Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looks Like I've Been Infected


  • This topic is locked This topic is locked
14 replies to this topic

#1 ph31ms

ph31ms

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 25 September 2008 - 06:52 PM

Hi

Hoping someone can help out with a possible infection on my PC (Dell Vostro 4.10, Intel Core 2 Quad 9550, 4Gb RAM, Windows XP Professional)
Symptoms are:

- frequent bluescreens (actual message varies each time)
- Firefox, IE, Outlook, Windows Search all regularly crashing.
- downloads of most anti virus / spyware products seem to get corrupted ( though other downloads are ok)

I've tried the following checks
- My usual virus checker (Symantec Antivirus) scan reports no problems .. it refuses to update its virus definitions
- Spybot Search & Destroy reports no problems
- MalwareBytes Anti-Malware found 4 infections .. think these are false positives, but as they were all empty directories Iíve removed them anyway. Hasnít fixed the problem.
Files Infected:
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> No action taken.
C:\WINDOWS\system32\systems.txt (Trojan.FakeAlert) -> No action taken.
- Stinger seems to bluescreen everytime I attempt a scan
- Housecall also either crashes the browser or bluescreens
- Panda reports no problems

Hereís the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:42:39, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberArmor\pcshelp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\MATT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CyberArmor\casvc.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=4080910
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...?channel=uk-smb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/e...?channel=uk-smb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/e...?channel=uk-smb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=4080910
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe -check
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MATT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://uk.dbrasweb.db.com/llclient/dbraswe....com+AXXPEE.dll
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://uk.dbrasweb.db.com/dana-cached/setu...perSetupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL cahooknt.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Deutsche Bank dbRAS Client\Extranet_serv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11742 bytes

Thanks in advance

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:05 AM

Posted 02 October 2008 - 03:55 PM

Hello, ph31ms.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 ph31ms

ph31ms
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 02 October 2008 - 05:39 PM

Hi Billy, thanks for getting back to me.

Here's the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:30, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\CyberArmor\pcshelp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberArmor\casvc.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=4080910
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...?channel=uk-smb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/e...?channel=uk-smb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/e...?channel=uk-smb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=4080910
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe -check
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://uk.dbrasweb.db.com/llclient/dbraswe....com+AXXPEE.dll
O16 - DPF: {CAFEEFAC-0016-000-0007-ABCDEFFEDCBA} -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://uk.dbrasweb.db.com/dana-cached/setu...perSetupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL cahooknt.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8655 bytes

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:05 AM

Posted 02 October 2008 - 06:02 PM

Hello, ph31ms.
We have to remove some entries in HiJack This
  • Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O16 - DPF: {CAFEEFAC-0016-000-0007-ABCDEFFEDCBA} -
  • Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 ph31ms

ph31ms
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 02 October 2008 - 06:27 PM

Hi Billy

Successfully removed those two entries from HJT

Here are the OTViewIT reports

OTViewIT.txt:


OTViewIt logfile created on: 03/10/2008 00:19:26 - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\MATT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.00 Gb Total Space | 268.49 Gb Free Space | 90.10% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 297.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POLLY
Current User Name: MATT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/04/14 13:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
[2006/07/20 03:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2006/07/20 03:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2008/01/31 22:20:36 | 16,860,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/02/26 16:15:30 | 00,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
[2008/09/09 22:34:00 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/02/26 10:57:28 | 00,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[2005/05/19 14:33:54 | 00,069,632 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcshelp.exe
[2008/09/09 22:34:00 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2008/03/11 12:44:36 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2006/07/20 03:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2006/08/03 16:48:44 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/08/03 16:48:26 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/12/09 23:03:06 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/03/11 12:44:38 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2006/08/03 16:48:34 | 01,807,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2005/05/19 14:33:30 | 00,065,536 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\casvc.exe
[2005/05/19 16:28:36 | 00,933,936 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcs.exe
[2005/05/19 14:33:54 | 00,069,632 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcshelp.exe
[2008/04/14 13:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/14 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/03 00:18:41 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MATT\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/07/20 03:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2006/07/20 03:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2008/04/14 13:00:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/05/19 14:33:30 | 00,065,536 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\casvc.exe -- (CyberArmorRunService [Auto | Running])
[2006/08/03 16:48:26 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2008/04/14 13:00:00 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxssvc.exe -- (Fax [Auto | Stopped])
[2006/10/21 10:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/09/09 22:34:00 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-010708-104812 [On_Demand | Stopped])
[2006/10/30 16:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/10/30 16:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/12/09 23:03:06 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/08/03 16:48:38 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Disabled | Stopped])
[2006/06/02 22:23:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Disabled | Stopped])
[2008/03/11 12:44:38 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2007/07/11 09:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2006/08/03 16:48:34 | 01,807,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2008/04/14 13:00:00 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/18 02:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5 [Disabled | Stopped])
[2001/08/18 03:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/04/14 13:06:40 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGPCPQ.SYS -- (agpCPQ [Disabled | Stopped])
[2001/08/18 02:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x [Disabled | Stopped])
[2001/08/18 03:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2 [Disabled | Stopped])
[2001/08/18 03:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx [Disabled | Stopped])
[2001/08/18 02:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/14 13:06:40 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ALIM1541.SYS -- (alim1541 [Disabled | Stopped])
[2008/04/14 13:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2001/08/18 02:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint [Disabled | Stopped])
[2001/08/18 02:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/18 02:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p [Disabled | Stopped])
[2001/08/18 02:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2001/08/18 02:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt [Disabled | Stopped])
[2001/08/18 02:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2008/09/27 07:06:21 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [On_Demand | Stopped])
[2001/08/18 02:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray [Disabled | Stopped])
[2001/08/18 02:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2001/08/18 02:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt [Disabled | Stopped])
[2007/12/03 11:13:48 | 00,011,264 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp [On_Demand | Running])
[2007/07/23 15:04:58 | 00,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2007/07/23 15:04:52 | 00,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2007/07/23 14:49:44 | 00,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [Boot | Running])
[2007/07/23 15:05:20 | 00,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM [Auto | Running])
[2007/07/23 15:04:50 | 00,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2007/07/23 15:04:54 | 00,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2007/07/23 15:04:52 | 00,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2007/07/23 14:49:44 | 00,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2007/07/23 15:04:56 | 00,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2007/07/23 15:04:56 | 00,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2001/08/18 03:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o [Disabled | Stopped])
[2007/07/23 14:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2007/07/23 14:43:42 | 00,052,000 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2008/09/17 10:55:42 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/04/14 13:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2001/08/18 03:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn [Disabled | Stopped])
[2008/04/14 13:11:24 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
[2008/04/14 13:11:24 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
[2008/01/31 22:23:42 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
[2001/08/18 02:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u [Disabled | Stopped])
[2008/01/31 22:20:36 | 04,637,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/14 13:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/11/20 01:04:50 | 00,008,960 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt [Auto | Running])
[2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Stopped])
[2007/01/23 15:45:00 | 00,033,296 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Stopped])
[2001/08/18 02:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/09/17 10:55:42 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081002.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/09/17 10:55:42 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081002.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2007/12/09 23:02:22 | 07,424,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/18 02:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2001/08/18 03:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2 [Disabled | Stopped])
[2001/08/18 03:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib [Disabled | Stopped])
[2008/04/14 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/26 03:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/18 02:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/18 02:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt [Disabled | Stopped])
[2001/08/18 02:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/18 02:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240 [Disabled | Stopped])
[2001/08/18 02:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2008/08/07 11:14:56 | 00,111,360 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
[2007/11/20 01:14:08 | 00,016,640 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN [On_Demand | Stopped])
[2005/12/19 20:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2005/12/19 20:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2008/04/14 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 13:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/18 03:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/04/11 17:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2001/08/18 03:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/18 03:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2006/05/05 16:19:50 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2006/06/02 22:22:32 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2006/06/02 22:22:36 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/18 03:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/18 03:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2008/09/24 23:16:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/08/18 02:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde [Disabled | Stopped])
[2001/08/18 02:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/14 13:00:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/14 13:06:42 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VIAAGP.SYS -- (viaagp [Disabled | Stopped])
[2008/04/14 13:10:32 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Disabled | Stopped])
[2005/05/19 13:51:02 | 00,021,504 | ---- | M] (InfoExpress) -- C:\WINDOWS\system32\drivers\viexca2k.sys -- (Viexca2k [Auto | Running])
[2005/05/24 12:55:48 | 00,424,479 | ---- | M] () -- C:\WINDOWS\system32\drivers\viexpf2k.sys -- (Viexpf2k [Auto | Running])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://go.microsoft.com/fwlink/?LinkId=54843
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=4080910
"Start Page"=http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=4080910

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=4080910
"Start Page"=http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=4080910

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://go.microsoft.com/fwlink/?LinkId=54843
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265486 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9198 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8169Diag"=C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw (Realtek)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"CyberArmorHelper"=C:\Program Files\CyberArmor\pcshelp.exe -check (InfoExpress)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"ECenter"=C:\Dell\E-Center\EULALauncher.exe ( )
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{3BA494B1-D507-4C11-9BDA-D47E1A65DFCF}: https://uk.dbrasweb.db.com/llclient/dbraswe....com+AXXPEE.dll -- Confidence Online for Web Applications
{41564D57-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/0/A...01F/wmvadvd.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{E5F5D008-DD2C-4D32-977D-1A0ADF03058B}: https://uk.dbrasweb.db.com/dana-cached/setu...perSetupSP1.cab -- JuniperSetupSP1 Control

========== (O17) DNS Name Servers ==========

{9CE1F3DE-AC09-4297-B0B7-A5FC121A6F2B} (Servers: | Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL cahooknt.dll
>[2008/09/09 22:34:02 | 00,111,616 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2005/05/19 14:33:20 | 00,135,168 | ---- | M] (InfoExpress) -- C:\WINDOWS\system32\cahooknt.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/04/25 22:29:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2008/10/03 00:18:39 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MATT\Desktop\OTViewIt.exe
[2008/10/02 23:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\MemTest
[2008/10/02 23:55:20 | 00,013,443 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\MemTest.zip
[2008/10/02 23:30:10 | 00,107,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/10/02 23:30:10 | 00,087,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/10/01 21:46:24 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/01 21:33:05 | 00,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\MATT\My Documents\R92578.EXE
[2008/09/30 23:46:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/09/30 22:09:19 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/27 07:29:57 | 00,305,323 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\RSIT.exe
[2008/09/26 00:08:33 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/09/25 23:57:17 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\MATT\Desktop\HijackThis.lnk
[2008/09/25 23:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/25 23:57:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MATT\My Documents\HJTInstall.exe
[2008/09/25 23:52:05 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\MATT\My Documents\~$rusProblem.rtf
[2008/09/25 23:43:35 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\aaw2008.exe
[2008/09/25 23:28:54 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\MATT\My Documents\stinger.exe
[2008/09/25 23:26:33 | 00,023,838 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\averttools.aspx
[2008/09/25 23:13:59 | 00,005,263 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\VirusProblem.rtf
[2008/09/25 22:56:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\OfficeUpdate12
[2008/09/25 22:55:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/09/25 22:48:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Yahoo!
[2008/09/25 01:11:47 | 00,000,000 | ---- | C] () -- C:\23990098.$$$
[2008/09/25 01:08:17 | 05,977,634 | ---- | C] () -- C:\WINDOWS\REGBK00.ZIP
[2008/09/25 01:07:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\zts2.exe
[2008/09/25 01:07:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\iifgfgf.dll
[2008/09/25 01:07:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\rundl132.dll
[2008/09/25 01:05:18 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2008/09/25 01:05:04 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TASKMGR.COM
[2008/09/25 01:05:04 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2008/09/25 01:05:03 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\REGEDIT.COM
[2008/09/25 01:05:03 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2008/09/25 01:05:02 | 00,436,543 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\pinfect.zip
[2008/09/25 01:04:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2008/09/25 01:03:00 | 40,255,584 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\mwav.exe
[2008/09/24 23:36:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Malwarebytes
[2008/09/24 23:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/24 23:35:15 | 02,189,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MATT\My Documents\mbam-setup.exe
[2008/09/24 23:30:04 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/09/24 23:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/24 23:03:10 | 00,000,935 | ---- | C] () -- C:\Documents and Settings\MATT\Desktop\Spybot - Search & Destroy.lnk
[2008/09/24 23:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/09/24 23:03:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/09/24 22:50:58 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/09/24 22:50:58 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/09/24 22:50:58 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/09/24 22:50:58 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/09/24 22:50:58 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/09/24 22:50:58 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/09/24 22:50:57 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/24 22:50:57 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/09/24 22:50:57 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/09/24 22:48:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2008/09/24 22:20:54 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2008/09/24 22:19:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/09/24 22:05:46 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2008/09/24 22:05:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2008/09/24 21:51:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Windows Search
[2008/09/24 21:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\Identities
[2008/09/24 21:45:31 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2008/09/24 21:45:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/24 21:45:13 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2008/09/24 21:45:13 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2008/09/24 21:45:13 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/09/24 21:45:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/09/24 21:44:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/09/24 21:44:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/09/24 21:43:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/09/23 22:52:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/09/17 21:41:25 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/17 21:41:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/09/17 21:40:34 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/17 21:40:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/09/17 21:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/09/17 21:39:11 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MATT\My Documents\wmp11-windowsxp-x86-enu.exe
[2008/09/17 21:36:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\New Folder
[2008/09/16 23:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\WinBoard-4.2.7
[2008/09/16 23:35:34 | 06,213,290 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\winboard-4_2_7b.exe
[2008/09/15 23:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\Spectaculator
[2008/09/15 23:58:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Spectaculator
[2008/09/15 23:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD30FA91
[2008/09/15 23:15:32 | 00,921,654 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\Niagara.bmp
[2008/09/15 23:15:31 | 00,109,056 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\loftbathroom.xls
[2008/09/15 23:15:31 | 00,106,496 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\mainbathroom.xls
[2008/09/15 23:15:28 | 00,015,645 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\aaaa Party Wall Letter 1.RTF
[2008/09/15 23:15:28 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\backupreg.reg
[2008/09/15 23:15:27 | 07,891,484 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\a95z.zip
[2008/09/15 23:15:27 | 00,027,223 | ---- | C] () -- C:\Documents and Settings\MATT\My Documents\10018621.jpg
[2008/09/15 23:15:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\MATT\My Documents\~$rwichUnion05.doc
[2008/09/15 23:15:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\Updater5
[2008/09/15 23:15:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\My Webs
[2008/09/15 23:15:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\My Received Files
[2008/09/15 23:03:17 | 00,000,000 | ---D | C] -- C:\Program Files\Elite2
[2008/09/15 23:02:29 | 00,000,000 | ---D | C] -- C:\Program Files\spectaculator.com
[2008/09/15 22:58:57 | 00,000,000 | ---D | C] -- C:\Maps
[2008/09/15 22:35:48 | 16,208,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/09/14 21:15:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2008/09/14 19:32:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\oracle_code
[2008/09/14 19:24:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\DivX
[2008/09/14 19:24:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\payslips
[2008/09/14 19:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\Wedding
[2008/09/14 19:16:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\Downloads
[2008/09/14 18:54:28 | 00,000,000 | --SD | C] -- C:\Documents and Settings\MATT\My Documents\My DVDs
[2008/09/14 18:54:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\Map Overlays
[2008/09/14 18:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\JubileeWalk
[2008/09/14 18:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\Java 2 SDK, Standard Edition, Installation Notes_files
[2008/09/14 18:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\Interprint Albums
[2008/09/14 18:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\HA Rental Voucher (GBR 8985442)_files
[2008/09/14 18:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\My Documents\Elite Manual_files
[2008/09/14 10:48:49 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\MATT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 00:19:33 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2008/09/14 00:15:15 | 05,362,832 | -H-- | C] () -- C:\Documents and Settings\MATT\Local Settings\Application Data\IconCache.db
[2008/09/13 23:58:25 | 00,127,034 | R--- | C] (BackWeb Technologies Inc. ) -- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
[2008/09/13 23:57:55 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2008/09/13 23:57:54 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2008/09/13 23:57:26 | 01,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01005.dll
[2008/09/13 23:57:26 | 00,101,136 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\KHALMNPR.Exe
[2008/09/13 23:57:26 | 00,035,344 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidFilt.Sys
[2008/09/13 23:57:26 | 00,033,296 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LMouFilt.Sys
[2008/09/13 23:57:01 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2008/09/13 23:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2008/09/13 23:50:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2008/09/13 23:50:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Real
[2008/09/13 23:42:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Apple Computer
[2008/09/13 23:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/13 23:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/09/13 23:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\Apple
[2008/09/13 23:41:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/09/13 23:41:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/09/13 23:40:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\Apple Computer
[2008/09/13 23:06:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/13 23:06:27 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2008/09/13 23:05:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2008/09/13 22:53:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\null
[2008/09/13 22:52:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\SupportSoft
[2008/09/13 22:38:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Macromedia
[2008/09/13 22:34:46 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2008/09/13 22:34:41 | 00,001,550 | ---- | C] () -- C:\Documents and Settings\MATT\Desktop\CCleaner.lnk
[2008/09/13 22:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/09/13 22:27:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/13 22:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla
[2008/09/13 22:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Mozilla
[2008/09/13 22:27:50 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/09/13 22:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/09/13 22:26:50 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/13 22:25:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/13 22:25:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\CyberLink
[2008/09/13 22:23:25 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/13 22:23:25 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/09/13 22:22:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/09/13 22:20:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/09/13 22:17:32 | 00,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/09/13 22:17:23 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/09/13 22:17:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2008/09/13 22:15:04 | 00,424,479 | ---- | C] () -- C:\WINDOWS\System32\drivers\viexpf2k.sys
[2008/09/13 22:15:04 | 00,151,552 | ---- | C] (InfoExpress) -- C:\WINDOWS\System32\cahookd.dll
[2008/09/13 22:15:04 | 00,135,168 | ---- | C] (InfoExpress) -- C:\WINDOWS\System32\cahooknt.dll
[2008/09/13 22:15:04 | 00,065,536 | ---- | C] (InfoExpress) -- C:\WINDOWS\System32\pcsldr.exe
[2008/09/13 22:15:04 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\vsctool.dll
[2008/09/13 22:15:04 | 00,021,504 | ---- | C] (InfoExpress) -- C:\WINDOWS\System32\drivers\viexca2k.sys
[2008/09/13 22:15:04 | 00,000,000 | ---D | C] -- C:\Program Files\CyberArmor
[2008/09/13 22:11:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\Symantec
[2008/09/13 22:10:42 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2008/09/13 22:10:42 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2008/09/13 22:10:40 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2008/09/13 22:10:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2008/09/13 22:10:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/09/13 21:56:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Juniper Networks
[2008/09/13 21:53:31 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2008/09/13 21:53:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\WholeSecurity
[2008/09/13 21:53:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/09/13 21:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Adobe
[2008/09/13 21:46:33 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\MATT\Desktop\Windows Media Player.lnk
[2008/09/13 21:46:32 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/09/13 21:46:28 | 00,033,416 | ---- | C] () -- C:\Documents and Settings\MATT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/13 21:46:28 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\MATT\Start Menu\Programs\Startup\desktop.ini
[2008/09/13 21:46:28 | 00,000,075 | -HS- | C] () -- C:\Documents and Settings\MATT\My Documents\desktop.ini
[2008/09/13 21:46:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\MATT\Application Data\desktop.ini
[2008/09/13 21:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\InstallShield
[2008/09/13 21:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Identities
[2008/09/13 21:46:27 | 00,000,000 | --SD | C] -- C:\Documents and Settings\MATT\Application Data\Microsoft
[2008/09/13 21:46:27 | 00,000,000 | R--D | C] -- C:\Documents and Settings\MATT\My Documents\My Videos
[2008/09/13 21:46:27 | 00,000,000 | R--D | C] -- C:\Documents and Settings\MATT\My Documents\My Pictures
[2008/09/13 21:46:27 | 00,000,000 | R--D | C] -- C:\Documents and Settings\MATT\My Documents\My Music
[2008/09/13 21:46:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\PowerDVD DX
[2008/09/13 21:46:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\Microsoft
[2008/09/13 21:46:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\ApplicationHistory
[2008/09/13 21:46:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Local Settings\Application Data\Adobe
[2008/09/13 21:46:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MATT\Application Data\Sun
[2008/09/13 21:42:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/09/13 21:38:41 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2008/09/10 11:26:32 | 00,161,093 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/10 11:26:29 | 00,017,737 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/09/10 11:25:53 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/09/10 11:25:53 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/09/10 11:25:52 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/09/10 11:25:52 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/09/10 11:25:51 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2008/09/10 11:25:51 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/09/10 11:25:50 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/09/10 11:25:50 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/09/10 11:25:49 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/09/10 11:25:49 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/09/10 11:25:48 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/09/10 11:25:48 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/09/10 11:25:47 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/09/10 11:25:47 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/09/10 11:25:47 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/09/10 11:25:47 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/09/10 11:25:46 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys
[2008/09/10 11:25:46 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2008/09/10 11:25:44 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys
[2008/09/10 11:25:44 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2008/09/10 11:25:43 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
[2008/09/10 11:25:43 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2008/09/10 11:25:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2008/09/10 11:25:39 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/09/10 11:25:39 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/09/10 11:25:39 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2008/09/10 11:25:39 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2008/09/10 11:25:38 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/09/10 11:25:38 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/09/10 11:25:38 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/09/10 11:25:38 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/09/10 11:25:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2008/09/10 11:25:13 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2008/09/10 11:25:13 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2008/09/10 07:21:19 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/09/10 07:21:11 | 00,004,185 | RH-- | C] () -- C:\dell.sdr
[2008/09/10 07:20:36 | 00,111,360 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2008/09/10 07:20:35 | 02,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2008/09/10 07:20:31 | 00,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/09/10 07:20:31 | 00,000,000 | ---D | C] -- C:\drivers
[2008/09/10 07:20:30 | 02,986,038 | ---- | C] () -- C:\WINDOWS\Dell.bmp
[2008/09/10 07:20:30 | 00,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/09/10 07:20:27 | 00,004,185 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_Dell_VOS_VOSTRO_410.mrk
[2008/09/10 07:20:17 | 00,787,356 | ---- | C] () -- C:\WINDOWS\System32\OEMBKGN1.BMP
[2008/09/10 07:20:17 | 00,096,310 | ---- | C] () -- C:\WINDOWS\System32\DELLWALL.BMP
[2008/09/10 07:20:17 | 00,005,134 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP
[2008/09/10 07:20:17 | 00,001,207 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/10 07:20:12 | 00,000,000 | ---D | C] -- C:\DELL
[2008/09/09 22:38:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/09 22:38:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/09/09 22:38:01 | 00,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2008/09/09 22:36:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/09/09 22:36:43 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2008/09/09 22:36:43 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll
[2008/09/09 22:36:43 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/09/09 22:36:43 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/09/09 22:36:43 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2008/09/09 22:36:43 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2008/09/09 22:36:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/09/09 22:36:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2008/09/09 22:36:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/09/09 22:36:07 | 00,001,962 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2008/09/09 22:36:05 | 00,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2008/09/09 22:35:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2008/09/09 22:34:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/09 22:34:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/09/09 22:33:57 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2008/09/09 22:33:51 | 00,108,752 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS
[2008/09/09 22:33:51 | 00,098,448 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS
[2008/09/09 22:33:51 | 00,093,552 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS
[2008/09/09 22:33:51 | 00,052,000 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DRVNDDM.SYS
[2008/09/09 22:33:51 | 00,037,360 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS
[2008/09/09 22:33:51 | 00,032,848 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS
[2008/09/09 22:33:51 | 00,030,064 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS
[2008/09/09 22:33:51 | 00,027,216 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS
[2008/09/09 22:33:51 | 00,016,304 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS
[2008/09/09 22:33:51 | 00,014,576 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS
[2008/09/09 22:33:51 | 00,009,104 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS
[2008/09/09 22:33:51 | 00,001,109 | ---- | C] () -- C:\WINDOWS\System32\drivers\PConfig.DCF
[2008/09/09 22:33:51 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/09 22:33:47 | 00,000,000 | ---D | C] -- C:\Program Files\Sonic
[2008/09/09 22:33:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2008/09/09 22:33:38 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2008/09/09 22:33:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2008/09/09 22:33:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/09/09 22:33:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/09/09 22:33:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2008/09/09 22:33:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2008/09/09 22:33:10 | 00,011,264 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\diag69xp.sys
[2008/09/09 22:33:07 | 00,059,392 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RTLVLAN_NB.DLL
[2008/09/09 22:33:07 | 00,016,640 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS
[2008/09/09 22:33:07 | 00,008,960 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\LANPkt.sys
[2008/09/09 22:33:07 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2008/09/09 22:33:03 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2008/09/09 22:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2008/09/09 22:32:49 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/09/09 22:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/09/09 22:31:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2008/09/09 22:31:56 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2008/09/09 22:29:15 | 34,877,44000 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/09 22:29:08 | 00,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2008/09/09 22:29:08 | 00,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2008/09/09 22:29:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2008/09/05 23:30:42 | 00,241,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll
[2008/09/05 23:30:42 | 00,241,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wgaLogon.dll
[2008/09/05 23:29:58 | 00,917,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2008/09/05 23:29:58 | 00,917,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2008/10/03 00:18:41 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MATT\Desktop\OTViewIt.exe
[2008/10/03 00:15:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/03 00:15:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 00:15:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/03 00:15:01 | 34,877,44000 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/02 23:55:21 | 00,013,443 | ---- | M] () -- C:\Documents and Settings\MATT\My Documents\MemTest.zip
[2008/10/01 22:27:56 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\MATT\My Documents\aaw2008.exe
[2008/10/01 21:33:08 | 00,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\MATT\My Documents\R92578.EXE
[2008/10/01 00:17:54 | 00,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/30 23:46:03 | 00,000,538 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/30 23:44:36 | 00,440,742 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/30 23:44:36 | 00,071,776 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/27 07:52:30 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\MATT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 07:30:00 | 00,305,323 | ---- | M] () -- C:\Documents and Settings\MATT\My Documents\RSIT.exe
[2008/09/27 07:06:21 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2008/09/27 07:01:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2008/09/26 00:41:18 | 00,005,263 | ---- | M] () -- C:\Documents and Settings\MATT\My Documents\VirusProblem.rtf
[2008/09/25 23:57:17 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\MATT\Desktop\HijackThis.lnk
[2008/09/25 23:57:02 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MATT\My Documents\HJTInstall.exe
[2008/09/25 23:52:05 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\MATT\My Documents\~$rusProblem.rtf
[2008/09/25 23:29:10 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\MATT\My Documents\stinger.exe
[2008/09/25 23:26:33 | 00,023,838 | ---- | M] () -- C:\Documents and Settings\MATT\My Documents\averttools.aspx
[2008/09/25 01:11:47 | 00,000,000 | ---- | M] () -- C:\23990098.$$$
[2008/09/25 01:08:52 | 05,977,634 | ---- | M] () -- C:\WINDOWS\REGBK00.ZIP
[2008/09/25 01:05:18 | 00,000,027 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2008/09/25 01:05:02 | 00,436,543 | ---- | M] () -- C:\Documents and Settings\MATT\My Documents\pinfect.zip
[2008/09/25 01:04:11 | 40,255,584 | ---- | M] () -- C:\Documents and Settings\MATT\My Documents\mwav.exe
[2008/09/24 23:58:57 | 00,265,486 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/24 23:35:52 | 02,189,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\MATT\My Documents\mbam-setup.exe
[2008/09/24 23:16:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/24 23:03:10 | 00,000,935 | ---- | M] () -- C:\Documents and Settings\MATT\Desktop\Spybot - Search & Destroy.lnk
[2008/09/24 22:05:46 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2008/09/24 21:47:57 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\MATT\My Documents\desktop.ini
[2008/09/24 21:45:33 | 00,543,900 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/19 22:06:14 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/19 22:06:14 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/17 21:42:43 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\MATT\Desktop\Windows Media Player.lnk
[2008/09/17 21:40:52 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/17 21:40:34 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/17 21:39:53 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MATT\My Documents\wmp11-windowsxp-x86-enu.exe
[2008/09/16 23:35:53 | 06,213,290 | ---- | M] () -- C:\Documents and Settings\MATT\My Documents\winboard-4_2_7b.exe
[2008/09/14 19:43:23 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/09/14 00:32:15 | 05,362,832 | -H-- | M] () -- C:\Documents and Settings\MATT\Local Settings\Application Data\IconCache.db
[2008/09/13 23:58:25 | 00,127,034 | R--- | M] (BackWeb Technologies Inc. ) -- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
[2008/09/13 23:57:55 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2008/09/13 23:57:54 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2008/09/13 22:34:42 | 00,001,550 | ---- | M] () -- C:\Documents and Settings\MATT\Desktop\CCleaner.lnk
[2008/09/13 22:27:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/09/13 22:27:50 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/09/13 22:25:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2008/09/13 22:17:32 | 00,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/09/13 21:46:06 | 00,000,501 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/09/13 21:46:03 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/09/13 21:45:29 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2008/09/13 21:38:41 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2008/09/10 11:27:35 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/10 07:21:11 | 00,004,185 | RH-- | M] () -- C:\dell.sdr
[2008/09/10 07:20:28 | 00,001,207 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/10 07:20:27 | 00,004,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_Dell_VOS_VOSTRO_410.mrk
[2008/09/09 22:38:03 | 00,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2008/09/09 22:38:01 | 00,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2008/09/09 22:37:46 | 00,033,416 | ---- | M] () -- C:\Documents and Settings\MATT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/09 22:36:07 | 00,001,962 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2008/09/09 22:33:51 | 00,000,234 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/09 22:29:08 | 00,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2008/09/09 22:29:08 | 00,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2008/09/09 22:28:58 | 00,161,093 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/05 23:30:42 | 00,241,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll
[2008/09/05 23:30:42 | 00,241,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wgaLogon.dll
[2008/09/05 23:30:06 | 01,480,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.dll
[2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe
< End of report >

Extras.txt:

OTViewIt Extras logfile created on: 03/10/2008 00:19:26 - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\MATT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.00 Gb Total Space | 268.49 Gb Free Space | 90.10% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 297.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POLLY
Current User Name: MATT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 13:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 13:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 13:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 13:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/12/28 04:39:00 | 00,120,192 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\MATT\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/11/28 03:19:22 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}"=Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}"=Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}"=Roxio Creator Data
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}"=Symantec AntiVirus
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{83FFCFC7-88C6-41C6-8752-958A45325C82}"=Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}"=Diagnostics Utility
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}"=Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"CCleaner"=CCleaner (remove only)
"CyberArmor"=CyberArmor
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"HijackThis / CWShredder Installer_is1"=HijackThis / CWShredder Installer 1.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.2)"=Mozilla Firefox (3.0.2)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"SearchAssist"=SearchAssist
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE"=Confidence Online™ for Web Applications
"Juniper_Term_Services"=Juniper Terminal Services Client

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE"=Confidence Online™ for Web Applications
"Juniper_Term_Services"=Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/09/2008 19:22:28 | Computer Name = POLLY | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 25/09/2008 19:22:49 | Computer Name = POLLY | Source = Windows Search Service | ID = 3013
Description =

Error - 25/09/2008 19:27:53 | Computer Name = POLLY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module psscoms.dll, version 1.5.1.0, fault address 0x00005902.

Error - 27/09/2008 02:00:53 | Computer Name = POLLY | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec AntiVirus has determined that the virus definitions are missing
on this computer. This computer will remain unprotected from viruses until virus
definitions are downloaded to this computer.

Error - 27/09/2008 02:01:01 | Computer Name = POLLY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module unknown, version 0.0.0.0, fault address 0x5fe1487c.

Error - 27/09/2008 02:02:27 | Computer Name = POLLY | Source = Application Error | ID = 1000
Description = Faulting application crashreporter.exe, version 1.9.0.3180, faulting
module unknown, version 0.0.0.0, fault address 0x0020102d.

Error - 27/09/2008 02:08:50 | Computer Name = POLLY | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module tquery.dll, version 7.0.6001.16503, fault address 0x0001ec90.

Error - 27/09/2008 02:09:43 | Computer Name = POLLY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module schedsvc.dll, version 5.1.2600.5512, fault address 0x00007198.

Error - 27/09/2008 02:37:12 | Computer Name = POLLY | Source = LiveUpdate | ID = 2752571
Description =

Error - 27/09/2008 02:38:05 | Computer Name = POLLY | Source = LiveUpdate | ID = 2752571
Description =

[ System Events ]
Error - 30/09/2008 17:29:42 | Computer Name = POLLY | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e61f8650, parameter2 00000000, parameter3
ba579a13, parameter4 00000001.

Error - 30/09/2008 17:31:02 | Computer Name = POLLY | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000099, parameter2 0007d7d9, parameter3
00000000, parameter4 00000000.

Error - 30/09/2008 17:31:04 | Computer Name = POLLY | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 c0c8a97c, parameter2 00000000, parameter3
80505f07, parameter4 00000002.

Error - 30/09/2008 17:34:30 | Computer Name = POLLY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 30/09/2008 18:06:37 | Computer Name = POLLY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 30/09/2008 18:07:01 | Computer Name = POLLY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 30/09/2008 18:07:47 | Computer Name = POLLY | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 30/09/2008 18:12:01 | Computer Name = POLLY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 30/09/2008 18:27:56 | Computer Name = POLLY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 30/09/2008 18:28:23 | Computer Name = POLLY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:05 AM

Posted 02 October 2008 - 07:35 PM

Hello, ph31ms.
Do you recognise this file?
C:\Documents and Settings\MATT\My Documents\10018621.jpg

I need to see the contents of a directory to continue helping.
  • Go to Start -> Run, and type "notepad" into the box.
  • Press ok.
  • Copy and paste the following code into notepad:
    set FILEPATH="C:\Documents and Settings\MATT\My Documents\New Folder"
    dir %FILEPATH% /C /N /O:-D /S  /4 > "%USERPROFILE%\Desktop\DirectoryList.txt"
    "%USERPROFILE%\Desktop\DirectoryList.txt"
    del "%USERPROFILE%\Desktop\DirectoryList.txt"
    del fix.bat
  • Go to File -> Save
  • To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
  • Enter fix.bat into the "File name:" box just above the "Save as Type" box.
  • Double click fix.bat on your desktop.
  • Copy and paste the logfile that opens back here.
We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
Javaô 6 Update 5

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    :files
    C:\Documents and Settings\MATT\My Documents\R92578.EXE
    C:\23990098.$$$
    C:\WINDOWS\REGBK00.ZIP
    C:\WINDOWS\zts2.exe
    C:\WINDOWS\System32\iifgfgf.dll
    C:\WINDOWS\rundl132.dll
    C:\WINDOWS\Lic.xxx
    C:\WINDOWS\System32\TASKMGR.COM
    C:\WINDOWS\System32\T.COM
    C:\WINDOWS\REGEDIT.COM
    C:\WINDOWS\R.COM
    C:\Documents and Settings\MATT\My Documents\pinfect.zip
    C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    C:\Documents and Settings\All Users\Application Data\TEMP
    C:\WINDOWS\System32\null
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • Log produced when running the file to list the directory.
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 ph31ms

ph31ms
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 03 October 2008 - 06:04 PM

Hi Billy

I do recognize that file ( C:\Documents and Settings\MATT\My Documents\10018621.jpg ) ... just a photo of the New York skyline.

Here's the logs

Directory List


Volume in drive C is OS
Volume Serial Number is A21C-F266

Directory of C:\Documents and Settings\MATT\My Documents\New Folder

17/09/2008 21:36 <DIR> ..
17/09/2008 21:36 <DIR> .
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 288,206,471,168 bytes free

OTMoveIt3 log

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-3849374362-3465811539-897560328-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
========== FILES ==========
C:\Documents and Settings\MATT\My Documents\R92578.EXE moved successfully.
C:\23990098.$$$ moved successfully.
C:\WINDOWS\REGBK00.ZIP moved successfully.
C:\WINDOWS\zts2.exe moved successfully.
C:\WINDOWS\System32\iifgfgf.dll moved successfully.
C:\WINDOWS\rundl132.dll moved successfully.
C:\WINDOWS\Lic.xxx moved successfully.
C:\WINDOWS\System32\TASKMGR.COM moved successfully.
C:\WINDOWS\System32\T.COM moved successfully.
C:\WINDOWS\REGEDIT.COM moved successfully.
C:\WINDOWS\R.COM moved successfully.
C:\Documents and Settings\MATT\My Documents\pinfect.zip moved successfully.
C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP moved successfully.
C:\WINDOWS\System32\null moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\MATT\LOCALS~1\Temp\etilqs_bbXFqCqAYsKVG6T6yPmR scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MATT\LOCALS~1\Temp\etilqs_h3GWj4gCaC6GDWUyGrIF scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MATT\LOCALS~1\Temp\etilqs_h3GWj4gCaC6GDWUyGrIF-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MATT\LOCALS~1\Temp\~DF8E33.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MATT\LOCALS~1\Temp\~DFD638.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MATT\LOCALS~1\Temp\~DFE580.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10032008_211714

Files moved on Reboot...
File C:\DOCUME~1\MATT\LOCALS~1\Temp\etilqs_bbXFqCqAYsKVG6T6yPmR not found!
File C:\DOCUME~1\MATT\LOCALS~1\Temp\etilqs_h3GWj4gCaC6GDWUyGrIF not found!
File C:\DOCUME~1\MATT\LOCALS~1\Temp\etilqs_h3GWj4gCaC6GDWUyGrIF-journal not found!
C:\DOCUME~1\MATT\LOCALS~1\Temp\~DF8E33.tmp moved successfully.
C:\DOCUME~1\MATT\LOCALS~1\Temp\~DFD638.tmp moved successfully.
C:\DOCUME~1\MATT\LOCALS~1\Temp\~DFE580.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\MATT\Local Settings\Application Data\Mozilla\Firefox\Profiles\mv72kal7.default\XUL.mfl moved successfully.


ESET log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3494 (20081003)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=aacd7b60f97f754d82c04545d6ac01d6
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-03 10:51:56
# local_time=2008-10-03 11:51:56 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=361168
# found=0
# scan_time=6303

and finally, the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:59:40, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberArmor\casvc.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\CyberArmor\pcshelp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...?channel=uk-smb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe -check
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://uk.dbrasweb.db.com/llclient/dbraswe....com+AXXPEE.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://uk.dbrasweb.db.com/dana-cached/setu...perSetupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL cahooknt.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8208 bytes

Thanks for all the help so far.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:05 AM

Posted 03 October 2008 - 08:16 PM

Hello, ph31ms.

Alrighty.... that looks pretty good :thumbsup:

Just one more thing to deal with :)

Download FileFind.zip and unzip to your desktop.
  • Double-click FindFile.exe
  • In the box labeled "Enter the directory to search" enter the Drive: C:\
  • In the box labeled "Enter the File to Search" ALCMTR.EXE to search for the file(s).
  • Click "Find" to begin the search.
  • When the search is done, it will list the total number of files found.
  • Double-click on "Export"
  • This will create and save a text file named export.txt in the root of your C:\ directory.
  • Locate export.txt and copy/paste its contents in your next post.
In your next reply, please include the following:
  • FileFind log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 ph31ms

ph31ms
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 04 October 2008 - 09:24 AM

Here's the FileFind log:

C:\drivers\audio\R175894\Alcmtr.exe - 69632 Bytes
C:\WINDOWS\ALCMTR.EXE - 69632 Bytes

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:05 AM

Posted 04 October 2008 - 02:45 PM

Hello, ph31ms.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\drivers\audio\R175894\Alcmtr.exe
    C:\WINDOWS\ALCMTR.EXE
    :REG
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"=-
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 ph31ms

ph31ms
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 05 October 2008 - 03:14 AM

Hi Billy

Here's the OTMoveIT3 log

========== FILES ==========
C:\drivers\audio\R175894\Alcmtr.exe moved successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10052008_085134

and the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:08:19, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CyberArmor\casvc.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\CyberArmor\pcshelp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...?channel=uk-smb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe -check
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://uk.dbrasweb.db.com/llclient/dbraswe....com+AXXPEE.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://uk.dbrasweb.db.com/dana-cached/setu...perSetupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL cahooknt.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8041 bytes

#12 ph31ms

ph31ms
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 05 October 2008 - 03:18 AM

Probably should also mention that firefox is still crashing regularly :thumbsup: , and on startup I've started getting a message like

"One of the files containing the system registry data had to be recovered by use of a log or alternative copy. The .... was successful"

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:05 AM

Posted 05 October 2008 - 09:27 AM

Hello, ph31ms.

That really sounds like a hardware problem... not something I honestly know how to repair. You should probably post in the Windows XP Forum in order to help resolve this issue. Malware-wise you look clean.

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 ph31ms

ph31ms
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 06 October 2008 - 05:50 AM

Hi Billy

Many thanks for all your help .. it's really appreciated that you volunteered your time to look at this

:thumbsup:

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:05 AM

Posted 06 October 2008 - 06:12 AM

Hello, ph31ms.
You're welcome :thumbsup:

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users