Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
11 replies to this topic

#1 zachelll

zachelll

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 17 September 2008 - 01:37 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:25 AM, on 9/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\grant\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\grant\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\grant\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O21 - SSODL: wmpenv - {49304A37-A465-4568-A4EA-7EE11B7D1862} - (no file)
O21 - SSODL: wmpconf - {27139FB9-C424-406F-961F-77261D78BFAE} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10448 bytes


Malwarebytes' Anti-Malware 1.28
Database version: 1163
Windows 5.1.2600 Service Pack 3

9/17/2008 10:57:18 AM
mbam-log-2008-09-17 (10-57-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 208973
Time elapsed: 1 hour(s), 19 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 28
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 11
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\zafhemm.dll (Trojan.Zlob) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{8d332d3a-0114-4492-8521-c2b93b4db160} (Trojan.Zlob.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b6a3935f-8fe4-49a4-b987-a1c09e53589f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ef94a58f-599b-4602-9c34-99683c5859b1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a21c8d81-a9c7-46c6-a488-2a32fa0daeb6} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\virusresponselab2009 (Rogue.AntiVirusLab) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{8d332d3a-0114-4492-8521-c2b93b4db160} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.FakeAlert.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windowsisearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windowsisearch.com/ie6.html) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\VideoAccessCodec (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\242112 (Trojan.BHO) -> No action taken.

Files Infected:
C:\WINDOWS\system32\zafhemm.dll (Trojan.Zlob.H) -> No action taken.
C:\WINDOWS\system32\algg.exe (Trojan.FakeAlert.H) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736\A0084630.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736\A0084632.exe (Rogue.VirusHeat) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0084662.dll (Trojan.BHO) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\486530A4.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\VideoAccessCodec\install.ico (Trojan.FakeAlert) -> No action taken.
C:\Program Files\VideoAccessCodec\Thumbs.db (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\main_uninstaller.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\grant\Local Settings\Temp\xrg1.exe (Trojan.Zlob) -> No action taken.

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:06 AM

Posted 29 September 2008 - 05:44 AM

Hi zachelll

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:06 AM

Posted 05 October 2008 - 12:09 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:06 AM

Posted 23 October 2008 - 01:41 AM

Re-opened upon request.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 zachelll

zachelll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 24 October 2008 - 06:09 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:24 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\grant\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\grant\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\ZLOYS5XM.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\YVRWWUEI.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\WTKFATCD.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\W3D3IIJP.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\UF47BC1K.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\UCY1RLOO.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\TZ3FL1WU.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\RA47754T.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\RA31P1Z7.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\PZJHFX3C.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\OXM9Y30V.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\87B9EJSH.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\5UVW17C5.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\25HUFYTC.SH! c:\DOCUME~1\grant\LOCALS~1\
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O21 - SSODL: wmpenv - {49304A37-A465-4568-A4EA-7EE11B7D1862} - (no file)
O21 - SSODL: wmpconf - {27139FB9-C424-406F-961F-77261D78BFAE} - (no file)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9927 bytes

Wednesday, October 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 22, 2008 08:03:40
Records in database: 1334263
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics
Files scanned 183056
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 02:21:34

File name Threat name Threats count
C:\Documents and Settings\grant\Shared\dime lil jon clean.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
C:\Documents and Settings\grant\Shared\ja rule baby bash.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
The selected area was scanned.

hi when i try and run disk defragmenter it says disk defragmenter has
detected that chkdsk is scheduled to run on the volume: (C:).
please run chkdsk /f. but then i run it and it still says that. ty

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:06 PM

Posted 25 October 2008 - 08:35 PM

Hello, zachelll.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to remove Trojan.Brisrv.A
  • Please download Symantec's Trojan.Briserv.A Removal Tool, and save it to your desktop.
  • Double click the Posted Image file you just saved.
  • Accept the program's EULA
  • Push the Posted Image button.
  • Allow the tool to complete it's scan of your system.
  • A file called Posted Image will be created on your desktop.
  • Right click on this file, and choose "Rename"
  • Rename the log to something memorable, like "Run One"
  • REBOOT!!
  • Double click Posted Image again, and re-run the scan.
  • Post both generated reports back here
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • FixBrisrv report one
  • FixBrisrv report two
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:06 PM

Posted 29 October 2008 - 08:36 PM

Hello, zachelll.
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 zachelll

zachelll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 29 October 2008 - 08:43 PM

yes i just forgot to see if enyone replyed and i whas working on that stuff i reboot and you ask if i im here lol

#9 zachelll

zachelll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 29 October 2008 - 09:46 PM

OTViewIt logfile created on: 10/29/2008 7:40:40 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\grant\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.44% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.04 Gb Total Space | 216.70 Gb Free Space | 73.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHDVYCD1
Current User Name: grant
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/07/24 08:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/07/06 05:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2005/10/05 01:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[2005/09/08 03:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2004/07/27 14:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2007/01/12 03:09:28 | 00,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[2007/01/12 03:12:18 | 00,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
[2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2003/08/04 17:28:18 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
[2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/04/13 17:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/08/04 20:14:53 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2006/11/09 11:00:44 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\grant\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
[2003/10/29 00:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2003/09/16 05:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2007/08/06 17:18:10 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/07/06 05:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2006/01/09 13:56:04 | 00,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/11/26 10:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
[2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/12/16 16:25:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/09/15 03:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2004/01/05 00:30:14 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe
[2007/10/24 15:10:20 | 01,388,544 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
[2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2007/11/01 19:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/10/29 19:40:09 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grant\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (0075641224766275mcinstcleanup [Auto | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/19 10:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2007/11/17 16:46:51 | 00,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
[2007/08/04 20:14:52 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/07/06 05:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/01/09 13:56:04 | 00,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe -- (LxrSII1s [Auto | Running])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/11/26 10:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service [Auto | Running])
[2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2004/01/05 00:30:14 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12 [On_Demand | Running])
[2007/12/16 16:25:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/09/15 03:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/08 03:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 10:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/09/08 03:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/09/08 03:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/09/08 03:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/09/08 03:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 10:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/09/08 03:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/09/08 03:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 01:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 03:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 10:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 10:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2006/07/19 13:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2004/01/05 00:30:14 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Running])
[2004/01/05 00:30:16 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2004/01/05 00:30:16 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2003/11/17 12:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 12:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2006/07/06 04:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/04/13 11:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/01/23 15:45:00 | 00,034,576 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Stopped])
[2007/01/23 15:45:00 | 00,033,296 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Stopped])
[2006/12/14 09:37:40 | 00,072,672 | ---- | M] () -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d [Auto | Running])
[2003/04/09 09:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2001/08/17 11:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2005/01/04 11:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2 [On_Demand | Stopped])
[2008/10/07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/01/26 00:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/07/24 08:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2003/11/17 12:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.com
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com/
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Start Page"=http://www.dell.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://windowsisearch.com/search?q=%s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
"Default_Search_URL"=http://www.google.com/
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Start Page"=http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://windowsisearch.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728
"Default_Search_URL"=http://www.google.com/
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Start Page"=http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070728

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://windowsisearch.com/search?q=%s

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (HKLM) -- c:\Program Files\McAfee\MSK\mcapbho.dll ()
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" (Hewlett-Packard)
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech Inc.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" (Logitech Inc.)
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" (Logitech Inc.)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\ZLOYS5XM.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\YVRWWUEI.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\WTKFATCD.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\W3D3IIJP.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\UF47BC1K.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\UCY1RLOO.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\TZ3FL1WU.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\RA47754T.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\RA31P1Z7.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\PZJHFX3C.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\OXM9Y30V.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\87B9EJSH.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\5UVW17C5.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\25HUFYTC.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\ZLOYS5XM.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\YVRWWUEI.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\WTKFATCD.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\W3D3IIJP.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\UF47BC1K.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\UCY1RLOO.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\TZ3FL1WU.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\RA47754T.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\RA31P1Z7.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\PZJHFX3C.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\OXM9Y30V.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\87B9EJSH.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\5UVW17C5.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\25HUFYTC.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH! ()
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"LxrAutorun"=C:\Documents and Settings\grant\Local Settings\Application Data\Lexar Media\LxrAutorun.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\ZLOYS5XM.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\YVRWWUEI.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\WTKFATCD.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\W3D3IIJP.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\UF47BC1K.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\UCY1RLOO.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\TZ3FL1WU.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\RA47754T.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\RA31P1Z7.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\PZJHFX3C.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\OXM9Y30V.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\87B9EJSH.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\5UVW17C5.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.IE5\25HUFYTC.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\ZLOYS5XM.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\YVRWWUEI.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\WTKFATCD.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\W3D3IIJP.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\UF47BC1K.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\UCY1RLOO.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\TZ3FL1WU.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\RA47754T.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\RA31P1Z7.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\PZJHFX3C.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\OXM9Y30V.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\87B9EJSH.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\5UVW17C5.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\25HUFYTC.SH! c:\DOCUME~1\grant\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH! ()
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"LxrAutorun"=C:\Documents and Settings\grant\Local Settings\Application Data\Lexar Media\LxrAutorun.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2005/09/23 20:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2003/10/29 00:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2007/01/30 12:02:00 | 00,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
[2003/09/16 05:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2007/08/06 17:18:10 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2007/01/30 01:52:06 | 00,688,128 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=157

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=157

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [2005/11/10 11:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}: Button: PokerStars.net -- %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [2008/04/25 22:04:30 | 00,435,088 | ---- | M] (PokerStars)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 11:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/04/25 22:04:30 | 00,435,088 | ---- | M] (PokerStars)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 11:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/04/25 22:04:30 | 00,435,088 | ---- | M] (PokerStars)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 11:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/04/25 22:04:30 | 00,435,088 | ---- | M] (PokerStars)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 11:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} [HKLM] -> %ProgramFiles%\PokerStars.NET\PokerStarsUpdate.exe [PokerStars.net] -> [2008/04/25 22:04:30 | 00,435,088 | ---- | M] (PokerStars)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06

========== (O17) DNS Name Servers ==========

{1953BADC-D3FE-45CB-A992-804F2B1D68BD} (Servers: | Description: Intel® 82566DC Gigabit Network Connection)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
>[2007/08/11 07:53:13 | 00,145,408 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
GoToAssist: "DllName" = C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll -- C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpconf"={27139FB9-C424-406F-961F-77261D78BFAE} (HKLM) -- CLSID or file not found.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpenv"={49304A37-A465-4568-A4EA-7EE11B7D1862} (HKLM) -- CLSID or file not found.

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 11:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e5efe70-53b1-11dd-8949-001676bf11e5}\Shell\AutoRun\command]
""=I:\JDSecure\Windows\JDSecure31.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\AutoRun\command]
""=I:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/10/29 19:39:59 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grant\Desktop\OTViewIt.exe
[2008/10/29 17:28:58 | 00,441,288 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\grant\Desktop\FixBrisvA.exe
[2008/10/27 23:25:49 | 01,529,427 | ---- | C] () -- C:\Documents and Settings\grant\Desktop\54 bats.JPG
[2008/10/23 19:47:53 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/23 12:59:35 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\grant\My Documents\Default.rdp
[2008/10/23 12:51:25 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\grant\Desktop\CCleaner.lnk
[2008/10/22 15:57:24 | 00,009,928 | ---- | C] () -- C:\Documents and Settings\grant\Desktop\hijackthis2
[2008/10/22 11:14:36 | 05,244,648 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\grant\Desktop\DriverDetective.exe
[2008/10/22 11:14:17 | 00,003,164 | ---- | C] () -- C:\Documents and Settings\grant\Desktop\kaspersky.html
[2008/10/21 16:40:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/21 13:11:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2008/10/21 13:11:15 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2008/10/21 10:03:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grant\Desktop\LaRae
[2008/10/15 03:13:06 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 03:12:53 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 03:12:27 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 03:12:27 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 03:12:26 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 03:12:25 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/07 13:33:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/07 13:33:00 | 01,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/10/07 13:33:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 13:33:00 | 01,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/10/07 13:33:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/10/07 13:33:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 13:33:00 | 00,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/10/07 13:33:00 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 13:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/07 13:33:00 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/29 19:40:09 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grant\Desktop\OTViewIt.exe
[2008/10/29 18:39:41 | 00,011,421 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/29 18:39:13 | 00,198,786 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/29 18:39:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/29 18:39:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/29 18:37:59 | 09,111,324 | -H-- | M] () -- C:\Documents and Settings\grant\Local Settings\Application Data\IconCache.db
[2008/10/29 17:29:06 | 00,441,288 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\grant\Desktop\FixBrisvA.exe
[2008/10/27 22:21:20 | 01,529,427 | ---- | M] () -- C:\Documents and Settings\grant\Desktop\54 bats.JPG
[2008/10/23 12:59:35 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\grant\My Documents\Default.rdp
[2008/10/23 12:51:25 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\grant\Desktop\CCleaner.lnk
[2008/10/22 15:57:24 | 00,009,928 | ---- | M] () -- C:\Documents and Settings\grant\Desktop\hijackthis2
[2008/10/22 11:16:08 | 05,244,648 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\grant\Desktop\DriverDetective.exe
[2008/10/22 11:14:17 | 00,003,164 | ---- | M] () -- C:\Documents and Settings\grant\Desktop\kaspersky.html
[2008/10/16 03:08:54 | 00,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/07 13:33:00 | 01,703,936 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/07 13:33:00 | 01,630,208 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2008/10/07 13:33:00 | 01,486,848 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 13:33:00 | 01,339,392 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/10/07 13:33:00 | 01,019,904 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/10/07 13:33:00 | 00,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 13:33:00 | 00,442,368 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/10/07 13:33:00 | 00,425,984 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 13:33:00 | 00,286,720 | ---- | M] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/07 13:33:00 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2008/10/07 13:33:00 | 00,018,477 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/09/30 18:43:58 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\grant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< End of report >


OTViewIt Extras logfile created on: 10/29/2008 7:40:40 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\grant\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.44% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.04 Gb Total Space | 216.70 Gb Free Space | 73.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHDVYCD1
Current User Name: grant
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/08/06 17:18:10 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/07/21 12:21:36 | 00,286,720 | ---- | M] () -- C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/08/06 17:18:10 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/11/15 14:15:14 | 00,258,048 | ---- | M] () -- C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidnm.exe:*:Enabled:Solid State Networks Browser Plugin
[2008/01/18 08:10:00 | 02,921,720 | ---- | M] (Ironclad Games) -- C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire
[2007/08/07 09:22:12 | 09,710,464 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III
[2006/09/07 15:07:49 | 10,143,040 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs
[2007/07/30 16:40:02 | 00,385,024 | ---- | M] () -- C:\Program Files\Acclaim\2Moons\minilauncher.exe:*:Enabled:2moons
[2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer
[2004/04/23 11:34:23 | 07,899,252 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion
[2005/11/10 09:27:06 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2006/06/14 14:21:10 | 20,002,856 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
File not found -- C:\Documents and Settings\grant\Desktop\LOTRO-US-Book13-Downloader-FreeTrial-StandardRes.exe:*:Enabled:LOTRO-US-Book13-Downloader-FreeTrial-StandardRes
File not found -- C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/08/21 17:16:44 | 01,385,984 | ---- | M] () -- C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Disabled:rakion
[2006/09/26 18:53:22 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Disabled:Battlefield 2
[2008/04/07 14:13:12 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\mods\naw\BF2.exe:*:Disabled:BF2
[2006/09/26 17:57:02 | 04,972,544 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\bf2_w32ded.exe:*:Disabled:bf2_w32ded
File not found -- C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe:*:Disabled:Blizzard Downloader
[2008/07/21 12:21:36 | 00,286,720 | ---- | M] () -- C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Disabled:Exteel
[2006/04/19 22:08:12 | 14,402,048 | ---- | M] () -- C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:*:Disabled:Heroes of Might and Magic V
[2008/07/08 10:10:02 | 00,149,504 | ---- | M] () -- C:\Program Files\PoxNora\PoxNora.exe:*:Disabled:PoxNora
[2008/08/30 09:00:42 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/07/21 14:07:44 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
[2008/05/11 14:15:56 | 14,794,752 | ---- | M] () -- C:\Program Files\Fury\Binaries\Fury.exe:*:Enabled:Fury
[2007/12/26 03:43:00 | 00,950,272 | ---- | M] () -- C:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe:*:Enabled:Fury VOIP
[2008/10/25 13:33:42 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox
[2008/10/18 15:55:21 | 00,804,104 | ---- | M] (Mythic Entertainment, an EA Studio) -- C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\warpatch.exe:*:Enabled:Warhammer Online - Age of Reckoning

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/06 17:18:10 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/12/22 08:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{04798BA0-77EA-4592-905D-1798166D078B}"=GED 2003
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{075473F5-846A-448B-BCB3-104AA1760205}"=Roxio RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}"=Intel® PRO Network Connections
"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}"=LastChaos
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}"=HP PSC & OfficeJet 3.5
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Roxio DLA
"{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}"=4200_Help
"{1BD67531-A957-4592-9743-A2761BB4AC28}"=2Moons
"{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}"=DocProc
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}"=AiO_Scan
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.5.3
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}"=Scan
"{28101984-0BA6-40FD-9ABE-72F62F80C06C}"=Heroes of Might and Magic V
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}"=SkinsHP1
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}"=Dell DataSafe Online
"{2D782549-8B43-41BB-8C10-1990BCE30F80}"=Battleracer
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}"=Logitech SetPoint
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}"=AIOMinimal
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{34611BCF-3157-405b-A34E-879C7DC79142}"=4200
"{34957B51-9676-41CE-9E52-44AE91B73F1C}"=HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}"=HPSystemDiagnostics
"{3EE117D4-CD47-4985-B507-BEA2DACC43BD}"=Motorola Driver Installation
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}"=Unload
"{428102E6-8A39-48B9-8389-847F5A44A600}"=MSXML 4.0
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{48242276-DB89-42e8-9678-BD4280D7B99A}"=Copy
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{54BB0384-1C33-488F-A95B-877E480D3EDC}"=MSXML 4.0
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}"=PrintScreen
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}"=PlayNC Launcher
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}"=AiOSoftware
"{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}"=4200Trb
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}"=Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}"=InstantShare
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{76268C68-45ED-42A2-85C4-F27FBB4D7515}"=Heroes of Might and Magic IV
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{81DD5688-695A-4c1d-AE7D-368BF857725A}"=TrayApp
"{852940E0-6753-4848-BD4A-18382A3C2C6E}"=Dangerous Hunts 2
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}"=CDDRV_Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{9A0DCD97-9648-45ed-A52C-133C728AB2FF}"=4200Tour
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}"=CreativeProjects
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}"=SPORE™
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}"=Readme
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}"=Fax
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}"=ImageMixer VCD2 LE for FinePix
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}"=Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Roxio RecordNow Copy
"{B2163962-BFD2-4187-8B47-D9B24737DFD7}"=Kort's Spellcraft Calculator
"{B44529FF-501E-47CD-A06D-223C161BE058}"=FinePixViewer Resource
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}"=Games, Music, & Photos Launcher
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}"=Dell Support Center
"{BC339BFD-F550-471a-8D26-4D08126C62F7}"=SkinsHP2
"{BD202930-5F70-4B35-B875-1E28604F328D}"=Logitech Communications Manager
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}"=KhalSetup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}"=QuickProjects
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}"=Overland
"{D611CBD6-B6D6-404D-82AE-EC12041389D6}"=DAoC Portal
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}"=FinePix Studio
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}"=Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}"=PhotoGallery
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}"=Sins of a Solar Empire
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}"=WebReg
"360Share Pro"=360Share Pro(remove only)
"7-Zip"=7-Zip 4.57
"99 Bottles"=99 Bottles
"AcclaimGameLauncher"=Acclaim Game Launcher Plugin
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Age of Mythology Expansion Pack 1.0"=Age of Mythology Gold
"Arcade Master"=Arcade Master
"AuranFury_is1"=Fury
"Balloon Kaboom"=Balloon Kaboom
"Balloon Kaboom Challenge"=Balloon Kaboom Challenge
"BF2Deathmatch"=BF2Deathmatch 0.1
"BFGC"=Big Fish Games Client
"BFG-Master of Defense"=Master of Defense (remove only)
"BFG-Risk"=Risk (remove only)
"Block Rox"=Block Rox
"Boa Constricter"=Boa Constricter
"Brain Twister"=Brain Twister
"CCleaner"=CCleaner (remove only)
"ClocX"=ClocX (1.5b2)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1"=Conexant D850 56K V.9x DFVc Modem
"Colors of War Special Edition"=Colors of War Special Edition
"Cue Club"=Cue Club
"DAOCCharplan"=DAOC-Charplan
"Dark Age of Camelot - Labyrinth of the Minotaur_is1"=Dark Age of Camelot - Labyrinth of the Minotaur
"Dart Mania"=Dart Mania
"Demonstar Special Edition"=Demonstar Special Edition
"Diamond Fall"=Diamond Fall
"Disney Pirates of the Caribbean Online"=Disney Pirates of the Caribbean Online
"Drone"=Drone
"Drop"=Drop
"Dweebs 2 Special Edition"=Dweebs 2 Special Edition
"Dweebs Special Edition"=Dweebs Special Edition
"eBrainyGames Super Menu"=eBrainyGames Super Menu
"eGames GameButler"=eGames GameButler
"Four Orbs"=Four Orbs
"Fraps"=Fraps
"Funny Diet"=Funny Diet
"Gadgets"=Gadgets
"Google Desktop"=Google Desktop
"GoToAssist"=GoToAssist 8.0.0.480
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 3.5
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Jewel Jam Special Edition"=Jewel Jam Special Edition
"Kombat Kars Special Edition"=Kombat Kars Special Edition
"Leap And Croak"=Leap And Croak
"Live Billiards"=Live Billiards
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Master of Dwarves"=Master of Dwarves
"Max Mix Foto"=Max Mix Foto
"Maze Cube"=Maze Cube
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"ModJive"=ModJive
"Moonshot"=Moonshot
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSC"=McAfee SecurityCenter
"N.A.W 5.0 MAP Pack 45.0"=N.A.W 5.0 MAP Pack 4
"Nations at War5.2"=Nations at War
"Nebula Fighter Special Edition"=Nebula Fighter Special Edition
"NVIDIA Drivers"=NVIDIA Drivers
"Oxide Special Edition"=Oxide Special Edition
"Photo Match All"=Photo Match All
"Pinball Master Special Edition"=Pinball Master Special Edition
"PoE:2"=PoE:2 v2.1.0.0
"PokerStars.net"=PokerStars.net
"PoxNora 1.4.7.0"=PoxNora 1.4.7.0
"Punch! Home Design - Platinum"=Punch! Home Design - Platinum
"Rakion International_is1"=Rakion International
"Raptor Special Edition"=Raptor Special Edition
"Reaxxion"=Reaxxion
"Rifle Range"=Rifle Range
"Sandbox"=Sandbox
"SearchAssist"=SearchAssist
"Sins of a Solar Empire"=Sins of a Solar Empire
"Skype_is1"=Skype 2.5
"Snake Arena Special Edition"=Snake Arena Special Edition
"Sof921034Ver100DeinstKey"=Multimedia Algebra v1.00
"Softnyx Launcher_is1"=Softnyx Launcher
"SolidStateIONIE"=Solid State ION Internet Explorer Plugin
"Space Battle 2001 Special Edition"=Space Battle 2001 Special Edition
"ST5UNST #1"=Dragons and Dinosaurs Clipart
"Star Miner Special Edition"=Star Miner Special Edition
"Starcraft"=Starcraft
"Sunken Treasure"=Sunken Treasure
"Tile Blazer Special Edition"=Tile Blazer Special Edition
"Treasure Mines"=Treasure Mines
"Warhammer Online - Age of Reckoning"=Warhammer Online - Age of Reckoning
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wild Wheels Special Edition"=Wild Wheels Special Edition
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"Xfire"=Xfire (remove only)
"Zulu Assault"=Zulu Assault

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
"NCsoft-Exteel"=Exteel

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
"NCsoft-Exteel"=Exteel

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2008 3:25:37 AM | Computer Name = DHDVYCD1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2008 3:25:37 AM | Computer Name = DHDVYCD1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2008 3:25:37 AM | Computer Name = DHDVYCD1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2008 3:25:38 AM | Computer Name = DHDVYCD1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2008 5:29:19 AM | Computer Name = DHDVYCD1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3664 (0xe50) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\The Sir.
Community\ModJive\dlCache\poe2_client_v2.1_full.exe by C:\Documents and Settings\grant\Local
Settings\Temp\jkos-grant\binaries\ScanningProcess.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/22/2008 2:53:42 PM | Computer Name = DHDVYCD1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 188 (0xbc) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\The Sir.
Community\ModJive\dlCache\poe2_client_v2.1_full.exe by C:\Program Files\Malwarebytes'
Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 10/22/2008 3:24:49 PM | Computer Name = DHDVYCD1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2012 (0x7dc) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP683\A0071529.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/27/2008 11:56:45 PM | Computer Name = DHDVYCD1 | Source = Application Hang | ID = 1002
Description = Hanging application WAR.exe, version 1.0.3.388, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/29/2008 9:14:03 PM | Computer Name = DHDVYCD1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3796 (0xed4) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\The Sir.
Community\ModJive\dlCache\poe2_client_v2.1_full.exe by C:\Documents and Settings\grant\Desktop\FixBrisvA.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/29/2008 10:30:10 PM | Computer Name = DHDVYCD1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3748 (0xea4) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\The Sir.
Community\ModJive\dlCache\poe2_client_v2.1_full.exe by C:\Documents and Settings\grant\Desktop\FixBrisvA.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ System Events ]
Error - 10/21/2008 2:56:29 PM | Computer Name = DHDVYCD1 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 10/21/2008 3:43:02 PM | Computer Name = DHDVYCD1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.101 for the Network Card with network
address 001676BF11E5 has been denied by the DHCP server 192.168.2.5 (The DHCP Server
sent a DHCPNACK message).

Error - 10/21/2008 7:39:40 PM | Computer Name = DHDVYCD1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 001676BF11E5 has been denied by the DHCP server 192.168.2.5 (The DHCP Server
sent a DHCPNACK message).

Error - 10/22/2008 12:03:40 AM | Computer Name = DHDVYCD1 | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/22/2008 5:29:27 AM | Computer Name = DHDVYCD1 | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/22/2008 2:53:44 PM | Computer Name = DHDVYCD1 | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/22/2008 3:24:51 PM | Computer Name = DHDVYCD1 | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 3 time(s).

Error - 10/23/2008 4:02:59 PM | Computer Name = DHDVYCD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1953BADC-D3FE-45CB-A992.
The
master browser is stopping or an election is being forced.

Error - 10/29/2008 9:14:07 PM | Computer Name = DHDVYCD1 | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/29/2008 10:30:13 PM | Computer Name = DHDVYCD1 | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.


< End of report >

non of the fixbrisvA scans have enything in it

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:06 PM

Posted 30 October 2008 - 10:24 PM

Hello, zachelll.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    0075641224766275mcinstcleanup
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DelayShred"=-
    [HKEY_USERS\S-1-5-21-4286869864-1776807958-259738985-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DelayShred"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "wmpenv"=-
    "wmpconf"=-
    [-HKEY_CLASSES_ROOT\CLSID\{49304A37-A465-4568-A4EA-7EE11B7D1862}]
    [-HKEY_CLASSES_ROOT\CLSID\{27139FB9-C424-406F-961F-77261D78BFAE}]
    :files
    C:\Documents and Settings\grant\Shared\ja rule baby bash.wm
    C:\Documents and Settings\grant\Shared\dime lil jon clean.wm
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:06 PM

Posted 04 November 2008 - 05:15 AM

Hello, zachelll.
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:06 PM

Posted 05 November 2008 - 09:36 PM

Hello, zachelll.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users