Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Buffer Overflow Blocked by McAfee - Cannot Windows Update [Closed]

Started by Midnighter , Apr 29 2009 05:10 PM

  • This topic is locked This topic is locked

#16
Midnighter
Posted 15 May 2009 - 05:08 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
I am unable to save ComboFix to my Desktop. Whenever I click on links 1 and 2 I get an "HTTP 404 not found."
Link 3 works fine but after download and choose desktop I get this:


Posted Image

Edited by Midnighter, 15 May 2009 - 05:09 PM.

  • 0

Advertisements

#17
Fred21543
Posted 16 May 2009 - 06:59 AM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Delete the copies of ComboFix you currently have, and do this;


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#18
Midnighter
Posted 19 May 2009 - 06:01 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Do you mean an OtListIt2 log instead of a Hijackthis log (are they the same)? I've read that "Hijack this has been replaced by OtListIt2". Should I use that instead of a Hijackthis log?
Hrn, I'll post an OtListIt2 anyway. Here's the ComboFix log that you asked for:


ComboFix 09-05-19.08 - JAMES 05/19/2009 16:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.513 [GMT -7:00]
Running from: c:\documents and settings\JAMES\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFC
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-07 23:15 . 2009-05-07 23:16 -------- d-----w c:\documents and settings\JAMES\Application Data\Crayon Physics Deluxe
2009-05-06 22:42 . 2009-05-06 22:42 -------- d-----w C:\_OTListIt
2009-05-06 01:28 . 2009-05-06 01:30 -------- d-----w C:\Rooter$
2009-05-05 23:45 . 2009-05-05 23:46 -------- d-----w c:\program files\ERUNT
2009-05-03 05:26 . 2009-05-03 05:26 -------- d-sh--w c:\documents and settings\MYLS\PrivacIE
2009-05-02 22:45 . 2009-05-02 22:45 -------- d-----w c:\documents and settings\MYLS\Application Data\Malwarebytes
2009-05-02 03:16 . 2009-05-02 03:16 -------- d-----w c:\documents and settings\VERA\Application Data\Malwarebytes
2009-05-01 04:23 . 2009-05-01 04:23 -------- d-sh--w c:\documents and settings\MYLS\IECompatCache
2009-05-01 04:17 . 2009-05-01 04:17 -------- d-sh--w c:\documents and settings\MYLS\IETldCache
2009-04-30 22:46 . 2009-04-30 22:46 -------- d-----w c:\documents and settings\JAMES\Application Data\Malwarebytes
2009-04-30 22:46 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 22:46 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 22:46 . 2009-04-30 22:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 22:46 . 2009-04-30 22:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 03:54 . 2009-04-29 03:54 -------- d-----w c:\program files\Citrix
2009-04-29 03:53 . 2009-04-29 03:53 -------- d-----w c:\documents and settings\VERA\Local Settings\Application Data\Citrix
2009-04-29 03:53 . 2009-04-29 03:53 61224 ----a-w c:\documents and settings\VERA\GoToAssistDownloadHelper.exe
2009-04-23 23:58 . 2009-04-23 23:58 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 23:32 . 2009-05-19 23:32 529220 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-05-19 23:26 . 2006-10-14 22:20 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-05-17 16:18 . 2006-08-10 05:05 6900 ----a-w c:\documents and settings\VERA\Application Data\wklnhst.dat
2009-05-16 05:11 . 2007-10-05 22:49 -------- d-----w c:\program files\Steam
2009-04-17 22:15 . 2009-04-10 04:26 -------- d-----w c:\program files\McAfee
2009-04-10 04:27 . 2009-04-10 04:27 -------- d-----w c:\program files\Common Files\McAfee
2009-04-10 04:27 . 2009-04-10 03:21 -------- d-----w c:\program files\McAfee.com
2009-04-10 04:04 . 2009-04-10 03:22 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-04-09 17:48 . 2009-04-09 17:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-09 17:48 . 2006-08-03 16:42 -------- d-----w c:\program files\Java
2009-04-08 04:43 . 2006-08-14 05:11 626 ----a-w c:\documents and settings\RESTY\Application Data\wklnhst.dat
2009-04-08 00:37 . 2009-04-08 00:37 -------- d-----w c:\program files\OpenAL
2009-04-04 01:12 . 2006-08-03 16:51 -------- d-----w c:\program files\Common Files\AOL
2009-04-04 01:12 . 2006-08-03 16:51 -------- d-----w c:\program files\Common Files\Nullsoft
2009-03-25 18:06 . 2009-04-10 04:27 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 18:06 . 2009-04-10 04:27 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 18:06 . 2009-04-10 04:27 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 18:06 . 2009-01-17 03:04 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 18:05 . 2009-04-10 04:21 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-18 03:02 . 2009-03-18 03:02 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-18 03:02 . 2009-03-18 03:02 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-08 11:34 . 2005-08-16 09:18 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2005-08-16 09:18 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2005-08-16 09:18 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2005-08-16 09:18 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2005-08-16 09:18 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2005-08-16 09:18 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2005-08-16 09:18 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2005-08-16 09:18 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2005-08-16 09:18 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2005-08-16 09:18 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-21 23:09 . 2009-02-21 22:57 26 ----a-w c:\windows\popcinfot.dat
2006-11-23 17:49 . 2006-11-23 17:49 251 ----a-w c:\program files\wt3d.ini
2006-11-14 04:39 . 2006-08-12 18:27 88 --sh--r c:\windows\system32\2424236186.sys
2006-11-14 04:39 . 2006-08-12 18:27 3350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-16 67128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 81920]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 17:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-02 262144]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 229376]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-09 148888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

c:\documents and settings\JAMES\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-10-12 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-21 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-15 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
QuickBooks 2002 Delivery Agent.lnk - c:\program files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe [2007-10-29 311296]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-6-21 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-29 03:54 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LVPrcSrv"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stickybombs\\the ship\\ship.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stickybombs\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war demo\\W40k.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stickybombs\\garrysmod\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/9/2009 9:29 PM 210216]
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-04-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-10 17:53]

2009-04-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-10 17:53]

2009-05-19 c:\windows\Tasks\User_Feed_Synchronization-{F7996325-0EDF-44E4-A113-8B4573E32D18}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {C333B6BA-1CEB-420B-A16C-E69F1C6956A0} - hxxps://ibs.pnb.com.ph/download/Authentic/VBAuthentic-PNB.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3416)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-05-19 16:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 23:39

Pre-Run: 128,358,363,136 bytes free
Post-Run: 128,567,250,944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

272 --- E O F --- 2009-05-14 05:05

Edited by Midnighter, 19 May 2009 - 06:32 PM.

  • 0

#19
Midnighter
Posted 19 May 2009 - 06:38 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Here is the OtListIt2 log...:


OTListIt logfile created on: 5/19/2009 5:11:19 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\JAMES\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 458.45 Mb Available Physical Memory | 44.85% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 80.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.00 Gb Total Space | 119.76 Gb Free Space | 52.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VERA
Current User Name: JAMES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\JAMES\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (ELService [Auto | Running]) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Disabled | Stopped]) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npkcmsvc [Auto | Stopped]) -- File not found
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ATIAVPCI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\atinavrr.sys (ATI Technologies Inc.)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (e1express [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (ELacpi [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ELacpi.sys (Intel Corporation)
DRV - (ELhid [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELhid.sys (Intel Corporation)
DRV - (ELkbd [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELkbd.sys (Intel Corporation)
DRV - (ELmon [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELmon.sys (Intel Corporation)
DRV - (ELmou [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ELmou.sys (Intel Corporation)
DRV - (FilterService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Lvckap [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (lvmvdrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\lvmvdrv.sys ()
DRV - (lvpopflt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPrcMon [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (Nokia USB Generic [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (Nokia USB Modem [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Phone Parent [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/09 10:48:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/05/18 15:22:55 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (Nokia)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\JAMES\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1186004408062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/...all/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {C333B6BA-1CEB-420B-A16C-E69F1C6956A0} https://ibs.pnb.com....thentic-PNB.cab (PNB_VBAuthentic.Authentic)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...swflash5r42.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/05/19 16:47:18 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/19 16:17:51 | 00,000,210 | ---- | C] () -- C:\Boot.bak
[2009/05/19 16:17:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/19 16:17:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/19 16:13:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/19 16:13:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/19 16:13:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/19 16:13:41 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/19 16:13:41 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/19 16:13:41 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/19 16:13:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/19 16:13:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/19 16:13:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/19 16:10:22 | 02,989,964 | R--- | C] () -- C:\Documents and Settings\JAMES\Desktop\Combo-Fix.exe
[2009/05/15 20:38:53 | 00,001,600 | ---- | C] () -- C:\Documents and Settings\JAMES\Desktop\Left 4 Dead Authoring Tools Beta.lnk
[2009/05/10 23:14:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\JAMES\My Documents\Kaspersky online scan report 5-10-09 11
[2009/05/07 16:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JAMES\Application Data\Crayon Physics Deluxe
[2009/05/06 15:42:27 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/05 18:38:37 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JAMES\Desktop\OTListIt2.exe
[2009/05/05 18:28:09 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/05 18:27:30 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\JAMES\Desktop\Rooter.exe
[2009/05/05 16:46:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/05 16:45:53 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\JAMES\Desktop\NTREGOPT.lnk
[2009/05/05 16:45:53 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\JAMES\Desktop\ERUNT.lnk
[2009/05/05 16:45:50 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/05 16:41:35 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\JAMES\Desktop\SysRestorePoint.exe
[2009/04/30 15:46:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JAMES\Application Data\Malwarebytes
[2009/04/30 15:46:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 15:46:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 15:46:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 15:46:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 15:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/28 20:54:05 | 00,000,000 | ---D | C] -- C:\Program Files\Citrix
[2009/04/23 16:58:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/03/04 17:06:40 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009/03/04 17:06:40 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/23 15:29:13 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/05/02 22:46:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 22:46:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 22:46:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 22:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 22:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/24 15:54:45 | 00,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY2.INI
[2007/06/10 15:13:22 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/10 20:48:46 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/05/10 20:48:35 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/05/10 20:43:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/11/11 21:36:32 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/10/21 08:42:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/10/14 15:20:04 | 00,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/14 15:12:00 | 00,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/08/20 16:30:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/08/12 11:27:22 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/12 11:27:22 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2424236186.sys
[2006/08/03 10:07:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/03 09:59:51 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/03 09:56:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/03 09:17:53 | 00,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/09 15:37:42 | 02,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 15:37:42 | 00,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 15:35:54 | 02,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/09 23:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 02:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:18:43 | 00,000,844 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 02:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 12:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/22 18:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[6 C:\Documents and Settings\JAMES\My Documents\*.tmp files]
[2009/05/19 16:39:19 | 00,018,325 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/19 16:32:31 | 00,446,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/19 16:32:31 | 00,072,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/19 16:32:29 | 00,529,220 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/19 16:31:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/19 16:28:32 | 00,198,932 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/19 16:27:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/19 16:26:55 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\JAMES\Local Settings\desktop.ini
[2009/05/19 16:26:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/19 16:26:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/19 16:26:32 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/19 16:26:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/05/19 16:17:51 | 00,000,280 | RHS- | M] () -- C:\boot.ini
[2009/05/19 16:10:31 | 02,989,964 | R--- | M] () -- C:\Documents and Settings\JAMES\Desktop\Combo-Fix.exe
[2009/05/19 15:20:36 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F7996325-0EDF-44E4-A113-8B4573E32D18}.job
[2009/05/18 15:17:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 08:25:18 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Microsoft Office Excel 2003.lnk
[2009/05/15 20:38:53 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\JAMES\Desktop\Left 4 Dead Authoring Tools Beta.lnk
[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/10 23:16:20 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\JAMES\My Documents\Kaspersky online scan report 5-10-09 11
[2009/05/07 00:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/05 18:38:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JAMES\Desktop\OTListIt2.exe
[2009/05/05 18:27:31 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\JAMES\Desktop\Rooter.exe
[2009/05/05 16:45:53 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\JAMES\Desktop\NTREGOPT.lnk
[2009/05/05 16:45:53 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\JAMES\Desktop\ERUNT.lnk
[2009/05/05 16:41:41 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\JAMES\Desktop\SysRestorePoint.exe
[2009/04/30 20:56:21 | 00,000,844 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/30 15:46:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/20 07:37:38 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\JAMES\My Documents\poem ploop.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 999 bytes -> C:\Documents and Settings\JAMES\My Documents\Kaspersky online scan report 5-10-09 11:13pm.txt
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\JAMES\My Documents\Kaspersky online scan report 5-10-09 11:SummaryInformation
< End of report >
  • 0

#20
Midnighter
Posted 21 May 2009 - 04:37 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Update: Although I have disabled McAfee, after a turned on my computer today, it detected ComboFix as a trojan and removed it:

Posted Image

I'm assuming I could just download it again, but I just wanted to tell you.

*Going to be a little late with a response*

Edited by Midnighter, 22 May 2009 - 05:10 PM.

  • 0

#21
Fred21543
Posted 23 May 2009 - 03:35 AM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
*Double click on My Computer.
*Select the Tools menu and click Folder Options.
*Select the View tab.
*Check Display the contents of system folders.
*Under Hidden files and folders select Show hidden files and folders.
*Uncheck Hide file extensions for known file types.
*Uncheck Hide protected operating system files.
*Press the Apply button and then the OK button.

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • c:\windows\system32\2424236186.sys
  • Click on the Upload button.
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Are you still experiencing McAfee buffer overflow or virus alerts?

Combofix is not a trojan, but Mcafee is falsely detecting it as such.
  • 0

#22
Midnighter
Posted 25 May 2009 - 08:39 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
VirSCAN.org Scanned Report :
Scanned time : 2009/05/25 19:23:57 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : 2424236186.sys
File Size : 88 byte
File Type : X11 SNF font data, LSB first
MD5 : eea777de11d96c1f3c289dc7be797ba5
SHA1 : 387798ca7f0c1434deb003c6b449b672ea7cc904
Online report : http://virscan.org/r...47f1bb25c0.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090525200514 2009-05-25 2.11 -
AhnLab V3 2009.05.26.00 2009.05.26 2009-05-26 0.91 -
AntiVir 8.2.0.168 7.1.4.13 2009-05-25 0.30 -
Antiy 2.0.18 20090525.2464226 2009-05-25 0.13 -
Arcavir 2009 200905252009 2009-05-25 0.06 -
Authentium 5.1.1 200905251818 2009-05-25 1.11 -
AVAST! 4.7.4 090525-0 2009-05-25 0.00 -
AVG 8.5.286 270.12.39/2134 2009-05-26 3.42 -
BitDefender 7.81008.3112278 7.25637 2009-05-26 2.88 -
CA (VET) 9.0.0.143 31.6.6519 2009-05-25 9.18 -
ClamAV 0.95.1 9390 2009-05-25 0.00 -
Comodo 3.9 1199 2009-05-25 0.76 -
CP Secure 1.1.0.715 2009.05.25 2009-05-25 9.60 -
Dr.Web 4.44.0.9170 2009.05.26 2009-05-26 4.59 -
F-Prot 4.4.4.56 20090525 2009-05-25 1.15 -
F-Secure 5.51.6100 2009.05.25.14 2009-05-25 0.04 -
Fortinet 2.81-3.117 10.429 2009-05-25 0.16 -
GData 19.5391/19.342 20090526 2009-05-26 4.14 -
ViRobot 20090525 2009.05.25 2009-05-25 0.47 -
Ikarus T3.1.01.49 2009.05.25.72767 2009-05-25 3.49 -
JiangMin 11.0.706 2009.05.25 2009-05-25 3.01 -
Kaspersky 5.5.10 2009.05.26 2009-05-26 0.02 -
KingSoft 2009.2.5.15 2009.5.25.21 2009-05-25 1.34 -
McAfee 5.3.00 5626 2009-05-25 2.92 -
Microsoft 1.4701 2009.05.26 2009-05-26 4.12 -
mks_vir 2.01 2009.05.25 2009-05-25 3.13 -
Norman 6.01.05 6.01.00 2009-05-25 4.00 -
Panda 9.05.01 2009.05.25 2009-05-25 1.59 -
Trend Micro 8.700-1004 6.148.09 2009-05-25 0.02 -
Quick Heal 10.00 2009.05.25 2009-05-25 1.23 -
Rising 20.0 21.31.04.00 2009-05-25 0.54 -
Sophos 2.86.0 4.41 2009-05-26 2.53 -
Sunbelt 5153 5153 2009-05-24 0.86 -
Symantec 1.3.0.24 20090525.002 2009-05-25 0.21 -
nProtect 20090525.02 3872265 2009-05-25 6.83 -
The Hacker 6.3.4.3 v00331 2009-05-24 0.57 -
VBA32 3.12.10.6 20090525.1452 2009-05-25 1.93 -
VirusBuster 4.5.11.10 10.105.39/1412394 2009-05-25 1.71 -
  • 0

#23
Fred21543
Posted 26 May 2009 - 06:52 AM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
How is your computer running now? Your logs seem clean to me
  • 0

#24
Midnighter
Posted 26 May 2009 - 09:56 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
It seems like it's all back to "normal" now as far as Buffer Overflows ^_^ . No "Buffer Overflow blocked" windows popping up and all that stuff. BUT, other users in my computer have been getting:

"Run DLL error - Error Loading: C:\DOC~1\LOCALS~1\protect.dll. Specified module could not be found."

I'm not certain wether the "DOC" is Documents or Document-- I'll check later. Maybe I failed to mention it before but, this has been happening around the time since right when we started... (I think I said this earlier.) Also--

--the Windows Update thing. It's not cancelling for no apparent reason anymore, but every time it finishes downloading, it asks for a Windows XP Professional CD in order to install the update, which is weird. Since I don't have the CD, I'd have to press Cancel... Do you even need a CD to install SP3?-->Why would they release an update that requires something besides an Internet connection? (I have the Media Center Edition, maybe that's the problem? But the updates are for all XP users right?)
--> [will post window pic later]

Thanks for all the help by the way, you've been helping me for more than a week now :))

Edited by Midnighter, 28 May 2009 - 06:48 PM.

  • 0

#25
Fred21543
Posted 29 May 2009 - 04:59 AM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way


If still too large, you can upload to a site such as http://www.mediafire.com
  • 0

Advertisements

#26
Midnighter
Posted 30 May 2009 - 03:56 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Do you think I should mark: "Scan All users" for OTScan? The Run DLL error is happening on all the other users, but not on the one I'm using.

Anyway, here's the report:

OTScanIt2 logfile created on: 5/30/2009 2:38:13 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.14.0	 Folder = C:\Documents and Settings\JAMES\Desktop\OTScanIt2
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.09 Mb Total Physical Memory | 427.03 Mb Available Physical Memory | 41.78% Memory free
2.40 Gb Paging File | 1.90 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.00 Gb Total Space | 115.29 Gb Free Space | 50.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: VERA
Current User Name: JAMES
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> [2004/04/07 10:07:32 | 01,135,728 | ---- | M] (America Online, Inc.)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
cameraassistant.exe -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe -> [2005/12/07 10:26:30 | 00,489,472 | ---- | M] (Logitech Inc.)
dlactrlw.exe -> %SystemRoot%\System32\DLA\DLACTRLW.EXE -> [2005/09/08 03:20:00 | 00,122,940 | ---- | M] (Sonic Solutions)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 00:06:00 | 00,024,576 | R--- | M] (BVRP Software)
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [2005/10/05 01:12:00 | 00,094,208 | ---- | M] ()
ehmsas.exe -> %SystemRoot%\eHome\ehmsas.exe -> [2005/08/05 11:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> %SystemRoot%\eHome\ehRecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> %SystemRoot%\eHome\ehSched.exe -> [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/09/29 12:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
elkctrl.exe -> %SystemRoot%\system32\ElkCtrl.exe -> [2004/11/01 17:22:22 | 00,262,144 | ---- | M] (Logitech Inc.)
elservice.exe -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> [2005/12/12 07:52:32 | 00,180,224 | ---- | M] (Intel Corporation)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqSTE08.exe -> [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.)
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\iaanotif.exe -> [2005/06/17 05:56:14 | 00,139,264 | ---- | M] (Intel Corporation)
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\iaantmon.exe -> [2005/06/17 05:55:58 | 00,086,140 | ---- | M] (Intel Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/09 10:48:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/04/09 10:48:25 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> [2006/06/15 12:36:18 | 00,229,376 | ---- | M] (Nokia)
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2007/02/15 18:27:02 | 00,067,128 | ---- | M] (Logitech Inc.)
lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> [2005/12/09 15:32:18 | 00,225,280 | ---- | M] (Logitech Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.)
mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2009/02/11 11:06:36 | 00,210,216 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
motivesb.exe -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> [2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.)
mpbtn.exe -> %ProgramFiles%\SBC Self Support Tool\bin\mpbtn.exe -> [2003/10/10 09:06:10 | 00,192,512 | ---- | M] ()
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.)
msksrver.exe -> %ProgramFiles%\McAfee\MSK\MskSrver.exe -> [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools)
pen_tablet.exe -> %SystemRoot%\system32\Pen_Tablet.exe -> [2008/05/01 15:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.)
pen_tablet.exe -> %SystemRoot%\system32\Pen_Tablet.exe -> [2008/05/01 15:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.)
pen_tabletuser.exe -> %SystemRoot%\system32\WTablet\Pen_TabletUser.exe -> [2008/05/01 15:41:38 | 00,136,488 | ---- | M] (Wacom Technology, Corp.)
qbdagent2002.exe -> %ProgramFiles%\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe -> [2001/11/14 03:25:12 | 00,311,296 | ---- | M] ()
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> [2008/10/07 08:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc)
servicelayer.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> [2006/06/05 13:59:18 | 00,174,080 | ---- | M] (Nokia.)
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [2006/09/05 05:18:06 | 00,081,920 | ---- | M] ()
stsystra.exe -> %SystemRoot%\stsystra.exe -> [2005/03/22 14:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.)
 
[Win32 Services - Safe List]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> [2004/04/07 10:07:32 | 01,135,728 | ---- | M] (America Online, Inc.)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 15:47:46 | 00,076,848 | ---- | M] ()
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\eHome\ehRecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\eHome\ehSched.exe -> [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> [2005/12/12 07:52:32 | 00,180,224 | ---- | M] (Intel Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GoToAssist) GoToAssist [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Citrix\GoToAssist\514\g2aservice.exe -> [2009/04/28 20:54:04 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/01/26 22:16:07 | 00,138,168 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\iaantmon.exe -> [2005/06/17 05:55:58 | 00,086,140 | ---- | M] (Intel Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/09 10:48:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\logitech\lvmvfm\LVPrcSrv.exe -> [2005/12/09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2009/02/11 11:06:36 | 00,210,216 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2009/04/01 14:21:30 | 00,365,072 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\mhn.dll -> [2004/08/10 02:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.)
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> [2006/08/11 02:42:38 | 00,057,344 | ---- | M] (Sony Corporation)
(MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\MskSrver.exe -> [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.)
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(npkcmsvc) npkcmsvc [Win32_Own | Auto | Stopped] ->  -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> [2006/08/11 02:31:18 | 00,057,344 | ---- | M] (Sony Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP)
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> [2006/06/05 13:59:18 | 00,174,080 | ---- | M] (Nokia.)
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> [2006/08/11 02:20:48 | 00,069,632 | ---- | M] (Sony Corporation)
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> [2006/09/05 04:25:10 | 00,069,632 | ---- | M] (Sony Corporation)
(TabletServicePen) TabletServicePen [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Pen_Tablet.exe -> [2008/05/01 15:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2006/08/03 09:51:53 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(ATIAVPCI) ATI Unified AVStream service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\atinavrr.sys -> [2006/01/03 17:58:00 | 00,269,952 | ---- | M] (ATI Technologies Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLABOIOM.SYS -> [2005/09/08 03:20:00 | 00,025,628 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLACDBHM.SYS -> [2005/08/25 10:16:52 | 00,005,628 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLADResN.SYS -> [2005/09/08 03:20:00 | 00,002,496 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAIFS_M.SYS -> [2005/09/08 03:20:00 | 00,086,524 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAOPIOM.SYS -> [2005/09/08 03:20:00 | 00,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAPoolM.SYS -> [2005/09/08 03:20:00 | 00,006,364 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLARTL_N.SYS -> [2005/08/25 10:16:16 | 00,022,684 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDFAM.SYS -> [2005/09/08 03:20:00 | 00,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDF_M.SYS -> [2005/09/08 03:20:00 | 00,087,036 | ---- | M] (Sonic Solutions)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 01:30:00 | 00,089,264 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\System32\Drivers\DRVNDDM.SYS -> [2005/08/12 03:20:00 | 00,040,544 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\dsunidrv.sys -> [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\e100b325.sys -> [2001/08/17 10:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\e1e5132.sys -> [2005/08/25 10:05:24 | 00,176,128 | ---- | M] (Intel Corporation)
(ELacpi) ELacpi [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ELacpi.sys -> [2005/12/12 07:52:32 | 00,007,808 | ---- | M] (Intel Corporation)
(ELhid) ELhid [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\ELhid.sys -> [2005/12/12 07:52:34 | 00,010,112 | ---- | M] (Intel Corporation)
(ELkbd) ELkbd [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\ELkbd.sys -> [2005/12/12 07:52:34 | 00,006,912 | ---- | M] (Intel Corporation)
(ELmon) ELmon [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\ELmon.sys -> [2005/12/12 07:52:34 | 00,007,040 | ---- | M] (Intel Corporation)
(ELmou) ELmou [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\ELmou.sys -> [2005/12/12 07:52:34 | 00,006,400 | ---- | M] (Intel Corporation)
(FilterService) UVC Filter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\lvuvcflt.sys -> [2005/12/05 20:28:38 | 00,014,080 | R--- | M] (Logitech Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZid412.sys -> [2005/03/07 21:43:25 | 00,051,120 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZipr12.sys -> [2005/03/07 21:43:26 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZius12.sys -> [2005/03/07 21:43:27 | 00,021,744 | R--- | M] (HP)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWBS2.sys -> [2003/11/17 12:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DP.sys -> [2003/11/17 12:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.)
(iastor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iastor.sys -> [2005/06/17 03:33:40 | 00,872,064 | ---- | M] (Intel Corporation)
(IrBus) Infrared bus filter driver for eHome remote controls [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\IrBus.sys -> [2008/04/13 11:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation)
(Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> [2005/09/20 17:27:20 | 00,010,368 | ---- | M] (InterVideo, Inc.)
(Lvckap) Logitech Kernel Audio Processing Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Lvckap.sys -> [2005/12/09 15:35:54 | 02,174,464 | ---- | M] ()
(lvmvdrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvmvdrv.sys -> [2005/12/09 15:37:42 | 02,400,256 | ---- | M] ()
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\lvpopflt.sys -> [2005/12/05 20:26:54 | 02,010,240 | R--- | M] (Logitech Inc.)
(LVPrcMon) Logitech LVPrcMon Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVPrcMon.sys -> [2005/12/09 15:37:42 | 00,016,768 | ---- | M] ()
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvusbsta.sys -> [2005/12/05 20:26:16 | 00,039,424 | R--- | M] (Logitech Inc.)
(LVUVC) Logitech QuickCam Fusion(UVC) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\lvuvc.sys -> [2005/12/05 20:28:33 | 01,103,488 | R--- | M] (Logitech Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2003/04/09 09:48:08 | 00,011,043 | ---- | M] (Conexant)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 11:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(MPE) BDA MPE Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\MPE.sys -> [2008/04/13 11:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\Mpfp.sys -> [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> [2006/05/29 08:26:36 | 00,008,704 | ---- | M] (Nokia)
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia)
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> [2006/05/29 08:26:38 | 00,127,488 | ---- | M] (Nokia)
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2009/01/15 09:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/10 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2005/04/25 00:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\SONYPVU1.SYS -> [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2005/11/16 12:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(wacmoumonitor) Wacom Mode Helper [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wacmoumonitor.sys -> [2008/03/17 13:14:52 | 00,015,144 | ---- | M] (Wacom Technology)
(wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wacommousefilter.sys -> [2007/02/16 12:12:36 | 00,011,312 | ---- | M] (Wacom Technology)
(wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wacomvhid.sys -> [2008/01/15 13:11:46 | 00,013,480 | ---- | M] (Wacom Technology)
(WacomVKHid) Virtual Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\WacomVKHid.sys -> [2007/02/15 17:11:28 | 00,011,440 | ---- | M] (Wacom Technology)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wanatw4.sys -> [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2003/11/17 12:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> Reg Error: Invalid data type. -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> Reg Error: Invalid data type. -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://search.yahoo.com/search?fr=mcafee&p=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/04/09 10:48:29 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/05/29 20:31:49 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> %SystemRoot%\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/05/25 19:59:54 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/15 06:46:04 | 00,880,880 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 05:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> %ProgramFiles%\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/01/09 09:22:10 | 00,246,800 | ---- | M] ()
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 15:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %SystemRoot%\System32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 03:20:00 | 00,110,652 | ---- | M] (Sonic Solutions)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/03/25 11:05:56 | 00,062,784 | ---- | M] (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\google\googletoolbar4.dll [Google Toolbar Helper] -> [2007/01/20 00:55:32 | 02,403,392 | R--- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> [2007/08/08 21:39:23 | 00,325,048 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/02/13 12:44:56 | 00,150,032 | ---- | M] ()
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/06/14 06:17:42 | 00,094,208 | ---- | M] (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/04/09 10:48:25 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/04/09 10:48:29 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/15 06:46:06 | 00,160,496 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/02/13 12:44:56 | 00,150,032 | ---- | M] ()
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\google\googletoolbar4.dll [&Google] -> [2007/01/20 00:55:32 | 02,403,392 | R--- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2008/07/15 06:46:04 | 00,880,880 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\google\googletoolbar4.dll [&Google] -> [2007/01/20 00:55:32 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\google\googletoolbar4.dll [&Google] -> [2007/01/20 00:55:32 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2008/07/15 06:46:04 | 00,880,880 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/09/03 20:12:50 | 00,111,936 | ---- | M] (Apple Inc.)
"DLA" -> %SystemRoot%\System32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> [2005/09/08 03:20:00 | 00,122,940 | ---- | M] (Sonic Solutions)
"DMXLauncher" -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2005/10/05 01:12:00 | 00,094,208 | ---- | M] ()
"ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 12:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"IAAnotif" -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\iaanotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2005/06/17 05:56:14 | 00,139,264 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 08:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 08:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"LogitechCameraAssistant" -> %ProgramFiles%\Logitech\Video\CameraAssistant.exe [C:\Program Files\Logitech\Video\CameraAssistant.exe] -> [2005/12/07 10:26:30 | 00,489,472 | ---- | M] (Logitech Inc.)
"LogitechCameraService(E)" -> %SystemRoot%\system32\ElkCtrl.exe [C:\WINDOWS\system32\ElkCtrl.exe /automation] -> [2004/11/01 17:22:22 | 00,262,144 | ---- | M] (Logitech Inc.)
"LogitechVideo[inspector]" -> %ProgramFiles%\Logitech\Video\InstallHelper.exe [C:\Program Files\Logitech\Video\InstallHelper.exe /inspect] -> [2005/12/07 10:33:16 | 00,073,728 | ---- | M] (Logitech Inc.)
"LVCOMSX" -> %SystemRoot%\system32\LVCOMSX.EXE [C:\WINDOWS\system32\LVCOMSX.EXE] -> [2005/12/09 15:32:18 | 00,225,280 | ---- | M] (Logitech Inc.)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.)
"Motive SmartBridge" -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe [C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe] -> [2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.)
"NvCplDaemon" -> %SystemRoot%\system32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2009/01/15 09:19:00 | 13,680,640 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2009/01/15 09:19:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2009/01/15 09:19:00 | 01,657,376 | ---- | M] ()
"PCSuiteTrayApplication" -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup] -> [2006/06/15 12:36:18 | 00,229,376 | ---- | M] (Nokia)
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/11/04 11:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2005/03/22 14:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/04/09 10:48:25 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"YSearchProtection" -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2008/10/07 08:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"LDM" -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> [2007/02/15 18:27:02 | 00,067,128 | ---- | M] (Logitech Inc.)
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"Search Protection" -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2008/10/07 08:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc)
"SsAAD.exe" -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe [C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] -> [2006/09/05 05:18:06 | 00,081,920 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2004/02/16 20:13:54 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 00:06:00 | 00,024,576 | R--- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.)
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2007/02/15 18:27:02 | 00,067,128 | ---- | M] (Logitech Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/12 23:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk -> %ProgramFiles%\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe -> [2001/11/14 03:25:12 | 00,311,296 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\SBC Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> [2003/10/10 09:06:10 | 00,217,088 | ---- | M] (Motive Communications, Inc.)
< JAMES Startup Folder > -> C:\Documents and Settings\JAMES\Start Menu\Programs\Startup -> 
 -> %UserProfile%\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> [2006/10/12 22:05:47 | 00,256,000 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000] -> [2009/03/02 15:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2007/12/12 15:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 15:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll [Installation Support] -> 
{3DCEC959-378A-4922-AD7E-FD5C925D927F} [HKLM] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab [Disney Online Games ActiveX Control] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www2.snapfish.com/SnapfishActivia.cab [Snapfish Activia] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186004408062 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{BD8667B7-38D8-4C77-B580-18C3E146372C} [HKLM] -> http://ak.imgag.com/imgag/cp/install/Crusher.cab [Creative Toolbox Plug-in] -> 
{C333B6BA-1CEB-420B-A16C-E69F1C6956A0} [HKLM] -> https://ibs.pnb.com.ph/download/Authentic/VBAuthentic-PNB.cab [PNB_VBAuthentic.Authentic] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab [Shockwave Flash Object] -> 
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5B7B4E05-426C-4620-8D65-0703D0EC1A5B} ->	() -> 
{EDE08109-8CF2-4BAB-B19B-562A7986DB0B} ->	(Intel(R) PRO/1000 PL Network Connection) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> %ProgramFiles%\Citrix\GoToAssist\514\G2AWinLogon.dll -> [2009/04/28 20:54:02 | 00,010,536 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> File not found
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> File not found
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> [2004/09/01 09:56:56 | 00,259,184 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> [2004/04/07 10:07:32 | 01,135,728 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> [2004/04/07 10:07:34 | 00,496,752 | ---- | M] (America Online, Inc)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2007/02/15 18:27:02 | 00,067,128 | ---- | M] (Logitech Inc.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2008/08/11 14:05:18 | 00,159,744 | ---- | M] (Nexon)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> [2004/09/01 09:56:56 | 00,259,184 | ---- | M] (America Online, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> [2004/04/07 10:07:32 | 01,135,728 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> [2004/04/07 10:07:34 | 00,496,752 | ---- | M] (America Online, Inc)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/05/12 08:34:58 | 00,151,635 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2005/05/24 02:34:36 | 00,057,344 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2005/05/24 02:17:46 | 00,225,280 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2005/05/24 02:18:00 | 00,040,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2005/05/24 02:13:32 | 00,081,920 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2005/05/24 02:42:00 | 00,172,032 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2005/05/12 07:28:02 | 01,081,344 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2005/05/12 10:06:08 | 00,200,704 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2005/05/24 02:18:52 | 00,458,752 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2005/03/15 15:17:50 | 00,704,512 | ---- | M] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2005/03/15 15:12:10 | 00,417,792 | ---- | M] ()
"C:\Program Files\IncrediMail\bin\IMApp.exe" -> C:\Program Files\IncrediMail\bin\IMApp.exe [C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail] -> [2008/07/24 14:22:22 | 00,189,824 | ---- | M] (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImLc.exe" -> C:\Program Files\IncrediMail\bin\ImLc.exe [C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail] -> [2008/07/24 14:22:30 | 00,308,608 | ---- | M] (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" -> C:\Program Files\IncrediMail\bin\ImpCnt.exe [C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail] -> [2008/07/24 14:22:24 | 00,112,000 | ---- | M] (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" -> C:\Program Files\IncrediMail\bin\IncMail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail] -> [2008/07/24 14:22:28 | 00,243,072 | ---- | M] (IncrediMail, Ltd.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 14:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2007/02/15 18:27:02 | 00,067,128 | ---- | M] (Logitech Inc.)
"C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe" -> C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe [C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:Star Wars(TM): Republic Commando(TM)] -> [2005/01/26 21:52:00 | 00,360,448 | ---- | M] ()
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" -> C:\Program Files\Steam\Steam.exe [C:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> [2009/05/19 17:42:37 | 01,217,784 | ---- | M] (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\dawn of war demo\W40k.exe" -> C:\Program Files\Steam\SteamApps\common\dawn of war demo\W40k.exe [C:\Program Files\Steam\SteamApps\common\dawn of war demo\W40k.exe:*:Enabled:W40K] -> [2008/12/09 16:16:35 | 02,705,408 | ---- | M] (Relic Entertainment Inc.)
"C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe" -> C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe [C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:left4dead] -> [2009/04/21 14:58:35 | 00,098,304 | ---- | M] ()
"C:\Program Files\Steam\SteamApps\stickybombs\garrysmod\hl2.exe" -> C:\Program Files\Steam\SteamApps\stickybombs\garrysmod\hl2.exe [C:\Program Files\Steam\SteamApps\stickybombs\garrysmod\hl2.exe:*:Enabled:hl2] -> [2009/04/18 13:59:01 | 00,098,304 | ---- | M] ()
"C:\Program Files\Steam\SteamApps\stickybombs\team fortress 2\hl2.exe" -> C:\Program Files\Steam\SteamApps\stickybombs\team fortress 2\hl2.exe [C:\Program Files\Steam\SteamApps\stickybombs\team fortress 2\hl2.exe:*:Enabled:hl2] -> [2009/05/21 20:26:47 | 00,098,304 | ---- | M] ()
"C:\Program Files\Steam\SteamApps\stickybombs\the ship\ship.exe" -> C:\Program Files\Steam\SteamApps\stickybombs\the ship\ship.exe [C:\Program Files\Steam\SteamApps\stickybombs\the ship\ship.exe:*:Enabled:ship] -> [2008/12/21 18:10:16 | 00,090,112 | ---- | M] ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 11:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/08/16 02:43:04 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
 
[Files/Folders - Created Within 30 Days]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> 
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/05/30 14:37:22 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/30 14:32:02 | 00,665,196 | ---- | C] ()
WTablet -> %AppData%\WTablet -> [2009/05/28 21:04:57 | 00,000,000 | ---D | C]
PenTablet.znc -> %SystemRoot%\System32\PenTablet.znc -> [2009/05/28 21:04:43 | 01,532,082 | ---- | C] ()
PenTablet.cpl -> %SystemRoot%\System32\PenTablet.cpl -> [2009/05/28 21:04:42 | 03,708,200 | ---- | C] (Wacom Technology, Corp.)
WacomVKHid.sys -> %SystemRoot%\System32\drivers\WacomVKHid.sys -> [2009/05/28 21:04:36 | 00,011,440 | ---- | C] (Wacom Technology)
wacomvhid.sys -> %SystemRoot%\System32\drivers\wacomvhid.sys -> [2009/05/28 21:04:26 | 00,013,480 | ---- | C] (Wacom Technology)
wacommousefilter.sys -> %SystemRoot%\System32\drivers\wacommousefilter.sys -> [2009/05/28 21:04:26 | 00,011,312 | ---- | C] (Wacom Technology)
wacmoumonitor.sys -> %SystemRoot%\System32\drivers\wacmoumonitor.sys -> [2009/05/28 21:04:22 | 00,015,144 | ---- | C] (Wacom Technology)
WTablet -> %SystemRoot%\System32\WTablet -> [2009/05/28 21:04:22 | 00,000,000 | ---D | C]
Wintab32.dll -> %SystemRoot%\System32\Wintab32.dll -> [2009/05/28 21:04:20 | 00,181,544 | ---- | C] (Wacom Technology, Corp.)
Pen_Tablet.dll -> %SystemRoot%\System32\Pen_Tablet.dll -> [2009/05/28 21:04:20 | 00,128,296 | ---- | C] (Wacom Technology, Corp.)
Pen_Tablet.exe -> %SystemRoot%\System32\Pen_Tablet.exe -> [2009/05/28 21:04:19 | 03,032,360 | ---- | C] (Wacom Technology, Corp.)
Tablet -> %ProgramFiles%\Tablet -> [2009/05/28 21:04:16 | 00,000,000 | ---D | C]
ntprint.cat -> %SystemRoot%\System32\dllcache\ntprint.cat -> [2009/05/27 20:16:40 | 01,089,593 | ---- | C] ()
e829e06f480faf1894 -> %SystemDrive%\e829e06f480faf1894 -> [2009/05/25 19:57:27 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/05/19 16:47:18 | 00,000,000 | -HSD | C]
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/05/19 16:17:51 | 00,000,210 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/05/19 16:17:42 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/05/19 16:17:38 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/05/19 16:13:41 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/05/19 16:13:41 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/05/19 16:13:41 | 00,136,704 | ---- | C] (SteelWerX)
vFind.exe -> %SystemRoot%\vFind.exe -> [2009/05/19 16:13:41 | 00,117,248 | ---- | C] ()
sed.exe -> %SystemRoot%\sed.exe -> [2009/05/19 16:13:41 | 00,098,816 | ---- | C] ()
grep.exe -> %SystemRoot%\grep.exe -> [2009/05/19 16:13:41 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/05/19 16:13:41 | 00,068,096 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/05/19 16:13:41 | 00,031,232 | ---- | C] (NirSoft)
Qoobox -> %SystemDrive%\Qoobox -> [2009/05/19 16:13:24 | 00,000,000 | ---D | C]
Left 4 Dead Authoring Tools Beta.lnk -> %UserProfile%\Desktop\Left 4 Dead Authoring Tools Beta.lnk -> [2009/05/15 20:38:53 | 00,001,600 | ---- | C] ()
Kaspersky online scan report 5-10-09 11 -> %UserProfile%\My Documents\Kaspersky online scan report 5-10-09 11 -> [2009/05/10 23:14:00 | 00,000,000 | ---- | C] ()
Crayon Physics Deluxe -> %AppData%\Crayon Physics Deluxe -> [2009/05/07 16:15:26 | 00,000,000 | ---D | C]
_OTListIt -> %SystemDrive%\_OTListIt -> [2009/05/06 15:42:27 | 00,000,000 | ---D | C]
OTListIt2.exe -> %UserProfile%\Desktop\OTListIt2.exe -> [2009/05/05 18:38:37 | 00,501,248 | ---- | C] (OldTimer Tools)
Rooter$ -> %SystemDrive%\Rooter$ -> [2009/05/05 18:28:09 | 00,000,000 | ---D | C]
Rooter.exe -> %UserProfile%\Desktop\Rooter.exe -> [2009/05/05 18:27:30 | 00,267,612 | ---- | C] ()
ERDNT -> %SystemRoot%\ERDNT -> [2009/05/05 16:46:44 | 00,000,000 | ---D | C]
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/05/05 16:45:53 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/05/05 16:45:53 | 00,000,592 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/05/05 16:45:50 | 00,000,000 | ---D | C]
SysRestorePoint.exe -> %UserProfile%\Desktop\SysRestorePoint.exe -> [2009/05/05 16:41:35 | 00,021,504 | ---- | C] (Doug Knox)
Malwarebytes -> %AppData%\Malwarebytes -> [2009/04/30 15:46:43 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/30 15:46:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/04/30 15:46:41 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/30 15:46:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/04/30 15:46:36 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/04/30 15:46:36 | 00,000,000 | ---D | C]
d347bus.sys -> %SystemRoot%\System32\drivers\d347bus.sys -> [2009/03/04 17:06:40 | 00,155,136 | ---- | C] ( )
d347prt.sys -> %SystemRoot%\System32\drivers\d347prt.sys -> [2009/03/04 17:06:40 | 00,005,248 | ---- | C] ( )
xlive.dll.cat -> %SystemRoot%\System32\xlive.dll.cat -> [2008/10/28 18:40:48 | 00,173,552 | ---- | C] ()
physxcudart_20.dll -> %SystemRoot%\System32\physxcudart_20.dll -> [2008/10/07 10:13:30 | 00,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> %SystemRoot%\System32\AgCPanelTraditionalChinese.dll -> [2008/10/07 10:13:22 | 00,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> %SystemRoot%\System32\AgCPanelSwedish.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> %SystemRoot%\System32\AgCPanelSpanish.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> %SystemRoot%\System32\AgCPanelSimplifiedChinese.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> %SystemRoot%\System32\AgCPanelPortugese.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelKorean.dll -> %SystemRoot%\System32\AgCPanelKorean.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> %SystemRoot%\System32\AgCPanelJapanese.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelGerman.dll -> %SystemRoot%\System32\AgCPanelGerman.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
AgCPanelFrench.dll -> %SystemRoot%\System32\AgCPanelFrench.dll -> [2008/10/07 10:13:20 | 00,058,648 | ---- | C] ()
MCC16.dll -> %SystemRoot%\System32\MCC16.dll -> [2008/08/23 15:29:13 | 00,006,048 | ---- | C] ()
nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll -> [2008/05/02 22:46:00 | 01,724,416 | ---- | C] ()
nview.dll -> %SystemRoot%\System32\nview.dll -> [2008/05/02 22:46:00 | 01,507,328 | ---- | C] ()
nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll -> [2008/05/02 22:46:00 | 01,101,824 | ---- | C] ()
nvshell.dll -> %SystemRoot%\System32\nvshell.dll -> [2008/05/02 22:46:00 | 00,466,944 | ---- | C] ()
nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll -> [2008/05/02 22:46:00 | 00,286,720 | ---- | C] ()
RUNAWAY2.INI -> %SystemRoot%\RUNAWAY2.INI -> [2008/04/24 15:54:45 | 00,000,040 | ---- | C] ()
CddbPlaylist2Sony.dll -> %SystemRoot%\System32\CddbPlaylist2Sony.dll -> [2007/06/10 15:13:22 | 00,520,192 | ---- | C] ()
HP_CounterReport_Update_HPSU.ini -> %SystemRoot%\HP_CounterReport_Update_HPSU.ini -> [2007/05/10 20:48:46 | 00,000,227 | ---- | C] ()
HP_48BitScanUpdatePatch.ini -> %SystemRoot%\HP_48BitScanUpdatePatch.ini -> [2007/05/10 20:48:35 | 00,000,214 | ---- | C] ()
HP_RedboxHprblog_HPSU.ini -> %SystemRoot%\HP_RedboxHprblog_HPSU.ini -> [2007/05/10 20:43:00 | 00,000,221 | ---- | C] ()
NCLogConfig.ini -> %SystemRoot%\NCLogConfig.ini -> [2006/11/11 21:36:32 | 00,000,221 | ---- | C] ()
QuickInstall.INI -> %SystemRoot%\QuickInstall.INI -> [2006/10/21 08:42:11 | 00,000,000 | ---- | C] ()
lvcoinst.ini -> %SystemRoot%\System32\lvcoinst.ini -> [2006/10/14 15:20:04 | 00,013,126 | R--- | C] ()
InstExec.ini -> %SystemRoot%\System32\InstExec.ini -> [2006/10/14 15:12:00 | 00,000,719 | R--- | C] ()
iPlayer.INI -> %SystemRoot%\iPlayer.INI -> [2006/08/20 16:30:01 | 00,000,000 | ---- | C] ()
KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys -> [2006/08/12 11:27:22 | 00,003,350 | -HS- | C] ()
2424236186.sys -> %SystemRoot%\System32\2424236186.sys -> [2006/08/12 11:27:22 | 00,000,088 | RHS- | C] ()
smscfg.ini -> %SystemRoot%\smscfg.ini -> [2006/08/03 10:07:59 | 00,000,061 | ---- | C] ()
wininit.ini -> %SystemRoot%\wininit.ini -> [2006/08/03 09:59:51 | 00,000,126 | ---- | C] ()
ODBC.INI -> %SystemRoot%\ODBC.INI -> [2006/08/03 09:56:39 | 00,000,376 | ---- | C] ()
OEMINFO.INI -> %SystemRoot%\System32\OEMINFO.INI -> [2006/08/03 09:17:53 | 00,000,387 | ---- | C] ()
LVMVdrv.sys -> %SystemRoot%\System32\drivers\LVMVdrv.sys -> [2005/12/09 15:37:42 | 02,400,256 | ---- | C] ()
LVPrcMon.sys -> %SystemRoot%\System32\drivers\LVPrcMon.sys -> [2005/12/09 15:37:42 | 00,016,768 | ---- | C] ()
Lvckap.sys -> %SystemRoot%\System32\drivers\Lvckap.sys -> [2005/12/09 15:35:54 | 02,174,464 | ---- | C] ()
CddbCdda.dll -> %SystemRoot%\System32\CddbCdda.dll -> [2005/12/07 12:31:00 | 00,202,752 | R--- | C] ()
px.ini -> %SystemRoot%\System32\px.ini -> [2005/11/09 23:56:34 | 00,000,000 | ---- | C] ()
fxsperf.ini -> %SystemRoot%\System32\fxsperf.ini -> [2005/08/16 02:37:24 | 00,001,793 | ---- | C] ()
win.ini -> %SystemRoot%\win.ini -> [2005/08/16 02:18:43 | 00,000,844 | ---- | C] ()
system.ini -> %SystemRoot%\system.ini -> [2005/08/16 02:18:41 | 00,000,227 | ---- | C] ()
psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll -> [2005/08/05 12:01:54 | 00,235,008 | ---- | C] ()
daemon.dll -> %SystemRoot%\daemon.dll -> [2004/08/22 18:04:56 | 00,069,120 | ---- | C] ()
OUTLPERF.INI -> %SystemRoot%\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 00,002,695 | ---- | C] ()
hptcpmon.ini -> %SystemRoot%\System32\hptcpmon.ini -> [2001/07/06 15:30:00 | 00,003,399 | ---- | C] ()
indounin.dll -> %SystemRoot%\System32\indounin.dll -> [1999/01/27 13:39:06 | 00,065,024 | ---- | C] ()
Iyvu9_32.dll -> %SystemRoot%\System32\Iyvu9_32.dll -> [1997/06/13 07:56:08 | 00,056,832 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> 
6 C:\Documents and Settings\JAMES\My Documents\*.tmp files -> C:\Documents and Settings\JAMES\My Documents\*.tmp -> 
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/30 14:32:04 | 00,665,196 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/05/30 13:57:16 | 00,198,932 | ---- | M] ()
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2009/05/30 09:52:19 | 00,019,205 | ---- | M] ()
Perflib_Perfdata_7d0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_7d0.dat -> [2009/05/30 09:51:52 | 00,000,000 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/05/30 09:51:43 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/05/30 09:51:40 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/05/30 09:51:38 | 10,718,12608 | -HS- | M] ()
lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs -> [2009/05/30 09:51:32 | 00,000,000 | ---- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/05/29 23:18:16 | 15,990,784 | ---- | M] ()
User_Feed_Synchronization-{F7996325-0EDF-44E4-A113-8B4573E32D18}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{F7996325-0EDF-44E4-A113-8B4573E32D18}.job -> [2009/05/29 16:16:11 | 00,000,422 | -H-- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/29 15:18:16 | 00,006,936 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/29 15:18:16 | 00,005,347 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/05/28 21:25:02 | 00,000,278 | -HS- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/05/28 21:05:21 | 00,070,912 | ---- | M] ()
Perflib_Perfdata_9b8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_9b8.dat -> [2009/05/27 22:26:43 | 00,016,384 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/05/27 22:25:46 | 00,507,744 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/05/27 22:25:46 | 00,445,678 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/05/27 22:25:46 | 00,072,692 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/05/27 20:14:25 | 04,274,608 | -H-- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/05/27 20:11:14 | 00,002,206 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/05/25 21:42:59 | 00,252,680 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/05/19 16:31:48 | 00,000,227 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/05/19 16:27:59 | 00,000,027 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/05/19 16:17:51 | 00,000,280 | RHS- | M] ()
wklntsk1.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk1.dat -> [2009/05/17 09:18:13 | 00,201,374 | ---- | M] ()
Microsoft Office Excel 2003.lnk -> %AllUsersProfile%\Documents\Microsoft Office Excel 2003.lnk -> [2009/05/17 08:25:18 | 00,002,495 | ---- | M] ()
Left 4 Dead Authoring Tools Beta.lnk -> %UserProfile%\Desktop\Left 4 Dead Authoring Tools Beta.lnk -> [2009/05/15 20:38:53 | 00,001,600 | ---- | M] ()
vFind.exe -> %SystemRoot%\vFind.exe -> [2009/05/14 17:50:08 | 00,117,248 | ---- | M] ()
Kaspersky online scan report 5-10-09 11 -> %UserProfile%\My Documents\Kaspersky online scan report 5-10-09 11 -> [2009/05/10 23:16:20 | 00,000,000 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/05/07 00:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation)
OTListIt2.exe -> %UserProfile%\Desktop\OTListIt2.exe -> [2009/05/05 18:38:45 | 00,501,248 | ---- | M] (OldTimer Tools)
Rooter.exe -> %UserProfile%\Desktop\Rooter.exe -> [2009/05/05 18:27:31 | 00,267,612 | ---- | M] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/05/05 16:45:53 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/05/05 16:45:53 | 00,000,592 | ---- | M] ()
SysRestorePoint.exe -> %UserProfile%\Desktop\SysRestorePoint.exe -> [2009/05/05 16:41:41 | 00,021,504 | ---- | M] (Doug Knox)
win.ini -> %SystemRoot%\win.ini -> [2009/04/30 20:56:21 | 00,000,844 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/04/30 15:46:41 | 00,000,696 | ---- | M] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2007/05/24 20:39:56 | 00,016,384 | ---- | M] ()
data.data -> %AllUsersProfile%\Application Data\Microsoft\Plus! Digital Media Edition\data\data.data -> [2006/12/31 09:46:56 | 00,002,408 | ---- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\opa11.dat -> [2006/10/21 09:29:04 | 00,011,100 | ---- | M] ()
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2006/10/14 14:51:54 | 00,004,064 | ---- | M] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Kaspersky online scan report 5-10-09 11:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 88 bytes -> %UserProfile%\My Documents\Kaspersky online scan report 5-10-09 11:SummaryInformation
@Alternate Data Stream - 999 bytes -> %UserProfile%\My Documents\Kaspersky online scan report 5-10-09 11:13pm.txt
< End of report >

  • 0

#27
Fred21543
Posted 01 June 2009 - 07:45 AM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Yeah, mark the All Users box, then attach the file rather than posting it, by doing this;

  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#28
Midnighter
Posted 01 June 2009 - 08:58 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
OTScan; All users, file age - 30 days:

Attached File  OTScanIt.Txt   197.9KB   90 downloads
  • 0

#29
Midnighter
Posted 01 June 2009 - 09:12 PM

Midnighter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Okay, it seems as though my computer is being controlled. I was reading something off the Internet with my hands completely off the mouse (and nothing touching and moving around the mouse) and then suddenly, the page scrolled once by itself... I don't know if that's just the browser reloading but, it didn't scroll to the top, just and inch or so up. The whole page didn't even "blink" (like when you refresh a page), the page moved up and the scroll bar moved. Is this the VNC thing you were talking about, I know my computer has that, but could someone else be really scrolling it? Maybe I'm just being paranoid... but it DID scroll by itself.

(I know this question might be in the wrong place but I might as well ask :) )

Edited by Midnighter, 01 June 2009 - 09:17 PM.

  • 0

#30
Fred21543
Posted 04 June 2009 - 11:00 AM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Registry - Safe List]
< Run [HKEY_USERS\S-1-5-21-3652643410-3692381465-2931770982-1005\] > -> HKEY_USERS\S-1-5-21-3652643410-3692381465-2931770982-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "autochk" -> %SystemDrive%\DOCUME~1\LOCALS~1\protect.DLL [rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.




That is rather strange, perhaps we'd better get rid of that VNC.


  • Please Double click OTListIt2 to run it (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe
:files
C:\Documents and Settings\VERA\Local Settings\Temp\WebInstaller\Setup\SST\Data\VNC\MotVNC.exe
:commands
[start explorer]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the blue bar) and choose Paste.
  • Click the red Run Fix button and let the fix run.
  • When it is done running a Notepad window should open.
  • Copy and paste the contents of it in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP