times, even after rebooting):

0 [ERROR: Connection to updates source cannot be established]

0 [ERROR: Error during authentication on proxy server]


Still cannot access the MBAM file from the links provided here at geekstogo, so I used the program I was able to finally download yesterday. Here's the log from the most recent MBAM scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4066

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/5/2010 2:21:48 PM
mbam-log-2010-05-05 (14-21-48).txt

Scan type: Quick scan
Objects scanned: 132324
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6cf08d06-5527-49ec-bbd6-b603bca57a56}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Rorschach112
Posted 05 May 2010 - 03:00 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
update mbam, run a new quick scan post that log
  • 0

#7
mcfly_junior_88
Posted 05 May 2010 - 03:15 PM

mcfly_junior_88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
You got it!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4070

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/5/2010 4:10:17 PM
mbam-log-2010-05-05 (16-10-17).txt

Scan type: Quick scan
Objects scanned: 132334
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6cf08d06-5527-49ec-bbd6-b603bca57a56}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Rorschach112
Posted 05 May 2010 - 03:20 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It sounds like a case of Zlob/DNSchanger that change the router's DNS settings. Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now :)
  • 0

#9
mcfly_junior_88
Posted 05 May 2010 - 04:39 PM

mcfly_junior_88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I still cannot get to either of the links provided for Malwarebytes... Can I use the one I found yesterday?
  • 0

#10
Rorschach112
Posted 05 May 2010 - 05:16 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes
  • 0

Advertisements

#11
mcfly_junior_88
Posted 05 May 2010 - 06:15 PM

mcfly_junior_88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Rorschach - followed all your instructions and am 'testing' the system right now. My Google searches are working properly, I was able to successfully get to both the Malwarebytes download sites you were trying to direct me to, AND my Windows updater is currently downloading updates (hasn't been able to since March 10th!).

My logs are below. Thanks you SOOOOO MUCH for your help. There is one other system that regularly uses my router, but he's away with his computer on a business trip. It's an EasyPeasy, so I may have him come here and post his own topic for help, since I doubt my Windows solution will be the same. You rock, Rorschach!!!


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4070

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/5/2010 6:31:59 PM
mbam-log-2010-05-05 (18-31-59).txt

Scan type: Quick scan
Objects scanned: 132313
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6cf08d06-5527-49ec-bbd6-b603bca57a56}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
Rorschach112
Posted 06 May 2010 - 06:51 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you try the kaspersky step now
  • 0

#13
mcfly_junior_88
Posted 06 May 2010 - 12:28 PM

mcfly_junior_88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here's the Kapersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, May 6, 2010
Operating system: Microsoft Home Edition (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, May 06, 2010 13:22:20
Records in database: 4065738
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 155434
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:15:46

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#14
Rorschach112
Posted 06 May 2010 - 12:42 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#15
mcfly_junior_88
Posted 06 May 2010 - 01:00 PM

mcfly_junior_88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 5/6/2010 1:57:55 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\McFly\Desktop\Malware Spyware Cleaning
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 179.47 Gb Free Space | 63.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 7.41 Gb Free Space | 50.61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCFLYDELL-PC
Current User Name: McFly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/04 16:21:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\McFly\Desktop\Malware Spyware Cleaning\OTL.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/22 03:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/08/17 23:59:28 | 000,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/23 09:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\SMINST\SftService.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/30 00:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 17:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/14 23:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\stacsv.exe
PRC - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\AEstSrv.exe
PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/09/04 00:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/04 00:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/09/04 00:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/09/04 00:29:10 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/21 13:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2007/09/14 13:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/04 16:21:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\McFly\Desktop\Malware Spyware Cleaning\OTL.exe
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 04:01:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/22 03:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/23 09:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\WINDOWS\SMINST\sftservice.EXE -- (SftService)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 17:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\stacsv.exe -- (STacSV)
SRV - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/21 13:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 13:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/04/19 11:46:30 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/04/19 11:46:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/19 11:46:30 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.005\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/28 17:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100429.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/09/10 18:23:41 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/29 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/22 03:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 03:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 03:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 03:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 03:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 03:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 03:14:09 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 03:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 03:13:59 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 16:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/12/14 23:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/08 00:32:50 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/09/04 00:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/03 03:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 03:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/06/17 11:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/05/07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/25 12:59:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 09:28:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/05 15:05:28 | 000,000,000 | ---D | M]

[2010/04/15 17:33:23 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\Mozilla\Extensions
[2010/05/05 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\Mozilla\Firefox\Profiles\n1zkk9n6.default\extensions
[2010/04/19 20:32:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\McFly\AppData\Roaming\Mozilla\Firefox\Profiles\n1zkk9n6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/06 13:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 15:05:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/29 17:11:24 | 000,001,199 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\McFly\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\McFly\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/05 08:40:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/05 08:40:34 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\temp
[2010/05/05 08:30:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/05 08:30:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/05 08:30:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/05 08:29:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/05 08:29:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/04 16:24:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/04 16:24:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/04 16:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 15:53:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/04 15:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/04 15:41:16 | 000,000,000 | ---D | C] -- C:\Users\McFly\Desktop\Malware Spyware Cleaning
[2010/04/19 18:01:52 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\Symantec
[2010/04/19 16:08:45 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\Dell
[2010/04/19 14:47:13 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\ElevatedDiagnostics
[2010/04/18 15:06:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/15 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Roaming\Mozilla
[2010/04/12 21:17:26 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Local\Yahoo!
[2010/04/10 09:49:06 | 000,000,000 | ---D | C] -- C:\Users\McFly\Documents\Bob's Crafts
[2010/04/05 21:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2010/04/01 17:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/01 17:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/06 20:23:54 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2010/03/06 20:23:54 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2010/03/06 20:23:54 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2010/03/06 20:23:54 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2010/03/06 20:23:54 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2010/03/06 20:23:53 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2010/03/06 20:23:53 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2010/03/06 20:23:53 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2010/03/06 20:23:52 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Roaming\FreeAudioPack
[2010/03/06 20:08:11 | 000,000,000 | ---D | C] -- C:\Users\McFly\Desktop\mp3 songs
[2010/02/25 04:01:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/02/06 15:36:25 | 000,000,000 | ---D | C] -- C:\Users\McFly\AppData\Roaming\Facebook

========== Files - Modified Within 90 Days ==========

[2010/05/06 13:57:57 | 004,194,304 | -HS- | M] () -- C:\Users\McFly\ntuser.dat
[2010/05/06 13:20:33 | 000,939,526 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/05/06 07:20:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/05 19:28:52 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/05 19:28:52 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/05 19:21:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/05 19:20:38 | 2788,970,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/05 19:19:46 | 001,786,234 | -H-- | M] () -- C:\Users\McFly\AppData\Local\IconCache.db
[2010/05/05 18:40:55 | 000,000,441 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/05/05 08:38:02 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/04 16:54:36 | 426,082,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/04 16:24:46 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 15:53:13 | 000,000,856 | ---- | M] () -- C:\Users\McFly\Desktop\NTREGOPT.lnk
[2010/05/04 15:53:13 | 000,000,837 | ---- | M] () -- C:\Users\McFly\Desktop\ERUNT.lnk
[2010/05/03 09:25:10 | 000,170,195 | ---- | M] () -- C:\Users\McFly\Desktop\packet 3.zip
[2010/05/03 09:15:06 | 000,185,163 | ---- | M] () -- C:\Users\McFly\Desktop\packet 2.zip
[2010/05/03 09:12:16 | 001,847,544 | ---- | M] () -- C:\Users\McFly\Desktop\packet 1.zip
[2010/05/01 22:00:29 | 000,090,485 | ---- | M] () -- C:\Users\McFly\Documents\John and Stephanie Wedding Gift.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 09:28:28 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/26 11:54:29 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/26 11:54:29 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/26 11:54:29 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/25 12:56:56 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/23 13:09:50 | 000,524,288 | -HS- | M] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TMContainer00000000000000000002.regtrans-ms
[2010/04/23 13:09:50 | 000,524,288 | -HS- | M] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TMContainer00000000000000000001.regtrans-ms
[2010/04/23 13:09:50 | 000,065,536 | -HS- | M] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TM.blf
[2010/04/18 14:47:10 | 000,187,956 | ---- | M] () -- C:\Users\McFly\Documents\bookmarks.html
[2010/04/12 20:38:50 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/12 20:37:20 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/12 20:31:10 | 000,284,504 | ---- | M] () -- C:\Users\McFly\Documents\LEGO Indiana Jones 2 Walkthrough and FAQ.docx
[2010/04/06 09:44:06 | 000,337,241 | ---- | M] () -- C:\Users\McFly\Documents\Lego Star Wars.docx
[2010/04/06 09:33:27 | 000,380,790 | ---- | M] () -- C:\Users\McFly\Documents\Firefox Password List.pptx
[2010/04/05 13:25:01 | 000,080,457 | ---- | M] () -- C:\Users\McFly\Documents\Lego Star Wars Canisters and Power Bricks.docx
[2010/04/04 19:48:10 | 000,043,748 | ---- | M] () -- C:\Users\McFly\Documents\Lego Star Wars Blue Canister Challenges.docx
[2010/04/01 14:28:15 | 000,002,534 | ---- | M] () -- C:\Users\McFly\Documents\farmville id number.rtf
[2010/02/25 00:18:04 | 000,009,906 | ---- | M] () -- C:\Users\McFly\Documents\AZ Drive Money Tracker.xlsx
[2010/02/21 15:06:47 | 000,061,002 | ---- | M] () -- C:\Users\McFly\Documents\ColdStoneCouponAlex.pdf
[2010/02/06 10:10:54 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

========== Files Created - No Company Name ==========

[2010/05/05 08:30:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/05 08:30:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/05 08:30:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/05 08:30:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/05 08:30:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/04 16:24:46 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 16:20:28 | 000,293,376 | ---- | C] () -- C:\Users\McFly\Desktop\gmer.exe
[2010/05/04 15:53:13 | 000,000,856 | ---- | C] () -- C:\Users\McFly\Desktop\NTREGOPT.lnk
[2010/05/04 15:53:13 | 000,000,837 | ---- | C] () -- C:\Users\McFly\Desktop\ERUNT.lnk
[2010/05/03 09:25:10 | 000,170,195 | ---- | C] () -- C:\Users\McFly\Desktop\packet 3.zip
[2010/05/03 09:15:06 | 000,185,163 | ---- | C] () -- C:\Users\McFly\Desktop\packet 2.zip
[2010/05/03 09:12:15 | 001,847,544 | ---- | C] () -- C:\Users\McFly\Desktop\packet 1.zip
[2010/05/01 22:00:08 | 000,090,485 | ---- | C] () -- C:\Users\McFly\Documents\John and Stephanie Wedding Gift.pdf
[2010/04/28 09:28:28 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/19 18:01:48 | 000,524,288 | -HS- | C] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TMContainer00000000000000000002.regtrans-ms
[2010/04/19 18:01:48 | 000,524,288 | -HS- | C] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TMContainer00000000000000000001.regtrans-ms
[2010/04/19 18:01:48 | 000,065,536 | -HS- | C] () -- C:\Users\McFly\ntuser.dat{a3248aed-4c06-11df-9fc5-0023ae33f239}.TM.blf
[2010/04/18 14:47:10 | 000,187,956 | ---- | C] () -- C:\Users\McFly\Documents\bookmarks.html
[2010/04/12 20:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/12 20:37:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/06 09:33:25 | 000,380,790 | ---- | C] () -- C:\Users\McFly\Documents\Firefox Password List.pptx
[2010/04/05 17:33:37 | 000,284,504 | ---- | C] () -- C:\Users\McFly\Documents\LEGO Indiana Jones 2 Walkthrough and FAQ.docx
[2010/04/04 19:48:10 | 000,043,748 | ---- | C] () -- C:\Users\McFly\Documents\Lego Star Wars Blue Canister Challenges.docx
[2010/04/04 19:46:05 | 000,080,457 | ---- | C] () -- C:\Users\McFly\Documents\Lego Star Wars Canisters and Power Bricks.docx
[2010/03/26 14:15:55 | 000,002,534 | ---- | C] () -- C:\Users\McFly\Documents\farmville id number.rtf
[2010/03/11 13:25:48 | 000,337,241 | ---- | C] () -- C:\Users\McFly\Documents\Lego Star Wars.docx
[2010/03/06 20:23:54 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2010/02/24 23:50:59 | 000,009,906 | ---- | C] () -- C:\Users\McFly\Documents\AZ Drive Money Tracker.xlsx
[2010/02/21 15:06:03 | 000,061,002 | ---- | C] () -- C:\Users\McFly\Documents\ColdStoneCouponAlex.pdf
[2009/10/04 16:46:29 | 000,001,521 | ---- | C] () -- C:\Windows\disney.ini
[2009/09/21 01:15:44 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/21 01:15:44 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\622CD8EFAD.sys
[2009/09/17 08:45:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/16 07:05:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/16 07:05:08 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/16 07:05:08 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/16 07:05:08 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/16 07:05:08 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/16 07:05:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/16 07:05:08 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/16 07:05:08 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/16 07:05:08 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/16 07:05:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/16 07:05:08 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/16 07:05:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/16 07:05:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/16 07:05:08 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/16 07:05:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/16 07:05:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/16 07:05:08 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/16 07:05:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/16 07:05:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/16 07:05:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/16 07:05:07 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/16 07:05:05 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/16 07:05:04 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2008/08/05 01:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll

========== LOP Check ==========

[2009/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\Azureus
[2009/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\CVS
[2010/03/31 10:56:17 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\Facebook
[2010/03/06 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\FreeAudioPack
[2009/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\GARMIN
[2009/12/06 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\LEGO Company
[2010/04/19 20:37:02 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\PDF reDirect
[2009/06/27 19:25:59 | 000,000,000 | ---D | M] -- C:\Users\McFly\AppData\Roaming\PeerNetworking
[2009/07/13 23:53:46 | 000,017,352 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP