Bloodhound.PDF.8 Recurring Detection

View previous topic View next topic Go down

Bloodhound.PDF.8 Recurring Detection

Post by smith30 on 2nd March 2010, 5:41 pm

I've been getting a recurring detection in my Symantec notification saying that Bloodhound.PDF.8 is being discovered. It also recognizes Trojan.Pidief.F. Can you help with removal? Any help would be appreciated. Thanks.

smith30
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : xp
Points Points : 28047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by Belahzur on 2nd March 2010, 5:42 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by smith30 on 2nd March 2010, 6:10 pm

OTL.txt (Part 1):
OTL logfile created on: 3/2/10 11:46:28 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\msmith\My Documents\My Music
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 36.78 Gb Free Space | 24.69% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 227.54 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 55.68 Gb Total Space | 27.94 Gb Free Space | 50.17% Space Free | Partition Type: NTFS
Drive U: | 136.62 Gb Total Space | 49.69 Gb Free Space | 36.37% Space Free | Partition Type: NTFS

Computer Name: DGXH5NF1
Current User Name: msmith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/02 11:45:35 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\msmith\My Documents\My Music\OTL.exe
PRC - [2010/02/25 05:23:07 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2010/02/24 19:40:13 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\msmith\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2010/02/05 12:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\msmith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/01/31 21:34:49 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/20 12:14:48 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/11/10 10:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/02 23:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/09/23 13:33:42 | 001,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/09/23 12:17:22 | 000,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/09/22 17:11:32 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/09/17 14:32:36 | 000,562,944 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
PRC - [2009/09/17 14:32:32 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2009/08/17 22:48:08 | 018,341,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009/08/17 21:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/24 09:14:38 | 000,079,136 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2008/09/22 18:21:52 | 000,913,448 | ---- | M] (ShoreTel, Inc.) -- C:\Program Files\Shoreline Communications\ShoreWare Client\CSISCMGR.exe
PRC - [2008/09/22 18:16:30 | 000,143,397 | ---- | M] (ShoreTel, Inc.) -- C:\Program Files\Shoreline Communications\ShoreWare Client\Agent.exe
PRC - [2008/08/10 03:05:54 | 000,080,368 | ---- | M] () -- C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/07 09:01:11 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/03/04 15:15:12 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/02/25 19:23:34 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/10/09 04:17:44 | 002,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/10/09 04:17:44 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/10/09 04:17:40 | 001,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/09/14 10:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/10 09:55:04 | 000,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/09/07 22:33:34 | 001,635,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2007/09/07 22:33:32 | 002,532,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/09/06 03:55:42 | 000,181,688 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2007/09/06 03:55:38 | 002,177,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2007/09/06 03:55:32 | 000,150,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
PRC - [2007/08/06 03:08:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/05/14 14:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/04/15 21:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2007/04/15 21:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/04/15 21:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/15 21:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/04/01 09:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/18 23:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/18 23:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/05 15:40:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/08/04 05:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
PRC - [2004/08/04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2001/12/12 18:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/02 11:45:35 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\msmith\My Documents\My Music\OTL.exe
MOD - [2010/01/31 21:36:52 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2010/01/31 21:34:57 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2009/09/17 14:21:10 | 000,073,728 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/08/13 07:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2007/05/03 00:53:30 | 000,086,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007/03/21 20:33:00 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.DLL


========== Win32 Services (SafeList) ==========

SRV - [2009/11/20 12:14:48 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/09/23 13:33:42 | 001,141,200 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 000,358,600 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/17 14:32:32 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/04/15 08:48:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/09 07:46:25 | 001,122,304 | R--- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/09 04:17:44 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 22:35:04 | 000,234,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2007/09/07 22:33:32 | 002,532,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/09/06 03:55:38 | 002,177,464 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/18 23:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/09/14 14:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2003/08/27 18:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2010/02/03 03:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100228.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 03:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100228.005\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/04 12:10:54 | 000,136,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/14 08:59:20 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/14 08:59:20 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/05 16:46:08 | 000,014,464 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/05/05 16:46:08 | 000,013,440 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/12/19 18:08:28 | 000,027,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2008/10/30 19:18:21 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/10/30 19:18:21 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/10/30 19:18:21 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/09/25 13:54:57 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/08/11 10:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/16 03:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/02 18:26:28 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 16:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/09 04:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/14 17:54:00 | 000,277,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/08/14 17:54:00 | 000,250,416 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/08/14 17:54:00 | 000,025,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/07/31 02:17:26 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/05/31 15:50:20 | 006,727,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/03 00:53:30 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/05/03 00:53:30 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/05/03 00:53:30 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/05/03 00:53:30 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/05/03 00:53:30 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/04/15 21:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 15:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/03/07 22:20:50 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 22:20:49 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 22:20:48 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/02/18 23:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/11 18:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/11 18:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/09 16:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 16:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/05/10 21:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 12:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080217
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080217

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/01 11:18:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/28 10:05:26 | 000,000,000 | ---D | M]

[2010/02/28 10:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msmith\Application Data\Mozilla\Extensions
[2010/02/28 10:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msmith\Application Data\Mozilla\Firefox\Profiles\hbi1mbq6.default\extensions
[2010/02/28 10:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\msmith\Application Data\Mozilla\Firefox\Profiles\hbi1mbq6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/28 10:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msmith\Application Data\Mozilla\Firefox\Profiles\hbi1mbq6.default\extensions\staged-xpis
[2010/02/28 10:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/02/16 09:59:03 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe (Sonic Solutions)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\msmith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} [You must be registered and logged in to see this link.] (Shoretel SClientInstall)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.3 10.10.10.4 10.10.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bomachi.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (㥘ļƈȈ瘨ĺ퍠ĺĺ⣠Ļ練ĺ抐Ļ池Ļ陨ĻƏȈ︼D C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O24 - Desktop WallPaper: C:\Documents and Settings\msmith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\msmith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/11 08:07:18 | 000,000,000 | -H-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2009/02/27 18:35:10 | 000,000,120 | -H-- | M] () - D:\autorun.bak -- [ NTFS ]
O32 - AutoRun File - [2009/04/28 10:57:38 | 000,000,137 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{318b0e6a-1e24-11df-ad13-001bfcd1eb05}\Shell\AutoRun\command - "" = D:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{318b0e6a-1e24-11df-ad13-001bfcd1eb05}\Shell\Setup FlipShare\command - "" = D:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{34da465c-9a1b-11dd-b5c1-001d09c4494a}\Shell - "" = AutoRun
O33 - MountPoints2\{34da465c-9a1b-11dd-b5c1-001d09c4494a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34da465c-9a1b-11dd-b5c1-001d09c4494a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3b02828e-205d-11dd-b564-001d09c4494a}\Shell\AutoRun\command - "" = D:\LinksysConnectPC.exe -- File not found
O33 - MountPoints2\{60de4f05-b64a-11dd-b5ea-001d09c4494a}\Shell - "" = AutoRun
O33 - MountPoints2\{60de4f05-b64a-11dd-b5ea-001d09c4494a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60de4f05-b64a-11dd-b5ea-001d09c4494a}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6ffd3d0a-6a37-11dd-b5a8-001d09c4494a}\Shell - "" = AutoRun
O33 - MountPoints2\{6ffd3d0a-6a37-11dd-b5a8-001d09c4494a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ffd3d0a-6a37-11dd-b5a8-001d09c4494a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9a85d2b4-7f47-11dd-b5b1-001d09c4494a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a85d2b4-7f47-11dd-b5b1-001d09c4494a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a85d2b4-7f47-11dd-b5b1-001d09c4494a}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b643a22f-2d96-11dd-b57c-001d09c4494a}\Shell\AutoRun\command - "" = D:\JDSecure\Windows\JDSecure20.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

smith30
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : xp
Points Points : 28047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by smith30 on 2nd March 2010, 6:11 pm

OTL.Txt (PART 2)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/01 16:55:01 | 000,014,464 | ---- | C] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2010/03/01 16:54:58 | 000,013,440 | ---- | C] (NewTech Infosystems Corporation) -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2010/03/01 16:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Xp_x86
[2010/03/01 16:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\w2k_x86
[2010/03/01 16:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_x86
[2010/03/01 16:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_ia64
[2010/03/01 16:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_amd64
[2010/03/01 16:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_x86
[2010/03/01 16:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_ia64
[2010/03/01 16:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_amd64
[2010/03/01 16:53:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti
[2010/03/01 16:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2010/03/01 16:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/01 16:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msmith\Local Settings\Application Data\LogMeIn Rescue Calling Card
[2010/03/01 16:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Rescue Calling Card
[2010/03/01 15:58:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI7D9.tmp
[2010/02/28 10:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msmith\Application Data\Mozilla
[2010/02/28 10:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/28 09:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[2010/02/23 14:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msmith\Desktop\TOBY 10
[2010/02/20 10:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/02/20 10:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/02/20 10:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/02/16 08:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungMitsLabs
[2010/02/03 14:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msmith\My Documents\Boma_Chicago_Foundation_Logo
[2010/01/31 21:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/01/09 14:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/06 12:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/22 02:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/22 12:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/22 09:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/15 14:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/02/24 13:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/12/14 15:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\TiVo Desktop
[2008/11/07 09:57:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/07 09:57:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/25 13:54:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\msmith\Application Data\pcouffin.sys
[2008/05/06 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/25 07:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2008/03/25 07:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2008/03/25 07:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Viewpoint
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\msmith\My Documents\*.tmp files -> C:\Documents and Settings\msmith\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\msmith\Desktop\*.tmp files -> C:\Documents and Settings\msmith\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 15:00:00 | 002,741,260 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\08 march iapt.pdf
[2049/12/31 15:00:00 | 002,576,618 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\08 march iapt_parts_MWTE.pdf
[2010/03/02 11:45:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-746137067-1801674531-2121UA.job
[2010/03/02 11:28:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/02 10:05:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/02 05:28:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/02 04:01:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/01 19:45:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-746137067-1801674531-2121Core.job
[2010/03/01 16:54:17 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Backup Now EZ.lnk
[2010/03/01 16:01:44 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adivi Remote Support System.lnk
[2010/03/01 15:52:03 | 000,781,824 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\Scholarship Promo.pub
[2010/03/01 15:42:29 | 000,236,032 | ---- | M] () -- C:\Documents and Settings\msmith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 13:30:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\SpyHunter Scanner.job
[2010/03/01 08:53:20 | 000,129,810 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/01 08:52:43 | 000,129,810 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/28 10:11:56 | 000,000,788 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/28 10:05:29 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/28 09:18:46 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/28 09:18:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\msmith\Local Settings\Application Data\WavXMapDrive.bat
[2010/02/28 09:12:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 09:12:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 09:12:22 | 3755,966,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/27 21:50:12 | 020,447,232 | ---- | M] () -- C:\Documents and Settings\msmith\ntuser.dat
[2010/02/27 21:20:49 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2010/02/27 13:34:14 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/02/27 13:18:15 | 000,138,617 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\TaxReturn.pdf
[2010/02/27 10:50:43 | 000,398,848 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\Lineup.pub
[2010/02/26 15:00:00 | 000,000,560 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for msmith.job
[2010/02/26 09:59:51 | 000,002,792 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\darby8_bigger.jpg
[2010/02/24 09:39:04 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/02/24 09:14:40 | 000,066,977 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\DPLW Basketball Scores & Playoffs.pdf
[2010/02/23 12:53:03 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\DPLW Basketball Scores Week 10.xls
[2010/02/22 08:20:43 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\Ebert.doc
[2010/02/19 15:58:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/19 14:48:50 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\2010 Gold Circle Awards.2.0.xls
[2010/02/17 11:20:26 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\2010 BOMA Winners.doc
[2010/02/17 11:19:22 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\Ryan Smith.doc
[2010/02/16 08:08:29 | 000,514,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/16 08:08:29 | 000,098,468 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/16 08:08:27 | 000,624,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/15 11:58:49 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\5B Boys Game Overview.doc
[2010/02/15 11:58:49 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\msmith\My Documents\~$ Boys Game Overview.doc
[2010/02/12 11:47:51 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\EXPRPT.16.xls
[2010/02/12 09:30:48 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\msmith\Desktop\._BOMA-Rang-campaign02122010.pdf
[2010/02/11 08:38:31 | 000,011,396 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\2009.TOBY.xlsx
[2010/02/11 03:08:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 17:14:39 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\EXPRPT.15.xls
[2010/02/08 22:43:50 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\Fact Sheet.doc
[2010/02/08 22:41:46 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\msmith\Desktop\~$an Smith.doc
[2010/02/08 21:53:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\msmith\Desktop\~$ct Sheet.doc
[2010/02/08 16:16:45 | 000,060,952 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\Eurest Services.jpg
[2010/02/08 16:11:21 | 000,698,945 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\Eurest Services_Logo_CMYK.jpg
[2010/02/08 11:31:43 | 000,077,426 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\Education Program Attendance Receipt.pdf
[2010/02/08 11:30:12 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\Education Program Attendance Receipt.pub
[2010/02/05 07:55:48 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\msmith\Desktop\2010 TOBY Winners.xls
[2010/02/04 09:28:59 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/03 12:04:57 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\Credit Card Authorization Form_TOBY.doc
[2010/02/01 15:33:04 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\msmith\My Documents\~$0 N. Lake Shore Drive.doc
[2010/02/01 15:33:03 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\680 N. Lake Shore Drive.doc
[2010/02/01 08:37:22 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/02/01 08:36:04 | 004,124,332 | ---- | M] () -- C:\Documents and Settings\msmith\My Documents\FileZilla_3.3.1_win32-setup.exe
[2010/01/31 21:36:32 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/01/31 21:35:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/01/31 21:35:47 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/01/31 21:34:57 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/01/31 21:34:57 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\msmith\My Documents\*.tmp files -> C:\Documents and Settings\msmith\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\msmith\Desktop\*.tmp files -> C:\Documents and Settings\msmith\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 16:54:17 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Backup Now EZ.lnk
[2010/03/01 16:00:05 | 000,002,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adivi Remote Support System.lnk
[2010/03/01 15:52:02 | 000,781,824 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\Scholarship Promo.pub
[2010/02/28 10:05:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/27 21:36:04 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/27 13:34:14 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2010/02/27 13:18:03 | 000,138,617 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\TaxReturn.pdf
[2010/02/26 09:59:51 | 000,002,792 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\darby8_bigger.jpg
[2010/02/24 09:39:04 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/02/23 12:37:47 | 000,066,977 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\DPLW Basketball Scores & Playoffs.pdf
[2010/02/22 23:14:57 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\DPLW Basketball Scores Week 10.xls
[2010/02/22 08:20:42 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\Ebert.doc
[2010/02/19 17:00:24 | 000,398,848 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\Lineup.pub
[2010/02/19 15:23:49 | 002,672,614 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\500K-1000K_191 N Wacker.MKS.pdf
[2010/02/17 11:20:25 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\2010 BOMA Winners.doc
[2010/02/15 11:58:49 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\5B Boys Game Overview.doc
[2010/02/15 11:58:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\msmith\My Documents\~$ Boys Game Overview.doc
[2010/02/12 11:47:50 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\EXPRPT.16.xls
[2010/02/12 10:52:44 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\msmith\Desktop\._BOMA-Rang-campaign02122010.pdf
[2010/02/11 08:38:31 | 000,011,396 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\2009.TOBY.xlsx
[2010/02/10 17:30:37 | 000,010,561 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\111 S Wacker.1.0.pdf
[2010/02/10 17:30:26 | 000,028,454 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\111 S. Wacker.1.1.pdf
[2010/02/10 17:28:07 | 000,413,673 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\111 S. Wacker.2.pdf
[2010/02/10 17:24:40 | 000,166,835 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\111 S. Wacker.pdf
[2010/02/09 17:14:38 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\EXPRPT.15.xls
[2010/02/08 22:41:46 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\msmith\Desktop\~$an Smith.doc
[2010/02/08 21:53:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\msmith\Desktop\~$ct Sheet.doc
[2010/02/08 21:53:56 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\Fact Sheet.doc
[2010/02/08 21:30:26 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\Ryan Smith.doc
[2010/02/08 16:15:30 | 000,060,952 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\Eurest Services.jpg
[2010/02/08 16:11:21 | 000,698,945 | ---- | C] () -- C:\Documents and Settings\msmith\Desktop\Eurest Services_Logo_CMYK.jpg
[2010/02/08 11:31:43 | 000,077,426 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\Education Program Attendance Receipt.pdf
[2010/02/08 11:30:12 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\Education Program Attendance Receipt.pub
[2010/02/04 09:28:59 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/03 12:04:56 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\Credit Card Authorization Form_TOBY.doc
[2010/02/01 15:33:04 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\msmith\My Documents\~$0 N. Lake Shore Drive.doc
[2010/02/01 15:33:03 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\680 N. Lake Shore Drive.doc
[2010/02/01 08:37:22 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/02/01 08:34:55 | 004,124,332 | ---- | C] () -- C:\Documents and Settings\msmith\My Documents\FileZilla_3.3.1_win32-setup.exe
[2010/01/09 21:00:40 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/25 23:46:57 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\ker.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/21 14:35:33 | 000,170,748 | ---- | C] () -- C:\Documents and Settings\msmith\Local Settings\Application Data\rx_audio.Cache
[2009/05/21 14:35:13 | 000,005,832 | ---- | C] () -- C:\Documents and Settings\msmith\Local Settings\Application Data\rx_image32.Cache
[2009/04/27 16:22:16 | 000,185,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/12/30 08:27:18 | 001,262,633 | -HS- | C] () -- C:\WINDOWS\System32\ahatuled.ini
[2008/12/27 22:07:38 | 001,694,337 | -HS- | C] () -- C:\WINDOWS\System32\apilivir.ini
[2008/12/26 22:46:56 | 001,685,430 | -HS- | C] () -- C:\WINDOWS\System32\afoseyil.ini
[2008/12/18 08:34:46 | 001,663,178 | -HS- | C] () -- C:\WINDOWS\System32\cqsgxmkl.ini
[2008/12/17 08:28:57 | 001,663,178 | -HS- | C] () -- C:\WINDOWS\System32\eqwcjhnh.ini
[2008/12/15 15:20:34 | 001,646,220 | -HS- | C] () -- C:\WINDOWS\System32\yufoqhen.ini
[2008/12/15 14:07:43 | 000,000,610 | -HS- | C] () -- C:\WINDOWS\System32\HjRAaccf.ini
[2008/10/20 21:35:22 | 000,003,225 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/10/15 11:21:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/09/25 13:55:17 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\msmith\Application Data\pcouffin.log
[2008/09/25 13:54:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\msmith\Application Data\pcouffin.cat
[2008/09/25 13:54:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\msmith\Application Data\pcouffin.inf
[2008/09/25 13:17:32 | 000,051,001 | ---- | C] () -- C:\WINDOWS\System32\ms383524.dll
[2008/09/25 13:17:30 | 000,028,160 | ---- | C] () -- C:\WINDOWS\hwuser.dll
[2008/09/22 08:32:19 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\msmith\Local Settings\Application Data\73648-88365-27475-00IP7-22847
[2008/07/23 11:53:52 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2008/07/23 11:15:59 | 000,094,848 | ---- | C] () -- C:\WINDOWS\System32\edbbenrl.dll
[2008/06/19 07:59:38 | 000,304,957 | ---- | C] () -- C:\Program Files\hjsplit.zip
[2008/05/20 13:48:42 | 000,000,042 | ---- | C] () -- C:\WINDOWS\bba.INI
[2008/04/14 13:13:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/03 08:11:13 | 000,000,387 | ---- | C] () -- C:\WINDOWS\OPLA.INI
[2008/03/31 09:35:08 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2008/03/31 09:12:28 | 000,000,033 | ---- | C] () -- C:\WINDOWS\SLib.INI
[2008/03/31 09:06:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\CSSCANA6.DLL
[2008/03/31 08:25:11 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/31 08:25:11 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/26 13:51:47 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/24 20:27:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\msmith\Application Data\$_hpcst$.hpc
[2008/03/08 10:57:59 | 000,236,032 | ---- | C] () -- C:\Documents and Settings\msmith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 14:40:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5140.INI
[2008/03/04 14:39:13 | 000,000,505 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/03/04 14:39:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/04 14:39:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/03/04 09:57:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\msmith\Local Settings\Application Data\WavXMapDrive.bat
[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/02/16 19:14:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/16 18:55:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/16 18:55:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/16 18:45:37 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/16 18:43:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/16 18:43:03 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/16 18:40:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/16 18:39:59 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/16 18:16:57 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/16 18:16:57 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/16 18:16:56 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/16 18:16:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/16 18:15:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 14:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 14:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 14:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 14:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 14:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 14:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 14:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 15:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 15:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 15:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 15:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 15:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 15:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 15:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 15:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 15:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 15:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 09:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/07/01 05:12:14 | 003,145,728 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/07/01 04:59:22 | 000,517,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/06/17 05:43:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/06/15 10:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/06/12 05:21:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/04/01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/09 11:05:50 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 11:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 08:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08948D52
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
< End of report >

smith30
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : xp
Points Points : 28047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by smith30 on 2nd March 2010, 6:12 pm

Extras.txt

OTL Extras logfile created on: 3/2/10 11:46:28 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\msmith\My Documents\My Music
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 36.78 Gb Free Space | 24.69% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 227.54 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 55.68 Gb Total Space | 27.94 Gb Free Space | 50.17% Space Free | Partition Type: NTFS
Drive U: | 136.62 Gb Total Space | 49.69 Gb Free Space | 36.37% Space Free | Partition Type: NTFS

Computer Name: DGXH5NF1
Current User Name: msmith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Documents and Settings\msmith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe" = C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe:*:Enabled:XpressMailDesktopClient -- ()
"C:\Program Files\Xpress Mail\Professional Editon\Connection.exe" = C:\Program Files\Xpress Mail\Professional Editon\Connection.exe:*:Disabled:Connection -- ()
"C:\Documents and Settings\msmith\Local Settings\Temporary Internet Files\Content.IE5\6D5AN1V8\installer-13387-19-Nero-ShowTime-English[1].exe" = C:\Documents and Settings\msmith\Local Settings\Temporary Internet Files\Content.IE5\6D5AN1V8\installer-13387-19-Nero-ShowTime-English[1].exe:*:Enabled:installer-13387-19-Nero-ShowTime-English[1] -- File not found
"C:\Program Files\installer-13387-19-Nero-ShowTime-English.exe" = C:\Program Files\installer-13387-19-Nero-ShowTime-English.exe:*:Enabled:installer-13387-19-Nero-ShowTime-English -- File not found
"C:\Documents and Settings\msmith\Local Settings\Temporary Internet Files\Content.IE5\DPYZUM3L\installer-13387-19-Nero-ShowTime-English[1].exe" = C:\Documents and Settings\msmith\Local Settings\Temporary Internet Files\Content.IE5\DPYZUM3L\installer-13387-19-Nero-ShowTime-English[1].exe:*:Enabled:installer-13387-19-Nero-ShowTime-English[1] -- File not found
"C:\Documents and Settings\msmith\Local Settings\Temporary Internet Files\Content.IE5\R08XUWYL\installer-13387-18-Nero-ShowTime-English[1].exe" = C:\Documents and Settings\msmith\Local Settings\Temporary Internet Files\Content.IE5\R08XUWYL\installer-13387-18-Nero-ShowTime-English[1].exe:*:Enabled:installer-13387-18-Nero-ShowTime-English[1] -- File not found
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\DropBox\DropBox\DropBox.exe" = C:\Program Files\DropBox\DropBox\DropBox.exe:*:Enabled:DropBox -- (DropShots)
"C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office12\WINWORD.EXE:*:Enabled:Microsoft Office Word -- (Microsoft Corporation)
"C:\bases\kavupd.exe" = C:\bases\kavupd.exe:*:Enabled:kavupd -- File not found
"C:\Program Files\Shoreline Communications\ShoreWare Client\PCM.exe" = C:\Program Files\Shoreline Communications\ShoreWare Client\PCM.exe:*:Enabled:ShoreTel.PCM.App -- (ShoreTel Inc.)
"C:\Program Files\Shoreline Communications\ShoreWare Client\Agent.exe" = C:\Program Files\Shoreline Communications\ShoreWare Client\Agent.exe:*:Enabled:Agent -- (ShoreTel, Inc.)
"C:\Program Files\Shoreline Communications\ShoreWare Client\PCMMapiRd.exe" = C:\Program Files\Shoreline Communications\ShoreWare Client\PCMMapiRd.exe:*:Enabled:ShoreTel Call Manager MAPI Import Module -- (ShoreTel, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:realsched -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\WLTRAY.EXE" = C:\WINDOWS\system32\WLTRAY.EXE:*:Enabled:WLTRAY -- (Dell Inc.)
"C:\WINDOWS\stsystra.exe" = C:\WINDOWS\stsystra.exe:*:Enabled:stsystra -- (SigmaTel, Inc.)
"C:\WINDOWS\system32\jshed.exe" = C:\WINDOWS\system32\jshed.exe:*:Enabled:Explorer -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Creator 2009
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{568F7478-DE5E-488F-B782-3538D8FF2D86}" = Adivi Remote Support System
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009
"{7A7B3764-7F17-4AB1-A1D3-3B01F5F07445}" = Roxio Creator 2009
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7F064652-9F57-4BF3-8124-94AEC7533F2F}" = LeapFrog Didj Plugin
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A426EAD7-7085-4964-900F-8BB10C9195B5}" = ShoreTel Call Manager
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B10949AD-0C3C-47e8-ADF7-441C1BB9F621}" = C4380
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDA128C9-66F5-46c9-A503-AA7098AF384F}" = C4380_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C3308F5E-FAA9-4fc5-8975-800C36ECCEAC}" = C4380_doccd
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4B5BD1B-F41E-44A8-887B-590E0A708B09}" = iPodCopy
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EAE24270-4A43-420D-A8A5-9B50BAD250F7}" = TouchCopy 09
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}" = Symantec Endpoint Protection
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Video Tools 5.1_is1" = AVS Video Tools 5.1
"AVSDiscCreator_is1" = AVS Disc Creator version 2.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DidjPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 2.1
"EOS Utility" = Canon Utilities EOS Utility
"FileZilla Client" = FileZilla Client 3.3.1
"GoodOk Mp4 Converter_is1" = GoodOk Mp4 Converter 5.3
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"iCopyExpert_is1" = iCopyExpert 3.1.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3_is1" = Photomatix Pro version 3.0.3RC2
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"SearchAssist" = SearchAssist
"Spyware Doctor" = Spyware Doctor 7.0
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 0.9.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"Xpress Mail Professional Edition" = Xpress Mail Professional Edition
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"a20451e3fae8effc" = Desktop News Alert
"Folder Lock" = Folder Lock
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/1/10 1:21:55 AM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Bloodhound.PDF.8 in File: c:\documents and settings\all
users\application data\symantec\symantec antivirus corporate edition\7.5\xfer\4b8b202f.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 3/1/10 11:09:33 AM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Bloodhound.PDF.8 in File: c:\documents and settings\all
users\application data\symantec\symantec antivirus corporate edition\7.5\xfer\4b8b2021.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 3/1/10 11:10:55 AM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Trojan Horse in File: c:\documents and settings\all users\application
data\symantec\symantec antivirus corporate edition\7.5\xfer\4b8b2017.tmp by: Auto-Protect
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 3/1/10 3:18:00 PM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Bloodhound.PDF.8 in File: c:\documents and settings\all
users\application data\symantec\symantec antivirus corporate edition\7.5\xfer\4b8b20a2.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 3/1/10 11:17:04 PM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Trojan Horse in File: c:\documents and settings\all users\application
data\symantec\symantec antivirus corporate edition\7.5\xfer\4b8b1e2d.tmp by: Auto-Protect
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 3/1/10 11:17:11 PM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4b8b1e2d.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 3/1/10 11:17:13 PM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.PDF.8 in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4b8b1e23.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 3/2/10 10:10:06 AM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Bloodhound.PDF.8 in File: c:\documents and settings\all
users\application data\symantec\symantec antivirus corporate edition\7.5\xfer\4b8b1ca2.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 3/2/10 10:14:21 AM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Trojan Horse in File: c:\documents and settings\all users\application
data\symantec\symantec antivirus corporate edition\7.5\xfer\4b8b1c53.tmp by: Auto-Protect
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 3/2/10 10:14:25 AM | Computer Name = DGXH5NF1 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.PDF.8 in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4b8b219a.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

[ ODiag Events ]
Error - 6/11/08 12:48:57 PM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

Error - 7/20/08 11:38:33 PM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 9/25/09 5:32:17 PM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3784
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 10/30/09 10:07:33 AM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/2/09 11:57:33 AM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 351020
seconds with 4920 seconds of active time. This session ended with a crash.

Error - 11/2/09 4:53:53 PM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 362814
seconds with 4320 seconds of active time. This session ended with a crash.

Error - 12/10/09 11:52:40 AM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1351
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/17/09 6:43:25 PM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 188455
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 12/22/09 11:13:46 AM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 337565
seconds with 3240 seconds of active time. This session ended with a crash.

Error - 2/3/10 6:04:22 PM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25117
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 2/8/10 11:37:23 AM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/9/10 11:12:16 AM | Computer Name = DGXH5NF1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40042
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/1/10 2:57:45 PM | Computer Name = DGXH5NF1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/1/10 6:06:04 PM | Computer Name = DGXH5NF1 | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.

Error - 3/1/10 7:22:56 PM | Computer Name = DGXH5NF1 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 3/2/10 2:19:41 AM | Computer Name = DGXH5NF1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.10.10.35 on
the Network Card with network address 001BFCD1EB05.

Error - 3/2/10 11:05:23 AM | Computer Name = DGXH5NF1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain BOMACHI due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/2/10 11:12:40 AM | Computer Name = DGXH5NF1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain BOMACHI due to the following:
%%1722. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/2/10 1:33:43 PM | Computer Name = DGXH5NF1 | Source = VolSnap | ID = 393236
Description = The shadow copy of volume C: was aborted because of a failed free
space computation.

Error - 3/2/10 1:33:58 PM | Computer Name = DGXH5NF1 | Source = VolSnap | ID = 393236
Description = The shadow copy of volume C: was aborted because of a failed free
space computation.

Error - 3/2/10 1:34:12 PM | Computer Name = DGXH5NF1 | Source = VolSnap | ID = 393236
Description = The shadow copy of volume C: was aborted because of a failed free
space computation.

Error - 3/2/10 1:34:27 PM | Computer Name = DGXH5NF1 | Source = VolSnap | ID = 393236
Description = The shadow copy of volume C: was aborted because of a failed free
space computation.


< End of report >

smith30
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : xp
Points Points : 28047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by Belahzur on 2nd March 2010, 6:34 pm

Hello.

Don't worry about this, your not actually infected. The bloodhound exploit is malicious software that uses holes in old Adobe Reader software to exploit it and infect machines.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.2.0

hen download and install [You must be registered and logged in to see this link.]

Untick the optional Mcafee Security Scan Plus though, don't need that.

You also have an old version of VLC Player installed, so we'll update that too.

Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by smith30 on 2nd March 2010, 7:12 pm

Seems to be ok. What about: Trojan.Pidief.F

smith30
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : xp
Points Points : 28047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by Belahzur on 2nd March 2010, 7:23 pm

What is detecting it and where is it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by smith30 on 2nd March 2010, 7:30 pm

Symantec detects it. There are a bunch of them with filenames like:
4b8b225b.tmp

It's quarantined in

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer

smith30
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : xp
Points Points : 28047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by Belahzur on 2nd March 2010, 7:42 pm

Symantec is detecting it's own quarantined items? LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by smith30 on 2nd March 2010, 7:44 pm

Agreed. I'm thinking of just uninstalling Symantec to see what happens.

smith30
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : xp
Points Points : 28047
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bloodhound.PDF.8 Recurring Detection

Post by Belahzur on 3rd March 2010, 12:51 am

Well let me know if you do, we can switch over to Avira.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum