Can't connect to Symantec webpages or live update. Can't connect to any microsoft websites. Can't connect to many malware removal sites. I have to unknown devices in my device manager that weren't there a few days ago. Malwarebytes appears to update fine and runs a full scan and finds nothing.

Ideas?

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:54 PM, on 3/31/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Peregrine Systems\ServiceCenter 6.2\Client\ServiceCenter.exe
C:\Program Files\Peregrine Systems\ServiceCenter 6.2\Client\jre\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\intranet.doa.state.wi.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\intranet.doa.state.wi.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\intranet.doa.state.wi.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by State of Wisconsin
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.state.wi.us
O15 - Trusted Zone: *.wi.gov
O15 - Trusted Zone: *.wisconsin.gov
O15 - Trusted Zone: *.state.wi.us (HKLM)
O15 - Trusted Zone: *.wi.gov (HKLM)
O15 - Trusted Zone: *.wisconsin.gov (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = doa.wistate.us
O17 - HKLM\Software\..\Telephony: DomainName = doa.wistate.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = doa.wistate.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = doa.wistate.us
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O24 - Desktop Component 0: (no name) - E:\My Pictures\Hong_Kong_Skyline_Restitch_-_Dec_2007.jpg

--
End of file - 8062 bytes

Hello boxfetish and welcome back to the forums. Sorry for the delay in getting to your post here.

Let's get a better look at things.

Run OTL

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT


Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


++++++++++++++++++++

Download This file (http://www.gmer.net/download.php). Note its name and save it to your root folder, such as C:\.


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Do you have another source for the OTL file? Websense is blocking it as a 'Malicious web site"?

Here's an alternate link.

http://ottools.noahdfear.net/OTL.exe

I don't use Websense but I would think you could tell it to allow access somehow? I can guarantee it's not malicious.

Contents of OTL.Txt:

OTL logfile created on: 4/6/2010 12:17:31 PM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\chrisk\Desktop\Malware Removal
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 49.05 Gb Free Space | 65.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 391.23 Gb Total Space | 345.88 Gb Free Space | 88.41% Space Free | Partition Type: NTFS
Drive F: | 1079.73 Gb Total Space | 405.08 Gb Free Space | 37.52% Space Free | Partition Type: NTFS
Drive G: | 14.99 Gb Total Space | 1.07 Gb Free Space | 7.16% Space Free | Partition Type: NTFS
Drive H: | 599.85 Gb Total Space | 188.82 Gb Free Space | 31.48% Space Free | Partition Type: NTFS
Drive I: | 479.88 Gb Total Space | 214.64 Gb Free Space | 44.73% Space Free | Partition Type: NTFS
Drive J: | 299.92 Gb Total Space | 69.84 Gb Free Space | 23.29% Space Free | Partition Type: NTFS
Drive K: | 119.99 Gb Total Space | 36.27 Gb Free Space | 30.23% Space Free | Partition Type: NTFS
Drive L: | 119.99 Gb Total Space | 36.27 Gb Free Space | 30.23% Space Free | Partition Type: NTFS
Drive M: | 299.92 Gb Total Space | 148.44 Gb Free Space | 49.49% Space Free | Partition Type: NTFS
Drive N: | 119.99 Gb Total Space | 25.09 Gb Free Space | 20.91% Space Free | Partition Type: NTFS
Drive O: | 599.85 Gb Total Space | 133.91 Gb Free Space | 22.32% Space Free | Partition Type: NTFS
Drive P: | 14.99 Gb Total Space | 1.07 Gb Free Space | 7.16% Space Free | Partition Type: NTFS
Drive Q: | 19.30 Gb Total Space | 4.63 Gb Free Space | 23.97% Space Free | Partition Type: NTFS
Drive S: | 479.88 Gb Total Space | 137.61 Gb Free Space | 28.68% Space Free | Partition Type: NTFS

Computer Name: DOA101300
Current User Name: chrisk
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/05 20:13:22 | 000,586,752 | ---- | M] (OldTimer Tools) -- C:\Users\chrisk\Desktop\Malware Removal\OTL.exe
PRC - [2010/03/01 11:26:34 | 001,126,400 | ---- | M] (Zhorn Software) -- C:\Program Files\Stickies\stickies.exe
PRC - [2009/12/21 19:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 19:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:21 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2009/07/13 20:14:12 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/05/20 05:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe


========== Modules (SafeList) ==========

MOD - [2010/04/05 20:13:22 | 000,586,752 | ---- | M] (OldTimer Tools) -- C:\Users\chrisk\Desktop\Malware Removal\OTL.exe
MOD - [2010/03/01 11:26:34 | 000,049,152 | ---- | M] () -- C:\Program Files\Stickies\shook70.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ApRunSvc)
SRV - [2010/03/30 15:07:09 | 003,204,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/01/12 17:58:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:21 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/05/20 05:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2008/05/20 05:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\intranet.doa.state.wi.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\intranet.doa.state.wi.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\intranet.doa.state.wi.us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://intranet.doa.state.wi.us/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: tabkit@jomel.me.uk:0.5.8
FF - prefs.js..extensions.enabledItems: {10c62ce3-3794-4c18-a881-481733c1a425}:1.6.1
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.10
FF - prefs.js..extensions.enabledItems: {BB359C50-BFC9-4f40-8302-3FE5A499A859}:3.4
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.4
FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 14:24:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 14:24:01 | 000,000,000 | ---D | M]

[2010/02/04 10:51:58 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\mozilla\Extensions
[2010/02/04 11:20:10 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions
[2010/02/04 11:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/02/04 11:16:46 | 000,000,000 | ---D | M] (UrlbarExt) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{10c62ce3-3794-4c18-a881-481733c1a425}
[2010/02/04 11:16:45 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/02/04 11:16:45 | 000,000,000 | ---D | M] (Qute) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/02/04 11:16:45 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/02/04 11:16:44 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/02/04 11:16:40 | 000,000,000 | ---D | M] (IE View) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/02/04 11:16:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/04 11:16:39 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/04 11:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/02/04 11:16:38 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/02/04 11:16:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/04 11:16:12 | 000,000,000 | ---D | M] (Halloween) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}
[2010/02/04 11:16:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/04 11:16:11 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010/02/04 11:15:56 | 000,000,000 | ---D | M] (Scribblies Brite) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}
[2010/02/04 11:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/02/04 11:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}-trash
[2010/02/04 11:15:56 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010/02/04 11:16:47 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\foxmarks@kei.com
[2010/02/04 11:16:46 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\tabkit@jomel.me.uk
[2010/02/04 11:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}\chrome\mozapps\extensions
[2010/02/04 11:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\1qh30rce.default\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}\chrome\mozapps\extensions
[2010/03/31 15:44:13 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions
[2010/03/06 11:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/02/26 10:00:44 | 000,000,000 | ---D | M] (UrlbarExt) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{10c62ce3-3794-4c18-a881-481733c1a425}
[2010/02/26 10:00:45 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/02/26 10:00:45 | 000,000,000 | ---D | M] (Qute) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/02/26 10:00:45 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/02/26 10:00:46 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/02/26 10:00:46 | 000,000,000 | ---D | M] (IE View) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/03/22 11:44:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/26 10:00:47 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/26 10:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/03/06 11:30:40 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/03/22 11:44:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/26 10:00:49 | 000,000,000 | ---D | M] (Halloween) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}
[2010/02/26 10:00:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/22 11:44:18 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010/02/26 10:00:57 | 000,000,000 | ---D | M] (Scribblies Brite) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}
[2010/03/22 11:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/02/26 10:01:06 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010/03/06 11:30:40 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\foxmarks@kei.com
[2010/03/06 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\noia2_option@kk.noia
[2010/02/26 10:00:44 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\tabkit@jomel.me.uk
[2010/02/26 10:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}\chrome\mozapps\extensions
[2010/02/26 10:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrisk\AppData\Roaming\mozilla\Firefox\Profiles\kd0386df.default\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}\chrome\mozapps\extensions
[2008/05/28 21:12:00 | 000,001,466 | ---- | M] () -- C:\Users\chrisk\AppData\Roaming\Mozilla\FireFox\Profiles\kd0386df.default\searchplugins\dictionary.xml
[2008/06/24 21:15:22 | 000,000,908 | ---- | M] () -- C:\Users\chrisk\AppData\Roaming\Mozilla\FireFox\Profiles\kd0386df.default\searchplugins\IMDB.xml
[2010/03/24 15:17:13 | 000,001,905 | ---- | M] () -- C:\Users\chrisk\AppData\Roaming\Mozilla\FireFox\Profiles\kd0386df.default\searchplugins\isohunt---bittorrent.xml
[2008/05/28 21:12:00 | 000,001,110 | ---- | M] () -- C:\Users\chrisk\AppData\Roaming\Mozilla\FireFox\Profiles\kd0386df.default\searchplugins\piratebay.xml
[2008/04/17 17:15:04 | 000,001,380 | ---- | M] () -- C:\Users\chrisk\AppData\Roaming\Mozilla\FireFox\Profiles\kd0386df.default\searchplugins\torrentspy.xml
[2008/05/30 16:22:03 | 000,002,020 | ---- | M] () -- C:\Users\chrisk\AppData\Roaming\Mozilla\FireFox\Profiles\kd0386df.default\searchplugins\torrentz.xml
[2008/06/13 22:32:41 | 000,004,884 | ---- | M] () -- C:\Users\chrisk\AppData\Roaming\Mozilla\FireFox\Profiles\kd0386df.default\searchplugins\urbandictionarycom.xml
[2008/06/19 08:02:47 | 000,001,108 | ---- | M] () -- C:\Users\chrisk\AppData\Roaming\Mozilla\FireFox\Profiles\kd0386df.default\searchplugins\wikipedia.xml
[2010/02/26 14:24:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/06 12:05:40 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: state.wi.us ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: state.wi.us ([*.doa] * in Local intranet)
O15 - HKLM\..Trusted Domains: wi.gov ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: wisconsin.gov ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: wistate.us ([apwmad1p0216.enterprise] * in Local intranet)
O15 - HKLM\..Trusted Domains: wistate.us ([bisweb.enterprise] * in Local intranet)
O15 - HKLM\..Trusted Domains: wistate.us ([dat.enterprise] * in Local intranet)
O15 - HKLM\..Trusted Domains: wistate.us ([devweb.doa] * in Local intranet)
O15 - HKLM\..Trusted Domains: wpsic.com ([corp-ws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: state.wi.us ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: state.wi.us ([*.doa] * in Local intranet)
O15 - HKCU\..Trusted Domains: wi.gov ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: wisconsin.gov ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: wistate.us ([apwmad1p0216.enterprise] * in Local intranet)
O15 - HKCU\..Trusted Domains: wistate.us ([bisweb.enterprise] * in Local intranet)
O15 - HKCU\..Trusted Domains: wistate.us ([dat.enterprise] * in Local intranet)
O15 - HKCU\..Trusted Domains: wistate.us ([devweb.doa] * in Local intranet)
O15 - HKCU\..Trusted Domains: wpsic.com ([corp-ws] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.68.15.11 165.189.237.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = doa.wistate.us
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 () - E:\My Pictures\Hong_Kong_Skyline_Restitch_-_Dec_2007.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 21:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/06 09:10:01 | 000,000,000 | ---D | C] -- C:\Users\chrisk\Desktop\Malware Removal
[2010/03/31 16:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/31 13:51:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/31 13:46:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/31 13:42:16 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Users\chrisk\Desktop\ccsetup230.exe
[2010/03/31 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\chrisk\AppData\Roaming\IrfanView
[2010/03/31 13:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010/03/30 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\chrisk\AppData\Roaming\Malwarebytes
[2010/03/30 10:57:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 10:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/30 10:56:59 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 10:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/30 09:16:55 | 000,000,000 | ---D | C] -- C:\Users\chrisk\Desktop\Current Documents
[2010/03/29 13:42:53 | 000,000,000 | ---D | C] -- C:\Users\chrisk\AppData\Roaming\32506FC06F9BDF806F5F10C272EE5A5A
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/06 12:18:53 | 007,077,888 | -HS- | M] () -- C:\Users\chrisk\NTUSER.DAT
[2010/04/06 12:14:18 | 000,727,164 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/06 12:14:18 | 000,624,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/06 12:14:18 | 000,106,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/06 12:13:28 | 000,014,270 | RHS- | M] () -- C:\Users\chrisk\ntuser.pol
[2010/04/06 12:12:54 | 000,015,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 12:12:54 | 000,015,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 12:06:27 | 000,000,475 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2010/04/06 12:06:26 | 000,000,173 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/04/06 12:05:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/06 12:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/06 12:05:34 | 302,481,286 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/06 12:05:32 | 2372,857,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/05 20:13:32 | 000,321,024 | ---- | M] () -- C:\dhs2nqo3.exe
[2010/03/31 13:42:20 | 003,376,656 | ---- | M] (Piriform Ltd) -- C:\Users\chrisk\Desktop\ccsetup230.exe
[2010/03/31 11:30:32 | 000,019,167 | ---- | M] () -- C:\Users\chrisk\Desktop\OJA PDS Quote 426180.pdf
[2010/03/31 11:14:51 | 000,020,918 | ---- | M] () -- C:\Users\chrisk\Desktop\PDS Quote 426180.pdf
[2010/03/30 16:40:46 | 000,138,240 | ---- | M] () -- C:\Users\chrisk\Desktop\Phone Disconnects 3-31-10.doc
[2010/03/30 16:38:23 | 000,012,139 | ---- | M] () -- C:\Users\chrisk\Desktop\cereal purchases.docx
[2010/03/30 15:22:54 | 000,137,216 | ---- | M] () -- C:\Users\chrisk\Desktop\2nd Floor Floorplan 3-31-10.doc
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/06 09:10:01 | 000,321,024 | ---- | C] () -- C:\dhs2nqo3.exe
[2010/03/31 14:13:26 | 000,002,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
[2010/03/31 14:13:26 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/31 14:13:26 | 000,001,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
[2010/03/31 13:50:58 | 302,481,286 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/31 11:29:16 | 000,019,167 | ---- | C] () -- C:\Users\chrisk\Desktop\OJA PDS Quote 426180.pdf
[2010/03/31 11:14:51 | 000,020,918 | ---- | C] () -- C:\Users\chrisk\Desktop\PDS Quote 426180.pdf
[2010/03/30 14:31:56 | 000,138,240 | ---- | C] () -- C:\Users\chrisk\Desktop\Phone Disconnects 3-31-10.doc
[2010/03/30 14:30:54 | 000,137,216 | ---- | C] () -- C:\Users\chrisk\Desktop\2nd Floor Floorplan 3-31-10.doc
[2010/03/30 14:23:02 | 000,012,139 | ---- | C] () -- C:\Users\chrisk\Desktop\cereal purchases.docx
[2010/03/12 09:27:00 | 000,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater6.rbt
[2010/03/01 07:25:28 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/03/01 07:25:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/03/01 07:25:27 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/03/01 07:25:24 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/03/01 07:17:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/03/01 07:17:57 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/03/01 07:17:57 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/03/01 07:17:57 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/03/01 07:17:57 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/03/01 07:17:57 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/02/26 17:30:14 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2010/02/26 16:59:23 | 000,001,311 | ---- | C] () -- C:\Windows\System32\DfsMgmt.dll.config
[2010/02/26 16:53:35 | 000,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
[2010/01/12 18:01:29 | 000,000,475 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/01/12 17:14:55 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/12 14:59:22 | 000,000,173 | ---- | C] () -- C:\Windows\hpbafd.ini
[2010/01/12 14:58:37 | 000,014,270 | RHS- | C] () -- C:\Users\chrisk\ntuser.pol
[2010/01/12 14:58:35 | 000,524,288 | -HS- | C] () -- C:\Users\chrisk\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/01/12 14:58:35 | 000,524,288 | -HS- | C] () -- C:\Users\chrisk\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/01/12 14:58:35 | 000,262,144 | -HS- | C] () -- C:\Users\chrisk\ntuser.dat.LOG1
[2010/01/12 14:58:35 | 000,065,536 | -HS- | C] () -- C:\Users\chrisk\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/01/12 14:58:35 | 000,000,020 | -HS- | C] () -- C:\Users\chrisk\ntuser.ini
[2010/01/12 14:58:35 | 000,000,000 | -HS- | C] () -- C:\Users\chrisk\ntuser.dat.LOG2
[2010/01/12 14:58:34 | 007,077,888 | -HS- | C] () -- C:\Users\chrisk\NTUSER.DAT
[2010/01/12 14:53:44 | 000,018,670 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/12 14:29:39 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/12/02 12:02:50 | 001,632,887 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2009/12/02 11:56:10 | 004,840,081 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/11/04 13:45:44 | 000,611,638 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/11/04 13:43:20 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/11/04 09:45:21 | 001,497,696 | ---- | C] () -- C:\Windows\System32\tkbtnpn1.dll
[2009/11/03 15:11:22 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/11/03 15:11:00 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/11/03 15:10:42 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/11/03 15:09:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/11/03 15:08:58 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/11/03 15:08:12 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/11/03 15:07:16 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/11/03 14:36:06 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/11/03 14:34:56 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/11/03 14:34:38 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/03 13:07:24 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/03 13:05:02 | 000,957,047 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/10/27 17:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/03 17:11:50 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/06/05 09:26:08 | 000,000,092 | ---- | C] () -- C:\Users\chrisk\MPNTLOG_DOA_chrisk.EVT
[2006/06/05 09:26:08 | 000,000,008 | ---- | C] () -- C:\Users\chrisk\MPNTLOG_DOA_chrisk.IDX
[2006/04/04 14:55:58 | 000,000,051 | ---- | C] () -- C:\Users\chrisk\dlmgr_.pro

========== LOP Check ==========

[2010/03/29 13:42:53 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\32506FC06F9BDF806F5F10C272EE5A5A
[2010/03/31 13:17:36 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\IrfanView
[2010/03/01 07:35:50 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\IsolatedStorage
[2010/02/04 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\Research In Motion
[2010/02/04 10:13:21 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\Spearit
[2010/03/10 10:19:46 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\Stamps.com Internet Postage
[2010/03/31 14:16:14 | 000,000,000 | ---D | M] -- C:\Users\chrisk\AppData\Roaming\stickies
[2009/07/13 23:53:46 | 000,007,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/04/05 20:13:32 | 000,321,024 | ---- | M] () -- C:\dhs2nqo3.exe
[2008/09/05 12:16:43 | 001,920,724 | ---- | M] () -- C:\ghost.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2001/05/08 07:00:00 | 005,205,021 | R--- | M] () .cab file -- C:\OS\ROOT\I386\sp2.cab:atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< End of report >

Contents of Extras.Txt:

OTL Extras logfile created on: 4/6/2010 11:31:07 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\chrisk\Desktop\Malware Removal
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 49.11 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 391.23 Gb Total Space | 345.88 Gb Free Space | 88.41% Space Free | Partition Type: NTFS
Drive F: | 1079.73 Gb Total Space | 405.26 Gb Free Space | 37.53% Space Free | Partition Type: NTFS
Drive G: | 14.99 Gb Total Space | 1.10 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
Drive H: | 599.85 Gb Total Space | 188.82 Gb Free Space | 31.48% Space Free | Partition Type: NTFS
Drive I: | 479.88 Gb Total Space | 214.64 Gb Free Space | 44.73% Space Free | Partition Type: NTFS
Drive J: | 299.92 Gb Total Space | 69.84 Gb Free Space | 23.29% Space Free | Partition Type: NTFS
Drive K: | 119.99 Gb Total Space | 36.27 Gb Free Space | 30.23% Space Free | Partition Type: NTFS
Drive L: | 119.99 Gb Total Space | 36.27 Gb Free Space | 30.23% Space Free | Partition Type: NTFS
Drive M: | 299.92 Gb Total Space | 148.44 Gb Free Space | 49.49% Space Free | Partition Type: NTFS
Drive N: | 119.99 Gb Total Space | 25.09 Gb Free Space | 20.91% Space Free | Partition Type: NTFS
Drive O: | 599.85 Gb Total Space | 133.91 Gb Free Space | 22.32% Space Free | Partition Type: NTFS
Drive P: | 14.99 Gb Total Space | 1.10 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
Drive Q: | 19.30 Gb Total Space | 4.63 Gb Free Space | 23.97% Space Free | Partition Type: NTFS
Drive S: | 479.88 Gb Total Space | 137.61 Gb Free Space | 28.68% Space Free | Partition Type: NTFS

Computer Name: DOA101300
Current User Name: chrisk
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5DBD3F5B-B4DD-4C89-8436-A9391C471033}" = Nero 7 Ultra Edition
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{CC648616-06D0-4086-A49F-154E7CE11DA1}" = ServiceCenter Client
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{F1920176-C53D-46CD-84E5-E017CCC0F2A2}" = System Center Configuration Manager
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"DAZzle" = DAZzle
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Power Management Driver" = ThinkPad Power Management Driver
"PRJPRO" = Microsoft Office Project Professional 2007
"PROPLUS" = Microsoft Office Professional Plus 2007
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"SMS Admin UI" = Microsoft Systems Management Server 2003 Administrator Console
"TVWiz" = Intel(R) TV Wizard
"VISPRO" = Microsoft Office Visio Professional 2007
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.3.0
"WinRAR archiver" = WinRAR archiver
"ZhornStickies" = Stickies 7.0b

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe Event Info: Map View Memory Action Taken: Logged Actor Process:
C:\Users\chrisk\Desktop\Malware Removal\OTL.exe (PID 3124) Time: Tuesday, April
06, 2010 11:30:28 AM

Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe Event Info: Write Memory Action Taken: Logged Actor Process:
C:\Users\chrisk\Desktop\Malware Removal\OTL.exe (PID 3124) Time: Tuesday, April
06, 2010 11:30:28 AM

Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\Rtvscan.exe Event Info: Map View Memory Action Taken: Logged
Actor
Process: C:\Users\chrisk\Desktop\Malware Removal\OTL.exe (PID 3124) Time: Tuesday,
April 06, 2010 11:30:28 AM

Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\Rtvscan.exe Event Info: Write Memory Action Taken: Logged Actor
Process: C:\Users\chrisk\Desktop\Malware Removal\OTL.exe (PID 3124) Time: Tuesday,
April 06, 2010 11:30:28 AM

Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\SmcGui.exe Event Info: Map View Memory Action Taken: Logged
Actor
Process: C:\Users\chrisk\Desktop\Malware Removal\OTL.exe (PID 3124) Time: Tuesday,
April 06, 2010 11:30:28 AM

Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\SmcGui.exe Event Info: Write Memory Action Taken: Logged Actor
Process: C:\Users\chrisk\Desktop\Malware Removal\OTL.exe (PID 3124) Time: Tuesday,
April 06, 2010 11:30:28 AM

Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Map View Memory Action Taken: Logged Actor Process:
C:\Users\chrisk\Desktop\Malware Removal\OTL.exe (PID 3124) Time: Tuesday, April
06, 2010 11:30:28 AM

Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Write Memory Action Taken: Logged Actor Process: C:\Users\chrisk\Desktop\Malware
Removal\OTL.exe (PID 3124) Time: Tuesday, April 06, 2010 11:30:28 AM

Error - 4/6/2010 12:30:28 PM | Computer Name = DOA101300.doa.wistate.us | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\Smc.exe Event Info: Map View Memory Action Taken: Logged Actor
Process: C:\Users\chrisk\Desktop\Malware Removal\OTL.exe (PID 3124) Time: Tuesday,
April 06, 2010 11:30:28 AM

Error - 4/6/2010 12:40:10 PM | Computer Name = DOA101300.doa.wistate.us | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ OSession Events ]
Error - 1/12/2010 6:52:50 PM | Computer Name = DOA104889.doa.wistate.us | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 102
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/30/2010 6:05:51 PM | Computer Name = DOA101300.doa.wistate.us | Source = DCOM | ID = 10016
Description =

Error - 3/31/2010 10:01:10 AM | Computer Name = DOA101300.doa.wistate.us | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 3/31/2010 10:01:10 AM | Computer Name = DOA101300.doa.wistate.us | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 3/31/2010 2:51:05 PM | Computer Name = DOA101300.doa.wistate.us | Source = Service Control Manager | ID = 7001
Description = The Task Scheduler service depends on the Windows Event Log service
which failed to start because of the following error: %%1058

Error - 3/31/2010 2:51:05 PM | Computer Name = DOA101300.doa.wistate.us | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SYMTDI tdx
Wanarpv6
WfpLwf
WPS

Error - 3/31/2010 3:14:55 PM | Computer Name = DOA101300.doa.wistate.us | Source = DCOM | ID = 10016
Description =

Error - 4/1/2010 8:08:51 AM | Computer Name = DOA101300.doa.wistate.us | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 4/1/2010 8:08:52 AM | Computer Name = DOA101300.doa.wistate.us | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.


< End of report >

I followed the instructions to the letter, but the dhs2nqo3.exe application blue-screened my machine twice.

What environment is this PC used in? Is it a corporate PC? It appears to be part of a domain environment and tools used in these forums may have adverse affects on the computer and/or the network.

What environment is this PC used in? Is it a corporate PC? It appears to be part of a domain environment and tools used in these forums may have adverse affects on the computer and/or the network.

It is a state government PC. I can remove it from the domain environment while we proceed if that is a necessary step.

It is a state government PC. I can remove it from the domain environment while we proceed if that is a necessary step.
Per the information given here (http://forums.spybot.info/showpost.php?p=25712&postcount=5), we are not allowed to help corporate, business, or government users. I should have picked up on that quicker.

Sorry we couldn't be more help.
Regards,
Dave