Hello

Machine is much better although when I try to delete a user account Windows closes abruptly and displays a blue screen explaining I should make sure all software and hardware are installed properly.

Thanks


ComboFix 09-07-02.02 - Roy Bristow 07/03/2009 11:52.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.493 [GMT -4:00]
Running from: c:\documents and settings\Roy Bristow\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Roy Bristow\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\11a60c4.msi
c:\windows\Installer\182ea0.msi
c:\windows\Installer\2a4cf7.msi
c:\windows\Installer\32a78a.msi
c:\windows\Installer\3beed5d.msi
c:\windows\Installer\c778a5.msi
c:\windows\Installer\d173b2.msi
c:\windows\Installer\d6feb5.msi

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YOGTGXZM


((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-03 15:04 . 2009-02-19 09:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\NAVENG.SYS
2009-07-03 15:04 . 2009-02-19 09:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\NAVEX15.SYS
2009-07-03 15:04 . 2009-02-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\NAVENG32.DLL
2009-07-03 15:04 . 2009-02-19 09:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\NAVEX32A.DLL
2009-07-03 15:04 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\EECTRL.SYS
2009-07-03 15:04 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\CCERASER.DLL
2009-07-03 15:04 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\ERASER.SYS
2009-07-03 15:04 . 2009-01-18 07:18 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.004\ECMSVR32.DLL
2009-06-30 21:57 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-30 21:57 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 21:57 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 21:57 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 21:57 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-29 21:34 . 2009-06-29 21:34 -------- d-----w- c:\program files\Flip Words
2009-06-29 19:17 . 2009-06-29 19:18 -------- d-----w- c:\documents and settings\Roy Bristow\Application Data\ZoomBrowser EX
2009-06-29 19:09 . 2009-06-29 19:17 -------- d-----w- c:\documents and settings\Roy Bristow\Application Data\CameraWindowDC
2009-06-29 19:09 . 2009-06-29 19:09 -------- d-----w- c:\documents and settings\Roy Bristow\Application Data\CANON INC
2009-06-24 01:35 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 01:35 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 01:35 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 01:35 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 01:35 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-23 21:28 . 2009-06-23 21:28 152576 ----a-w- c:\documents and settings\Roy Bristow\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-22 18:17 . 2009-06-22 18:20 -------- dc-h--w- c:\windows\ie8
2009-06-22 18:04 . 2007-01-24 19:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-06-22 18:03 . 2009-06-23 21:35 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-22 18:02 . 2009-06-22 18:02 -------- d-----w- c:\windows\Logs
2009-06-21 23:27 . 2009-06-28 17:28 16 ----a-w- c:\documents and settings\Roy Bristow\FlipWords.dat
2009-06-21 18:55 . 2009-06-21 18:55 16 ----a-w- c:\documents and settings\Owen\FlipWords.dat
2009-06-20 20:46 . 2009-06-20 20:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-18 23:07 . 2009-06-18 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-06-18 23:07 . 2009-06-18 23:08 -------- d-----w- c:\program files\Canon
2009-06-18 23:04 . 2009-06-18 23:04 -------- d-----w- c:\program files\Common Files\Canon
2009-06-10 08:52 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 08:52 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-sh--w- c:\documents and settings\Roy Bristow\IECompatCache
2009-06-09 13:16 . 2009-06-09 13:16 -------- d-sh--w- c:\documents and settings\Margaret\PrivacIE
2009-06-08 22:22 . 2009-06-08 22:22 -------- d-sh--w- c:\documents and settings\Owen\PrivacIE
2009-06-08 21:06 . 2009-06-08 21:06 -------- d-----w- c:\documents and settings\Eden\Application Data\CyberLink
2009-06-08 11:49 . 2009-06-08 11:49 -------- d-----w- c:\documents and settings\Margaret\Local Settings\Application Data\Symantec
2009-06-07 15:18 . 2009-06-07 15:18 -------- d-sh--w- c:\documents and settings\Eden\PrivacIE
2009-06-07 15:08 . 2009-06-07 15:08 -------- d-----w- c:\documents and settings\Margaret\Application Data\Logitech
2009-06-04 03:24 . 2009-06-04 03:24 -------- d-sh--w- c:\documents and settings\Roy Bristow\PrivacIE
2009-06-04 03:22 . 2009-06-04 03:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-04 03:22 . 2009-06-04 03:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-04 03:22 . 2009-06-04 03:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-04 03:21 . 2009-06-04 03:21 -------- d-sh--w- c:\documents and settings\Roy Bristow\IETldCache
2009-06-04 03:18 . 2009-06-22 18:09 -------- d-----w- c:\windows\ie8updates
2009-06-04 03:18 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 21:40 . 2009-03-11 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-01 20:31 . 2008-05-16 01:27 -------- d-----w- c:\program files\LimeWire
2009-07-01 20:31 . 2008-05-14 14:57 -------- d-----w- c:\program files\Java
2009-06-28 17:29 . 2009-05-08 22:58 117760 ----a-w- c:\documents and settings\Roy Bristow\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-28 17:29 . 2009-05-08 21:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-28 17:14 . 2008-11-20 15:47 188501 ----a-w- c:\documents and settings\Roy Bristow\Application Data\ContentGuard\CGGuard2.dll
2009-06-21 18:13 . 2008-12-07 19:08 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-19 12:12 . 2008-11-20 15:47 -------- d-----w- c:\documents and settings\Roy Bristow\Application Data\ContentGuard
2009-06-19 01:23 . 2009-01-04 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 01:21 . 2009-01-05 03:07 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-09-26 23:11 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-09-26 23:11 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 01:48 . 2008-05-16 01:27 -------- d-----w- c:\documents and settings\Roy Bristow\Application Data\LimeWire
2009-06-14 20:01 . 2008-07-30 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 00:15 . 2008-06-05 01:14 -------- d-----w- c:\program files\SpiralFrog
2009-06-08 22:21 . 2009-06-08 22:21 -------- d-----w- c:\documents and settings\Owen\Application Data\Logitech
2009-06-08 22:21 . 2009-06-08 22:21 -------- d-----w- c:\documents and settings\Owen\Application Data\Sunbelt
2009-06-07 15:16 . 2009-06-07 15:16 -------- d-----w- c:\documents and settings\Eden\Application Data\Logitech
2009-06-07 15:16 . 2009-06-07 15:16 -------- d-----w- c:\documents and settings\Eden\Application Data\Sunbelt
2009-06-07 15:08 . 2009-06-07 15:07 73872 ----a-w- c:\documents and settings\Margaret\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 15:08 . 2009-06-07 15:08 -------- d-----w- c:\documents and settings\Margaret\Application Data\Sunbelt
2009-05-21 15:33 . 2009-01-25 21:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 08:34 . 2008-05-14 15:01 -------- d-----w- c:\program files\Google
2009-05-13 05:15 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 12:16 . 2009-05-09 16:58 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-12 10:56 . 2009-05-12 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2009-05-12 10:55 . 2009-05-12 10:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-09 16:58 . 2009-05-09 16:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-08 21:10 . 2009-05-08 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-08 21:10 . 2009-05-08 21:10 -------- d-----w- c:\documents and settings\Roy Bristow\Application Data\SUPERAntiSpyware.com
2009-05-08 21:10 . 2008-05-22 00:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-08 17:12 . 2008-05-14 15:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-28 00:08 . 2009-04-28 00:08 299352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-04-23 00:09 . 2009-05-08 10:43 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-23 00:09 . 2009-04-23 00:09 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-04-23 00:09 . 2009-04-23 00:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-04-23 00:09 . 2009-04-23 00:09 165728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-04-23 00:09 . 2009-04-23 00:09 343888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-04-23 00:09 . 2009-04-23 00:09 289632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-04-23 00:09 . 2009-04-23 00:09 82784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-04-23 00:08 . 2009-04-23 00:08 1629024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-04-23 00:08 . 2009-04-23 00:08 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-04-23 00:08 . 2009-04-23 00:08 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-04-23 00:08 . 2009-04-23 00:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-23 00:08 . 2009-02-26 01:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-23 00:08 . 2009-04-23 00:08 632680 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-04-23 00:08 . 2009-04-23 00:08 539512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-04-23 00:08 . 2009-04-23 00:08 552808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-04-23 00:08 . 2009-04-23 00:08 2324808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-04-23 00:08 . 2009-04-23 00:08 626000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-04-23 00:08 . 2009-04-23 00:08 516440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-04-23 00:08 . 2009-04-23 00:08 953168 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-01_19.21.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-03 14:54 . 2009-07-03 14:54 16384 c:\windows\Temp\Perflib_Perfdata_580.dat
+ 2009-07-03 16:00 . 2009-07-03 16:00 16384 c:\windows\Temp\Perflib_Perfdata_318.dat
+ 2009-07-03 15:59 . 2009-07-03 15:59 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2008-08-12 14:42 . 2008-08-12 14:42 79872 c:\windows\Installer\e0f4f6.msi
+ 2008-08-12 14:42 . 2008-08-12 14:42 87552 c:\windows\Installer\e0f4f1.msi
+ 2009-02-10 00:09 . 2009-02-10 00:09 86528 c:\windows\Installer\d393de.msi
+ 2009-06-30 12:06 . 2009-06-30 12:06 22528 c:\windows\Installer\c8900.msi
+ 2008-07-30 18:49 . 2008-07-30 18:49 48128 c:\windows\Installer\c7a42.msi
+ 2008-11-05 20:41 . 2008-11-05 20:41 51712 c:\windows\Installer\7353a2.msi
+ 2009-01-30 02:24 . 2009-01-30 02:24 19456 c:\windows\Installer\46474.msp
+ 2008-07-17 18:22 . 2008-07-17 18:22 20480 c:\windows\Installer\36c7e.msi
+ 2009-02-07 03:55 . 2009-02-07 03:55 18944 c:\windows\Installer\361e40c.msp
+ 2009-02-10 00:22 . 2009-02-10 00:22 20992 c:\windows\Installer\2f896.msi
+ 2009-02-10 00:22 . 2009-02-10 00:22 52736 c:\windows\Installer\2f892.msi
+ 2009-02-10 00:21 . 2009-02-10 00:21 60928 c:\windows\Installer\2f88e.msi
+ 2009-02-10 00:21 . 2009-02-10 00:21 32256 c:\windows\Installer\2f88a.msi
+ 2009-02-10 00:17 . 2009-02-10 00:17 22528 c:\windows\Installer\2f882.msi
+ 2008-08-27 05:24 . 2004-08-04 10:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-08-27 05:24 . 2004-08-04 10:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2008-05-22 00:46 . 2008-05-22 00:46 337408 c:\windows\Installer\e6fbab.msi
+ 2007-11-07 20:07 . 2007-11-07 20:07 999936 c:\windows\Installer\d393e7.msp
+ 2007-11-07 19:56 . 2007-11-07 19:56 553472 c:\windows\Installer\d393e4.msp
+ 2007-11-07 19:58 . 2007-11-07 19:58 908800 c:\windows\Installer\d393e0.msp
+ 2007-11-07 19:54 . 2007-11-07 19:54 507392 c:\windows\Installer\d393df.msp
+ 2008-07-30 18:51 . 2008-07-30 18:51 501248 c:\windows\Installer\c7a6c.msi
+ 2008-07-30 18:50 . 2008-07-30 18:50 501248 c:\windows\Installer\c7a58.msi
+ 2008-07-30 18:50 . 2008-07-30 18:50 506880 c:\windows\Installer\c7a53.msi
+ 2008-07-30 18:50 . 2008-07-30 18:50 516608 c:\windows\Installer\c7a4d.msi
+ 2008-07-30 18:50 . 2008-07-30 18:50 513024 c:\windows\Installer\c7a47.msi
+ 2008-07-30 18:48 . 2008-07-30 18:48 501248 c:\windows\Installer\c7a2b.msi
+ 2008-08-16 14:15 . 2008-08-16 14:15 455168 c:\windows\Installer\9a8841.msi
+ 2007-10-15 04:44 . 2007-10-15 04:44 324608 c:\windows\Installer\934482.msp
+ 2007-10-15 04:46 . 2007-10-15 04:46 324608 c:\windows\Installer\93447c.msp
+ 2004-08-10 18:08 . 2004-08-10 18:08 264704 c:\windows\Installer\7506.msi
+ 2009-01-25 21:52 . 2009-01-25 21:52 562176 c:\windows\Installer\6cc405.msi
+ 2008-06-15 01:05 . 2008-06-15 01:05 431104 c:\windows\Installer\6178c09.msi
+ 2009-02-26 01:07 . 2009-02-26 01:07 569856 c:\windows\Installer\57488e0.msi
+ 2009-02-26 01:07 . 2009-02-26 01:07 236032 c:\windows\Installer\57488db.msi
+ 2008-05-14 15:01 . 2008-05-14 15:01 422912 c:\windows\Installer\55076.msi
+ 2008-05-14 15:01 . 2008-05-14 15:01 644096 c:\windows\Installer\55072.msi
+ 2008-05-14 15:01 . 2008-05-14 15:01 540672 c:\windows\Installer\5506d.msi
+ 2008-05-14 15:01 . 2008-05-14 15:01 336896 c:\windows\Installer\55063.msi
+ 2008-05-14 15:01 . 2008-05-14 15:01 320512 c:\windows\Installer\5505e.msi
+ 2008-05-14 15:00 . 2008-05-14 15:00 466432 c:\windows\Installer\5504a.msi
+ 2008-05-14 15:00 . 2008-05-14 15:00 275968 c:\windows\Installer\55040.msi
+ 2008-05-14 14:56 . 2008-05-14 14:56 871424 c:\windows\Installer\5502f.msi
+ 2009-01-20 21:42 . 2009-01-20 21:42 119808 c:\windows\Installer\52f1a52.msp
+ 2008-10-26 22:16 . 2008-10-26 22:16 444416 c:\windows\Installer\52f1a43.msp
+ 2008-10-24 21:04 . 2008-10-24 21:04 125952 c:\windows\Installer\4c033.msp
+ 2009-01-30 02:23 . 2009-01-30 02:23 216576 c:\windows\Installer\46485.msp
+ 2008-12-31 03:36 . 2008-12-31 03:36 140288 c:\windows\Installer\4646c.msp
+ 2008-11-13 06:06 . 2008-11-13 06:06 432640 c:\windows\Installer\3aed204.msi
+ 2008-07-17 18:22 . 2008-07-17 18:22 330240 c:\windows\Installer\36c94.msi
+ 2008-07-17 18:22 . 2008-07-17 18:22 163328 c:\windows\Installer\36c8e.msi
+ 2008-07-17 18:22 . 2008-07-17 18:22 173856 c:\windows\Installer\36c7d.msi
+ 2009-02-06 02:02 . 2009-02-06 02:02 332800 c:\windows\Installer\361e4fd.msp
+ 2009-02-07 03:54 . 2009-02-07 03:54 134656 c:\windows\Installer\361e415.msp
+ 2009-02-10 00:22 . 2009-02-10 00:22 201728 c:\windows\Installer\2f89a.msi
+ 2009-03-17 20:10 . 2009-03-17 20:10 817152 c:\windows\Installer\2e2337.msi
+ 2009-03-17 20:02 . 2009-03-17 20:02 813568 c:\windows\Installer\2e2291.msi
+ 2008-07-30 19:58 . 2008-07-30 19:58 100352 c:\windows\Installer\2d9f1c.msi
+ 2008-07-30 19:58 . 2008-07-30 19:58 994816 c:\windows\Installer\2d9f17.msi
+ 2008-07-30 19:53 . 2008-07-30 19:53 591872 c:\windows\Installer\2d9efe.msi
+ 2008-07-30 19:53 . 2008-07-30 19:53 643072 c:\windows\Installer\2d9ef8.msi
+ 2008-07-30 19:52 . 2008-07-30 19:52 301056 c:\windows\Installer\2d9ef3.msi
+ 2008-07-30 19:52 . 2008-07-30 19:52 966144 c:\windows\Installer\2d9ede.msi
+ 2008-05-22 16:41 . 2008-05-22 16:41 391168 c:\windows\Installer\18d2ae2.msi
+ 2008-06-28 18:59 . 2008-06-28 18:59 532992 c:\windows\Installer\13bfbbe.msi
+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\11ab522.msp
+ 2008-05-28 20:49 . 2008-05-28 20:49 751104 c:\windows\Downloaded Installations\{54EDFAB9-E74A-41E4-A133-D509387F10CC}\HP Product Detection.msi
+ 2004-08-10 17:51 . 2004-08-04 10:00 1326080 c:\windows\system32\webfldrs.msi
+ 2008-08-27 05:25 . 2004-08-04 10:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-08-27 05:25 . 2004-08-04 10:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2007-11-07 19:50 . 2007-11-07 19:50 6055936 c:\windows\Installer\d393e6.msp
+ 2007-11-07 20:00 . 2007-11-07 20:00 3407360 c:\windows\Installer\d393e5.msp
+ 2007-11-07 19:46 . 2007-11-07 19:46 3010560 c:\windows\Installer\d393e3.msp
+ 2007-11-07 20:02 . 2007-11-07 20:02 6473216 c:\windows\Installer\d393e2.msp
+ 2007-11-07 20:12 . 2007-11-07 20:12 2533376 c:\windows\Installer\d393e1.msp
+ 2008-06-18 21:14 . 2008-06-18 21:14 1549312 c:\windows\Installer\d14ee.msi
+ 2008-07-30 18:51 . 2008-07-30 18:51 1652736 c:\windows\Installer\c7a67.msi
+ 2008-07-30 18:51 . 2008-07-30 18:51 1652736 c:\windows\Installer\c7a62.msi
+ 2008-07-30 18:50 . 2008-07-30 18:50 1652736 c:\windows\Installer\c7a5d.msi
+ 2008-07-30 18:49 . 2008-07-30 18:49 1640960 c:\windows\Installer\c7a3a.msi
+ 2008-07-30 18:49 . 2008-07-30 18:49 2022912 c:\windows\Installer\c7a35.msi
+ 2008-07-30 18:49 . 2008-07-30 18:49 1713152 c:\windows\Installer\c7a30.msi
+ 2008-07-30 18:48 . 2008-07-30 18:48 2397184 c:\windows\Installer\c7a26.msi
+ 2008-09-24 01:13 . 2008-09-24 01:13 2933248 c:\windows\Installer\b8e39.msi
+ 2008-09-24 01:11 . 2008-09-24 01:11 2587648 c:\windows\Installer\b8e34.msi
+ 2008-08-14 07:30 . 2008-08-14 07:30 5391872 c:\windows\Installer\b4b8ec0.msp
+ 2008-02-15 13:54 . 2008-02-15 13:54 9736192 c:\windows\Installer\93459b.msp
+ 2008-09-02 16:42 . 2008-09-02 16:42 5104640 c:\windows\Installer\934589.msp
+ 2008-01-11 22:52 . 2008-01-11 22:52 8517632 c:\windows\Installer\934564.msp
+ 2008-04-11 23:08 . 2008-04-11 23:08 6302720 c:\windows\Installer\934510.msp
+ 2008-04-11 23:48 . 2008-04-11 23:48 6774272 c:\windows\Installer\9344d3.msp
+ 2007-07-08 16:34 . 2007-07-08 16:34 6648832 c:\windows\Installer\93448d.msp
+ 2007-10-15 04:43 . 2007-10-15 04:43 5749760 c:\windows\Installer\93445c.msp
+ 2008-04-18 19:56 . 2008-04-18 19:56 6215680 c:\windows\Installer\93435d.msp
+ 2007-06-01 20:54 . 2007-06-01 20:54 9626624 c:\windows\Installer\934349.msp
+ 2009-03-07 16:14 . 2009-03-07 16:14 3176960 c:\windows\Installer\87f89c.msi
+ 2009-05-21 08:34 . 2009-05-21 08:34 1401344 c:\windows\Installer\79073d9.msi
+ 2008-10-05 09:12 . 2008-10-05 09:12 4784128 c:\windows\Installer\7353a8.msp
+ 2008-05-14 15:04 . 2008-05-14 15:04 1320448 c:\windows\Installer\5508a.msi
+ 2008-05-14 15:03 . 2008-05-14 15:03 1072128 c:\windows\Installer\55086.msi
+ 2008-05-14 15:01 . 2008-05-14 15:01 1014272 c:\windows\Installer\55068.msi
+ 2008-05-14 15:01 . 2008-05-14 15:01 1048064 c:\windows\Installer\55059.msi
+ 2008-05-14 15:01 . 2008-05-14 15:01 1272832 c:\windows\Installer\55054.msi
+ 2008-05-14 15:00 . 2008-05-14 15:00 1047040 c:\windows\Installer\5504f.msi
+ 2008-05-14 15:00 . 2008-05-14 15:00 1043968 c:\windows\Installer\55045.msi
+ 2008-05-14 14:59 . 2008-05-14 14:59 3369472 c:\windows\Installer\5503c.msi
+ 2009-02-25 23:08 . 2009-02-25 23:08 8311808 c:\windows\Installer\54a8288.msp
+ 2009-03-28 13:50 . 2009-03-28 13:50 5025792 c:\windows\Installer\54a8276.msp
+ 2008-11-13 07:57 . 2008-11-13 07:57 5099520 c:\windows\Installer\51747d9.msp
+ 2008-10-20 15:18 . 2008-10-20 15:18 6474240 c:\windows\Installer\51747c6.msp
+ 2004-08-10 18:09 . 2004-08-10 18:10 3443712 c:\windows\Installer\50c4.msi
+ 2009-02-07 03:31 . 2009-02-07 03:31 5047808 c:\windows\Installer\508559.msp
+ 2009-02-10 01:21 . 2009-02-10 01:21 2231296 c:\windows\Installer\46b87.msi
+ 2009-01-30 02:20 . 2009-01-30 02:20 6563328 c:\windows\Installer\467f7.msp
+ 2009-01-30 02:21 . 2009-01-30 02:21 3697152 c:\windows\Installer\466c8.msp
+ 2009-01-15 08:35 . 2009-01-15 08:35 4830720 c:\windows\Installer\43f101b.msp
+ 2008-10-20 15:19 . 2008-10-20 15:19 5100032 c:\windows\Installer\3aed229.msp
+ 2008-07-17 18:27 . 2008-07-17 18:27 2380288 c:\windows\Installer\36c99.msi
+ 2009-02-07 03:53 . 2009-02-07 03:53 2836992 c:\windows\Installer\361e584.msp
+ 2009-02-06 02:03 . 2009-02-06 02:03 1904128 c:\windows\Installer\361e49c.msp
+ 2009-03-17 20:13 . 2009-03-17 20:13 5182976 c:\windows\Installer\2e2351.msi
+ 2009-03-17 20:09 . 2009-03-17 20:09 6643712 c:\windows\Installer\2e232d.msi
+ 2009-03-17 20:06 . 2009-03-17 20:06 1087488 c:\windows\Installer\2e22cd.msi
+ 2008-07-30 19:58 . 2008-07-30 19:58 1089536 c:\windows\Installer\2d9f12.msi
+ 2008-07-30 19:57 . 2008-07-30 19:57 1072128 c:\windows\Installer\2d9f0d.msi
+ 2008-07-30 19:57 . 2008-07-30 19:57 1389056 c:\windows\Installer\2d9f08.msi
+ 2008-07-30 19:54 . 2008-07-30 19:54 1389568 c:\windows\Installer\2d9f03.msi
+ 2008-05-22 18:58 . 2008-05-22 18:58 3620864 c:\windows\Installer\28dd60.msi
+ 2008-05-25 19:16 . 2008-05-25 19:16 8984576 c:\windows\Installer\248a893.msi
+ 2009-01-08 01:25 . 2009-01-08 01:25 5046784 c:\windows\Installer\1f952e.msp
+ 2009-04-24 16:28 . 2009-04-24 16:28 4450816 c:\windows\Installer\1d4aa79.msp
+ 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\11ab572.msp
+ 2009-05-04 11:47 . 2009-05-04 11:47 9124864 c:\windows\Installer\11ab55e.msp
+ 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\11ab54a.msp
+ 2009-05-07 13:17 . 2009-05-07 13:17 5026816 c:\windows\Installer\11ab535.msp
+ 2009-04-24 16:29 . 2009-04-24 16:29 9013760 c:\windows\Installer\11ab50f.msp
+ 2008-11-20 19:48 . 2008-11-20 19:48 5097472 c:\windows\Installer\11937a4.msp
+ 2009-05-08 21:10 . 2009-05-08 21:10 1516544 c:\windows\Installer\108801.msi
+ 2009-02-15 19:28 . 2009-02-15 19:28 1021952 c:\windows\Installer\1046f67.msi
+ 2008-06-13 21:37 . 2008-06-13 21:37 2676224 c:\windows\Downloaded Installations\{C2A54EB7-A036-4131-973D-0611D24EAC7E}\DOC Regenerator.msi
+ 2008-10-06 22:49 . 2008-10-06 23:41 6981632 c:\windows\Downloaded Installations\{156D71EC-9396-49C9-AD1A-808FFD897912}\Microsoft ActiveSync 4.0.msi
+ 2008-05-15 22:39 . 2008-05-14 14:57 12127744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2008-07-30 18:55 . 2008-07-30 18:55 12836352 c:\windows\Installer\c7a85.msi
+ 2008-08-11 16:51 . 2008-08-11 16:51 15916544 c:\windows\Installer\934576.msp
+ 2008-04-11 23:07 . 2008-04-11 23:07 13257728 c:\windows\Installer\934538.msp
+ 2008-08-11 16:49 . 2008-08-11 16:49 22457344 c:\windows\Installer\934523.msp
+ 2008-07-30 04:20 . 2008-07-30 04:20 11767296 c:\windows\Installer\9344f9.msp
+ 2008-02-28 04:40 . 2008-02-28 04:40 69697536 c:\windows\Installer\9344cd.msp
+ 2007-10-15 04:43 . 2007-10-15 04:43 12743168 c:\windows\Installer\93446d.msp
+ 2007-10-15 04:43 . 2007-10-15 04:43 21981184 c:\windows\Installer\934437.msp
+ 2008-05-21 06:30 . 2008-05-21 06:30 14308864 c:\windows\Installer\9343ae.msp
+ 2008-07-30 04:18 . 2008-07-30 04:18 11933184 c:\windows\Installer\934371.msp
+ 2009-05-04 11:49 . 2009-05-04 11:49 10955776 c:\windows\Installer\6a9fc05.msp
+ 2009-02-25 23:05 . 2009-02-25 23:05 11840000 c:\windows\Installer\67fb0be.msp
+ 2009-02-25 23:07 . 2009-02-25 23:07 11646464 c:\windows\Installer\67fb0ab.msp
+ 2008-10-20 15:22 . 2008-10-20 15:22 11758592 c:\windows\Installer\5174813.msp
+ 2008-10-20 15:21 . 2008-10-20 15:21 11937280 c:\windows\Installer\5174800.msp
+ 2008-10-20 15:16 . 2008-10-20 15:16 13211648 c:\windows\Installer\51747ed.msp
+ 2008-09-24 17:05 . 2008-09-24 17:05 16381440 c:\windows\Installer\3aed216.msp
+ 2008-05-18 01:26 . 2008-05-18 01:26 15256576 c:\windows\Installer\2c43615.msp
+ 2004-08-10 18:10 . 2004-08-10 18:10 19204096 c:\windows\Installer\1599f.msp
+ 2007-10-15 04:43 . 2007-10-15 04:43 229852160 c:\windows\Installer\934430.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Google Update"="c:\documents and settings\Roy Bristow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-06 133104]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-05-22 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-23 805392]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/25/2009 9:08 PM 64160]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [1/28/2009 1:58 PM 17264]
R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [5/12/2009 6:55 AM 21888]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [3/23/2009 11:39 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [3/23/2009 11:39 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [3/23/2009 11:39 AM 482352]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [12/7/2008 2:41 PM 14336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [11/13/2008 7:20 PM 13360]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 953168]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/4/2009 11:20 AM 195856]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [3/23/2009 11:39 AM 115560]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [11/13/2008 7:20 PM 69168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 5:00 AM 101936]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [12/7/2008 2:41 PM 8832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2008 7:11 PM 19096]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [5/12/2009 6:55 AM 9088]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [6/30/2009 5:57 PM 276344]
S2 gupdate1c9a2515ee9ac6;Google Update Service (gupdate1c9a2515ee9ac6);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2009 9:55 AM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/23/2008 5:09 AM 92464]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:08]

2008-05-22 c:\windows\Tasks\Ad-Aware.job
- c:\progra~1\Lavasoft\Ad-Aware\Ad-Aware.exe [2009-01-18 00:08]

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2009-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-11 16:29]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 13:55]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 13:55]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362977303-1881232705-3471229379-1006Core.job
- c:\documents and settings\Roy Bristow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 06:35]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362977303-1881232705-3471229379-1006UA.job
- c:\documents and settings\Roy Bristow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 06:35]

2009-07-03 c:\windows\Tasks\User_Feed_Synchronization-{F028BE97-6493-45D6-98BA-3C4460D4AD4D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: download.com
Trusted Zone: intuit.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 12:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1362977303-1881232705-3471229379-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1362977303-1881232705-3471229379-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1362977303-1881232705-3471229379-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1362977303-1881232705-3471229379-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1362977303-1881232705-3471229379-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(756)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\documents and settings\Roy Bristow\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-07-03 12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 16:11
ComboFix2.txt 2009-07-02 17:35
ComboFix3.txt 2009-07-01 21:12
ComboFix4.txt 2009-07-01 19:25

Pre-Run: 138,755,067,904 bytes free
Post-Run: 138,708,533,248 bytes free

497 --- E O F --- 2009-06-14 20:01

Let's hope that Blue Screen was a one off, and not related to any Malware. Let me know if you get any more.

That was a pretty new infection you had. To be on the safe side, I would run MalwareBytes', Update it, and run a scan just to make sure there is nothing left over.

If that comes back clean and everything is still running well then we can wrap this topic up.

Hello

Still having the problem with deleting user accounts. The blue screen states:

"A problem was detected and windows was shut down to prevent damage to your computer."

"Bad_Pool_Header"

My words - Next came info about making sure all software and hardware are installed properly.

"Technical Information"

""***STOP: 0x00000019 (0x00000020, 0x85D46000, 0x85D46A00, 0x0B400000)"

Quotation marks are mine.

Thanks


Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 3

7/3/2009 4:37:11 PM
mbam-log-2009-07-03 (16-37-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 192009
Time elapsed: 1 hour(s), 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OK, let's see if any of your system files are corrupt. Click Start >> Run. Copy/paste the following into the run box;
sfc /scannow
Close all other Windows and Browsers, and then hit OK. This will check your system files for any errors, and hopefully fix them if found.

Next, we'll check for any Disk errors. As before, open the Run box, and copy/paste this:
chkdsk /r

If either of those find errors, reboot your computer and see if that has helped. Let me know how it goes. Is it just one user account in particular that is causing this problem, or any? (to test, create a new, empty account and then try and delete it).

Hi - I just got your latest and have not acted yet. Does the following change your request?

Warning windows popped up from Malwarebytes and Norton.

Malwarebytes warned of: 1. C:\Windows\ID12.exe (Worm.Koobface) 2. C:\Windows\567788.bat (Worm.Koobface) 3. C:\Windows\sysguard.exe (Trojan.Agent).

Norton blocked Suspicious.MH690.A

Please advise.

Thanks

Did MalwareBytes' remove them? I'd run a Quick Scan with MalwareBytes' just to make sure nothing else crept in. After that, carry on with my instruction as before, but also run DDS again and post the logs just for another check. Better safe than sorry.

On the run you asked for Malwarebytes found the following and removed it.

Malwarebytes' Anti-Malware 1.31
Database version: 1610
Windows 5.1.2600 Service Pack 3

1/4/2009 10:34:08 AM
mbam-log-2009-01-04 (10-34-08).txt

Scan type: Quick Scan
Objects scanned: 67711
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\eajtuule.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfEVPJd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rlyeryth.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\frgehi.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a91bb62-0b54-41d8-9a16-bcfaa9236134} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9a91bb62-0b54-41d8-9a16-bcfaa9236134} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a91bb62-0b54-41d8-9a16-bcfaa9236134} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{269d619a-4ac7-42cd-b1ec-01710407303f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{269d619a-4ac7-42cd-b1ec-01710407303f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{269d619a-4ac7-42cd-b1ec-01710407303f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc7c621d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfevpjd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfevpjd -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\khfEVPJd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dJPVEfhk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dJPVEfhk.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eajtuule.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eluutjae.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlyeryth.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\frgehi.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Roy Bristow\Local Settings\Temporary Internet Files\Content.IE5\D7AMSQQ1\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roy Bristow\Local Settings\Temporary Internet Files\Content.IE5\JER9XA8J\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.


The RUN* showed nothing.

Malwarebytes' Anti-Malware 1.31
Database version: 1610
Windows 5.1.2600 Service Pack 3

1/4/2009 10:34:08 AM
mbam-log-2009-01-04 (10-34-08).txt

Scan type: Quick Scan
Objects scanned: 67711
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\eajtuule.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfEVPJd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rlyeryth.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\frgehi.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a91bb62-0b54-41d8-9a16-bcfaa9236134} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9a91bb62-0b54-41d8-9a16-bcfaa9236134} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a91bb62-0b54-41d8-9a16-bcfaa9236134} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{269d619a-4ac7-42cd-b1ec-01710407303f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{269d619a-4ac7-42cd-b1ec-01710407303f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{269d619a-4ac7-42cd-b1ec-01710407303f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc7c621d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfevpjd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfevpjd -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\khfEVPJd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dJPVEfhk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dJPVEfhk.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eajtuule.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eluutjae.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlyeryth.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\frgehi.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Roy Bristow\Local Settings\Temporary Internet Files\Content.IE5\D7AMSQQ1\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roy Bristow\Local Settings\Temporary Internet Files\Content.IE5\JER9XA8J\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

I have gotten confused, sorry. Have I posted all you asked fro?

Another DDS log please, looks like you were infected with Vundo. Not sure where that came from.

Hi

Sorry I have been gone so long. Thanks for staying with me.



DDS (Ver_09-06-26.01) - NTFSx86
Run by Roy Bristow at 14:01:15.81 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.295 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Roy Bristow\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Roy Bristow\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\documents and settings\roy bristow\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: download.com
Trusted Zone: intuit.com
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://chat2.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-25 64160]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-1-28 17264]
R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [2009-5-12 21888]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-3-23 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-3-23 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-3-23 482352]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2008-12-7 14336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2008-11-13 13360]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-4 195856]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-3-23 115560]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-11-13 69168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-3 101936]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2008-12-7 8832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-9-26 19096]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090705.020\NAVENG.SYS [2009-7-5 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090705.020\NAVEX15.SYS [2009-7-5 876144]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090625.003\IDSXpx86.sys [2009-6-30 276344]
S2 gupdate1c9a2515ee9ac6;Google Update Service (gupdate1c9a2515ee9ac6);c:\program files\google\update\GoogleUpdate.exe [2009-3-11 133104]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [2009-5-12 9088]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]

=============== Created Last 30 ================

2009-07-03 18:03 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-03 18:01 53,760 a------- c:\windows\system32\dllcache\wiamsmud.dll
2009-07-03 18:00 687,999 a------- c:\windows\system32\dllcache\usrwdxjs.sys
2009-07-03 17:59 50,176 a------- c:\windows\system32\dllcache\umaxp60.dll
2009-07-03 17:58 241,664 a------- c:\windows\system32\dllcache\tosdvd02.sys
2009-07-03 17:57 10,240 a------- c:\windows\system32\dllcache\swpdflt2.dll
2009-07-03 17:56 143,422 a------- c:\windows\system32\dllcache\softkey.dll
2009-07-03 17:55 50,432 a------- c:\windows\system32\dllcache\sisv.sys
2009-07-03 17:54 17,280 a------- c:\windows\system32\dllcache\scr111.sys
2009-07-03 17:53 79,872 a------- c:\windows\system32\dllcache\rwia430.dll
2009-07-03 17:52 112,574 a------- c:\windows\system32\dllcache\ptserlp.sys
2009-07-03 17:51 86,016 a------- c:\windows\system32\dllcache\pctspk.exe
2009-07-03 17:50 27,209 a------- c:\windows\system32\dllcache\otc06x5.sys
2009-07-03 17:49 85,248 a------- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-03 17:48 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-07-03 17:47 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2009-07-03 17:46 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-07-03 17:45 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll
2009-07-03 17:44 115,807 a------- c:\windows\system32\dllcache\hsf_fsks.sys
2009-07-03 17:43 108,827 a------- c:\windows\system32\dllcache\hanja.lex
2009-07-03 17:42 7,040 a------- c:\windows\system32\dllcache\exabyte2.sys
2009-07-03 17:41 241,206 a------- c:\windows\system32\dllcache\el656se5.sys
2009-07-03 17:40 65,622 a------- c:\windows\system32\dllcache\digiasyn.dll
2009-07-03 17:39 272,640 a------- c:\windows\system32\dllcache\cinemclc.sys
2009-07-03 17:38 54,271 a------- c:\windows\system32\dllcache\bcm42xx5.sys
2009-07-03 17:37 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-07-01 15:24 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-01 15:10 <DIR> a-dshr-- C:\cmdcons
2009-07-01 15:08 161,792 a------- c:\windows\SWREG.exe
2009-07-01 15:08 155,136 a------- c:\windows\PEV.exe
2009-07-01 15:08 98,816 a------- c:\windows\sed.exe
2009-06-29 17:34 <DIR> --d----- c:\program files\Flip Words
2009-06-29 15:17 <DIR> --d----- c:\docume~1\roybri~1\applic~1\ZoomBrowser EX
2009-06-29 15:09 <DIR> --d----- c:\docume~1\roybri~1\applic~1\CameraWindowDC
2009-06-29 15:09 <DIR> --d----- c:\docume~1\roybri~1\applic~1\CANON INC
2009-06-22 14:17 <DIR> -cd-h--- c:\windows\ie8
2009-06-22 14:04 255,848 a------- c:\windows\system32\xactengine2_6.dll
2009-06-22 14:03 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-22 14:02 <DIR> --d----- c:\windows\Logs
2009-06-21 19:27 16 a------- c:\documents and settings\roy bristow\FlipWords.dat
2009-06-21 14:14 293 a------- c:\windows\FlipWords.ini
2009-06-18 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-06-18 19:07 <DIR> --d----- c:\program files\Canon
2009-06-18 19:04 <DIR> --d----- c:\program files\common files\Canon
2009-06-10 16:03 118 a------- c:\windows\system32\MRT.INI
2009-06-10 04:52 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 04:52 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 15:37 <DIR> --dsh--- c:\documents and settings\roy bristow\IECompatCache

==================== Find3M ====================

2009-06-21 14:13 1,682 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-12 06:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2009-05-12 06:55 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-12 01:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 17:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-22 20:09 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 a------- c:\windows\system32\dllcache\rpcrt4.dll
2009-02-10 15:38 60,744 a------- c:\documents and settings\roy bristow\g2mdlhlpx.exe
2009-01-26 12:00 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-01-26 12:00 88 ---shr-- c:\docume~1\alluse~1\applic~1\020AC935B7.sys
2008-07-07 09:56 81,920 a------- c:\docume~1\roybri~1\applic~1\ezpinst.exe
2008-07-07 09:56 47,360 a------- c:\docume~1\roybri~1\applic~1\pcouffin.sys
2008-09-23 20:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 14:02:16.59 ===============

Looking good. I notice you did the sfc scan, did you all do the chkdsk? Did either of them help with the Blue Screen errors?

I did both scans but they did not help the deleting user accounts part. I don't know if this could be related but.... I have a game (Flip Words) that suddenly would launch stating something along the lines of "Cannot open the software protection system. Be sure you are logged on a administrator with full privileges". I am. Any other ideas?

Thanks

Two more things to try.

First, try creating a new account, and then deleting it straight away. Then we can see if the problem is with all accounts, or just the one you are trying to delete.

Next, try rebooting into Safe Mode (tap F8 just before Windows loads) and deleting the account from there.

Let me know how that goes.

The new account was created and deleted without a problem. Even in Safe Mode the three accounts I created for the kids a few weeks ago still produce the blue screen. I have tried all three.

I can't see any Malware involved, so I think I will refer you to our Tech Team who will be much better able to assist you. Before I do, there is one last think I want to do to check there is nothing malicious, as they don't deal with Malware. Please just run GMER again so we can rule out Rootkit interference.

If the GMER log comes back clean, I will post steps to clean up what we have used and we can wrap this up.

I was not given any warnings.

Thanks


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-06 18:29:00
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 86B4C270 ZwAlertResumeThread
SSDT 86B4C3B0 ZwAlertThread
SSDT 8667BEB8 ZwAllocateVirtualMemory
SSDT 86B4B458 ZwAssignProcessToJobObject
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA9AB3040]
SSDT 86C65BF0 ZwCreateMutant
SSDT 862D0DC0 ZwCreateSymbolicLinkObject
SSDT 86D30A68 ZwCreateThread
SSDT 86B4B750 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA9AB32C0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA9AB3820]
SSDT 8667D348 ZwDuplicateObject
SSDT spdc.sys ZwEnumerateKey [0xF7411CA2]
SSDT spdc.sys ZwEnumerateValueKey [0xF7412030]
SSDT 8667B6D8 ZwFreeVirtualMemory
SSDT 86B4BFD0 ZwImpersonateAnonymousToken
SSDT 86B4C130 ZwImpersonateThread
SSDT 86B4BAD0 ZwLoadDriver
SSDT 8671B800 ZwMapViewOfSection
SSDT 86B4BE90 ZwOpenEvent
SSDT spdc.sys ZwOpenKey [0xF73F30C0]
SSDT 8667D668 ZwOpenProcess
SSDT 86B6B0B8 ZwOpenProcessToken
SSDT 86B4BC10 ZwOpenSection
SSDT 8667D4D8 ZwOpenThread
SSDT 86B50870 ZwProtectVirtualMemory
SSDT spdc.sys ZwQueryKey [0xF7412108]
SSDT spdc.sys ZwQueryValueKey [0xF7411F88]
SSDT 86B6DF30 ZwResumeThread
SSDT 86B64808 ZwSetContextThread
SSDT 8667B2B8 ZwSetInformationProcess
SSDT 86B4B910 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA9AB3A70]
SSDT 86B4BD50 ZwSuspendProcess
SSDT 86B4DF30 ZwSuspendThread
SSDT 86B6BF30 ZwTerminateProcess
SSDT 86B560B0 ZwTerminateThread
SSDT 86B68420 ZwUnmapViewOfSection
SSDT 8667BAE8 ZwWriteVirtualMemory

INT 0x63 ? 86D53BF8
INT 0x73 ? 86FD6BF8
INT 0x73 ? 86FD6BF8
INT 0x73 ? 86FD6BF8
INT 0x73 ? 86FD6BF8
INT 0x73 ? 86D53BF8
INT 0x73 ? 86D53BF8
INT 0x73 ? 86FD6BF8
INT 0x94 ? 86D53BF8
INT 0xA4 ? 86D53BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 3018 805048B4 4 Bytes CALL 68D6B073
? spdc.sys The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F5D598AC 5 Bytes JMP 86D531D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73F4040] spdc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73F413C] spdc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73F40BE] spdc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73F47FC] spdc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73F46D2] spdc.sys
IAT \SystemRoot\system32\drivers\DMusic.sys[portcls.sys!PcNewPort] [F7883792] nielprt.sys (Nielsen Portcls Patch Driver/The Nielsen Company)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F661F8

AttachedDevice \FileSystem\Ntfs \Ntfs MPRIFL.SYS (My Private Folder driver/FSPro Labs)

Device \Driver\usbehci \Device\USBPDO-0 86D601F8
Device \Driver\usbuhci \Device\USBPDO-1 86D591F8
Device \Driver\usbuhci \Device\USBPDO-2 86D591F8
Device \Driver\usbuhci \Device\USBPDO-3 86D591F8
Device \Driver\usbuhci \Device\USBPDO-4 86D591F8

AttachedDevice \Driver\Tcpip \Device\Tcp nnrnstdi.SYS (NNRNSTDI helper driver/The Nielsen Company)

Device \Driver\usbuhci \Device\USBPDO-5 86D591F8
Device \Driver\usbuhci \Device\USBPDO-6 86D591F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F681F8
Device \Driver\usbehci \Device\USBPDO-7 86D601F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F681F8
Device \Driver\Cdrom \Device\CdRom0 86D45500
Device \Driver\NetBT \Device\NetBT_Tcpip_{28C8854A-4440-4535-9B10-CE5FEF99D1FE} 86701500
Device \Driver\NetBT \Device\NetBt_Wins_Export 86701500
Device \Driver\NetBT \Device\NetbiosSmb 86701500

AttachedDevice \Driver\Tcpip \Device\RawIp nnrnstdi.SYS (NNRNSTDI helper driver/The Nielsen Company)

Device \Driver\usbuhci \Device\USBFDO-0 86D591F8
Device \Driver\usbuhci \Device\USBFDO-1 86D591F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 862B9500
Device \Driver\usbuhci \Device\USBFDO-2 86D591F8
Device 862B9500
Device \Driver\usbehci \Device\USBFDO-3 86D601F8
Device \Driver\usbuhci \Device\USBFDO-4 86D591F8
Device \Driver\Ftdisk \Device\FtControl 86F681F8
Device \Driver\usbuhci \Device\USBFDO-5 86D591F8
Device \Driver\usbuhci \Device\USBFDO-6 86D591F8
Device \Driver\usbehci \Device\USBFDO-7 86D601F8
Device 863A9500
Device A7F06297

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 862C01F8
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Roy Bristow\My Documents\My Lockbox 0 bytes
File C:\Documents and Settings\Roy Bristow\My Documents\My Lockbox\New Folder 0 bytes

---- EOF - GMER 1.0.15 ----